Currently, wasm memory and wasm code use a shared limit for the total
size of reservations. This can cause wasm code reservations to fail
because wasm memories used all available reservation space.
This CL introduces a soft limit which is used when allocating wasm
memory with full guards. If this limit is reached and the respective
flag is set, we fall back to allocation without full guards and check
against the hard limit. Code reservations always check against the hard
limit.
R=ahaas@chromium.org
Bug: v8:8196
Change-Id: I3fcbaeaa6f72c972d408d291af5d6b788d43151d
Reviewed-on: https://chromium-review.googlesource.com/1233614
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56028}
IIFE`s within a function are not guaranteed to be executed only once.
They can be called multiple times and compiler can inline them.
Do the one-shot optimizations only for IIFE`s from top-level code.
Bug: v8:8072, chromium:886580
Change-Id: I02370681cc3eab270edcc75ee120ca7ad768ed52
Reviewed-on: https://chromium-review.googlesource.com/1231174
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56024}
Teach TurboFan about representation changes from Float64 to Word64 where
the input value is already known to be within the Int64 or Uint64 range.
While not all of these values have representations in Float64, those
that do can be converted to Word64 without loss of precision.
Same is true for Tagged to Word64 conversions, although here we don't
(currently) need the case for Uint64 ranges, so we can skip adding an
operator for that until it becomes necessary (there's a hard check in
the code so it'll not silently cause trouble).
Bug: v8:8178
Change-Id: Ie99b0bc9af096bd927f63b26b0a61e66454bc4ae
Reviewed-on: https://chromium-review.googlesource.com/1231593
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56022}
The JSTypedArray instance is created early on in the TypedArray
constructors, using EmitFastNewObject, which puts Undefined into
all slots. But the code might still produce an exception afterwards
leaving the JSTypedArray in a weird state. It's not a security issue
since the object doesn't escape, but it confuses the heap verifier.
Bug: chromium:885404, v8:4153, v8:7881, v8:8171
Change-Id: I5fb8131fcae69edf4a92602ed477dca305c3d6c7
Reviewed-on: https://chromium-review.googlesource.com/1233257
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56019}
The flag was not used anymore and any CollectGarbage call will finalize
marking.
Change-Id: I29ee60b187c9038acc4b42b8334546498f54f117
Reviewed-on: https://chromium-review.googlesource.com/1228013
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56018}
The test allocates a code object of maximum size. This was recently
increased to 1GB. This makes the test run OOM on some native arm and
mips devices.
TBR=ahaas@chromium.org
No-Try: true
Change-Id: Ie6cc50e92493c341c3205e9a6efa547d3d489275
Reviewed-on: https://chromium-review.googlesource.com/1233333
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56013}
This CL introduces the global default microtask queue as the replacement
of Heap::microtask_queue and Isolate::pending_microtask_count.
Bug: v8:8124
Change-Id: I0a6a7618a1a6ca7ceaf370dc15917a6b3690542c
Reviewed-on: https://chromium-review.googlesource.com/1226760
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56012}
V8 does not abort incremental marking anymore.
Bug: chromium:843903
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Id39e9cf8ef2afc388bab2bbad1d458ee2649f8e8
Reviewed-on: https://chromium-review.googlesource.com/1226889
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56009}
This is the next step to support large array buffers. On 64-bit archs
the full safe integer range is available (up to 2^53-1 bytes in theory).
On 32-bit platforms the full Unsigned31 range is allowed, so that we can
continue to use CheckBounds for typed arrays and data views in the
optimizing compiler (it's generally unlikely that the kernel will give
you more than 1GiB of contiguous memory anyways).
Drive-by-fix: This introduces proper chokepoints for the byte_offset
and byte_length accesses in the CSA code, and also does some renaming
for consistency.
Bug: v8:4153, v8:7881, v8:8171
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I92a767638532ca9f86084398ce72556c5180cc6e
Reviewed-on: https://chromium-review.googlesource.com/1228377
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56008}
Handle the case when one or both of the output nodes of an I64Atomic op
are optimized, for code-gen instructions that use a set of fixed
registers, use temp registers to ensure the registers are not
clobbered.
BUG:v8:6532
Change-Id: I52763c48d615cdf3ae8d754402b11da2df31a4a1
Reviewed-on: https://chromium-review.googlesource.com/1195910
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56004}
The WasmMemoryTracker keeps track of reserved memory in order to avoid
running out of virtual address space. So far, we were only tracking
reservations for wasm memory, and not for code. This CL changes that to
also include code reservations.
Drive-by: Some cleanup around the allocation of the WasmCodeManager.
R=titzer@chromium.org
Bug: chromium:883639
Change-Id: I0c2586a742022ae00752132e048346d54e2a1a7c
Reviewed-on: https://chromium-review.googlesource.com/1230134
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56001}
If type checks in simplified lowering produced dead value (i.e., of
type Type::None()), we have only propagated deadness along value
edges. With this CL, we also insert an Unreachable node after every
effectful node that produces dead value.
This is more consistent with dead code elimination, which also inserts
unreachable nodes after effectful nodes with value output None.
Bug: chromium:884052
Change-Id: Idcb168461f05f1811b2c9c16ab8ff179b259fbd3
Reviewed-on: https://chromium-review.googlesource.com/1228125
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55987}
Word8 and Word16 representation is treated like Word32 for the sake of
TurboFan's representation selection, but this was missing from the
Word64 conversions.
Bug: chromium:884933, v8:4153, v8:7881, v8:8171, v8:8178
Change-Id: If7b69cdd02b12546d87bba0643e9ee9cb35cb299
Reviewed-on: https://chromium-review.googlesource.com/1229953
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55983}
Temporarily disable one-shot optimization for
debug-evaluate-no-side-effect-builtins-2 to fix the gc stress test.
This issue will be fixed in the future CL
(https://chromium-review.googlesource.com/c/v8/v8/+/1196725)
that adds new bytecodes for loads and stores and one-shot optimizations
will be enabled again.
Change-Id: I6475557778da4553b5b6cbba1fda14c52d3dd91b
Reviewed-on: https://chromium-review.googlesource.com/1228063
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Cr-Commit-Position: refs/heads/master@{#55969}
Instead include it in the files that need to use it.
Change-Id: I2321f423ddcc1c0e779332c2e7d1a372bfb4ebbb
Reviewed-on: https://chromium-review.googlesource.com/1227305
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55964}
js-to-wasm wrappers check whether trap handlers are enabled
process-wide, but are independent of their actual usage in the current
instance. Thus remove this unneeded parameter.
R=mstarzinger@chromium.org
Bug: chromium:862123
Change-Id: I3793213864568b4e26eb3414239033491e4539f5
Reviewed-on: https://chromium-review.googlesource.com/1226974
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55961}
This is a reland of a4105a437d
Original change's description:
> [wasm] Implement handling of exported/imported exceptions.
>
> This implements the proper semantics for matching exported/imported
> exceptions by using the notion of an "exception tag" that is global to
> the system. It can be used to match exceptions in one module against
> exceptions declared and/or thrown in another module (or instance).
>
> R=clemensh@chromium.org
> TEST=mjsunit/wasm/exceptions-shared
> BUG=v8:8091
>
> Change-Id: I37586d7be5d5e6169b3418dfbc415b26dd4750dd
> Reviewed-on: https://chromium-review.googlesource.com/1226976
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55940}
Bug: v8:8091
Change-Id: Ib85f099b26a8323a8a00299b5aaeb05aaff3c3c6
Reviewed-on: https://chromium-review.googlesource.com/1227975
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55959}
We do not have to collect feedback for function calls in one-shot code.
This CL avoids allocating CallICslots for each function call by
emitting CallNoFeedback bytecodes. We save one CallICSlot (two entries
in feedback vector) per function call in One-shot.
Bug: v8:8072
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ic2580e5972acd5124c2e71d540985736ce797fe8
Reviewed-on: https://chromium-review.googlesource.com/1178051
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55951}
Abort incremental marking pulls in the requirement to also be able to abort on
the embedder side. In practice, aborting is never really needed and the GC
should just finalize the existing collection and do an atomic followup if exact
marking information is required.
Bug: chromium:843903
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ic471332d01b0c4be26b71a06248af03255c61a9d
Reviewed-on: https://chromium-review.googlesource.com/1225705
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55949}
VirtualMemory objects can be moved since https://crrev.com/c/1213062,
so there is no need any more to return them via pointer argument. This
also makes the {AllocVirtualMemory} and {AlignedAllocVirtualMemory}
functions superfluous.
R=ishell@chromium.org, titzer@chromium.org
Bug: v8:8015
Change-Id: Id72921e1c66a6c10be6647194603b8283e010e24
Reviewed-on: https://chromium-review.googlesource.com/1226972
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55947}
For NumberAdd/Subtract/Multiply we currently onlt consult the upper
bound to decide whether to compute using Int32 or Float64 operations,
whereas for NumberModulus, NumberEqual, etc. we do decide based on
the feedback types, where the only significant difference is that we
cannot promise Word32 truncations on the inputs.
This change unifies the handling for NumberAdd/Subtract/Multiply as
well, which triggers surprisingly often in our core benchmark suites..
Bug: v8:8015
Change-Id: If8ec1bc82d1e1b71285c829262a0d343a4eb2af7
Reviewed-on: https://chromium-review.googlesource.com/1226033
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55943}
This reverts commit a4105a437d.
Reason for revert: GC stress failures (https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Mac64%20GC%20Stress/3097)
Original change's description:
> [wasm] Implement handling of exported/imported exceptions.
>
> This implements the proper semantics for matching exported/imported
> exceptions by using the notion of an "exception tag" that is global to
> the system. It can be used to match exceptions in one module against
> exceptions declared and/or thrown in another module (or instance).
>
> R=clemensh@chromium.org
> TEST=mjsunit/wasm/exceptions-shared
> BUG=v8:8091
>
> Change-Id: I37586d7be5d5e6169b3418dfbc415b26dd4750dd
> Reviewed-on: https://chromium-review.googlesource.com/1226976
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55940}
TBR=mstarzinger@chromium.org,clemensh@chromium.org
Change-Id: I5ef19ea3b67f470f2d7807810110d75415ba9ed6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8091
Reviewed-on: https://chromium-review.googlesource.com/1227933
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55942}
This implements the proper semantics for matching exported/imported
exceptions by using the notion of an "exception tag" that is global to
the system. It can be used to match exceptions in one module against
exceptions declared and/or thrown in another module (or instance).
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-shared
BUG=v8:8091
Change-Id: I37586d7be5d5e6169b3418dfbc415b26dd4750dd
Reviewed-on: https://chromium-review.googlesource.com/1226976
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55940}
... as well as ScopeInfo::ContextLength.
Bug: v8:7790
Change-Id: I3ca8b6f252d96b21d0990f8fc08e076eeeea4176
Reviewed-on: https://chromium-review.googlesource.com/1226973
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55939}
This change introduces the necessary conversion operators to convert
from Word64 to other representations (Tagged, Word32, Float64, etc.),
and plugs in the Word64 representation for NumberAdd/NumberSubtract,
such that TurboFan will go to Int64Add/Sub on 64-bit architectures
when the inputs and the output of the operation is in safe integer
range. This includes the necessary changes to the Deoptimizer to be
able to rematerialize Int64 values as Smi/HeapNumber when going back
to Ignition later.
This change might affect performance, although measurements indicate
that there should be no noticable performance impact.
The goal is to have TurboFan support Word64 representation to a degree
that changing the TypedArray length to an uint64_t (for 64-bit archs)
becomes viable and doesn't have any negative performance implications.
Independent of that we might get performance improvements in other areas
such as for crypto code later.
Bug: v8:4153, v8:7881, v8:8171, v8:8178
Design-Document: bit.ly/turbofan-word64
Change-Id: I29d56e2a31c1bae61d04a89d29ea73f21fd49c59
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel
Reviewed-on: https://chromium-review.googlesource.com/1225709
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55937}
While investigating crbug.com/878742 I found that somehow the
MachineOperatorReducer lacks the ability to constant-fold
comparisons of Float64 constants, which obviously leads to
pretty weird code.
Bug: v8:8015
Change-Id: I7e18ce10e9d5c87f131fb083ccd3e1e336189dae
Reviewed-on: https://chromium-review.googlesource.com/1226132
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55935}
E.g., "ToWeakHeapObject" was misleading, since it didn't convert to a weak heap
object, instead returned a weakly pointed heap object. Change the function names
(in this case, to "GetHeapObjectIfWeak") to reflect this.
Also make casts explicit, if a MaybeObject is an Object, we can call cast<Object>().
Previous version: https://chromium-review.googlesource.com/1219025
BUG=v8:7308
TBR=ishell@chromium.org, ulan@chromium.org, ahaas@chromium.org, yangguo@chromium.org, tebbi@chromium.org
Change-Id: I503d4a2a3a68f85e9e02e1c2f9fc1c4187c8e9a1
Reviewed-on: https://chromium-review.googlesource.com/1226800
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55934}
This is a reland of 16816e53be
Bug: v8:8096
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I257fc391931a0a4bf01f2e8136183aaed044231c
Reviewed-on: https://chromium-review.googlesource.com/1226915
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55928}
This is a reland of 836773c0e3
Original change's description:
> Implement v8::internal::MicrotaskQueue::EnqueueMicrotask
>
> This adds `queue` and `pending_microtask_count` as members of
> v8::internal::MicrotaskQueue, and implements its EnqueueMicrotask.
> The implementation itself is similar to Isolate::EnqueueMicrotask.
>
> Bug: v8:8124
> Change-Id: Idb5c50b2add96b72cbe9e36aeec7cb568072f0cb
> Reviewed-on: https://chromium-review.googlesource.com/1205430
> Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55884}
Bug: v8:8124
Change-Id: Ibd32aec28c8fd9eab88904e62ba97a715295765d
Reviewed-on: https://chromium-review.googlesource.com/1226577
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55924}
Previously, DateTimeFormat.prototype.formatToParts returned an object
with the property key 'dayperiod' which is incorrect as per the spec.
This patch updates the property key to say 'dayPeriod', making this spec
compliant.
R=cira@chromium.org
Bug: chromium:865351
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I37f50797387bc69d5e29d7c2911bc5cc0fad37ac
Reviewed-on: https://chromium-review.googlesource.com/1145304
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: PhistucK <phistuck@gmail.com>
Cr-Commit-Position: refs/heads/master@{#55922}
This reverts commit ad72d19516.
Reason for revert: Build failures on *san
Original change's description:
> [in-place weak refs] Fix MaybeObject function names
>
> E.g., "ToWeakHeapObject" was misleading, since it didn't convert to a weak heap
> object, instead returned a weakly pointed heap object. Change the function names
> (in this case, to "GetHeapObjectIfWeak") to reflect this.
>
> Also make casts explicit, if a MaybeObject is an Object, we can call cast<Object>().
>
> BUG=v8:7308
>
> Change-Id: I4ef078572b4f4415afe7e2e706d3bd684e16e47d
> Reviewed-on: https://chromium-review.googlesource.com/1219025
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55906}
TBR=ulan@chromium.org,marja@chromium.org,yangguo@chromium.org,ahaas@chromium.org,tebbi@chromium.org,ishell@chromium.org
Change-Id: I054b578518e3f6fd7dbcddf0b56cc018726c1e7a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7308
Reviewed-on: https://chromium-review.googlesource.com/1226874
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55918}
E.g., "ToWeakHeapObject" was misleading, since it didn't convert to a weak heap
object, instead returned a weakly pointed heap object. Change the function names
(in this case, to "GetHeapObjectIfWeak") to reflect this.
Also make casts explicit, if a MaybeObject is an Object, we can call cast<Object>().
BUG=v8:7308
Change-Id: I4ef078572b4f4415afe7e2e706d3bd684e16e47d
Reviewed-on: https://chromium-review.googlesource.com/1219025
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55906}
This test was disabled because of flakes. This should be fixed now.
R=ahaas@chromium.org
Bug: v8:7872
Change-Id: I288f3776ca7f946caf20a66f1cdf5d37bd6ba245
Reviewed-on: https://chromium-review.googlesource.com/1224376
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55900}
The test debug-live-edit-recursion flakily fails predictable testing and should
match the status file rule debug-liveedit-* that skips the other ~10 liveedit
tests.
Bug: v8:8147
Change-Id: I9d88b44d97daa09914e0fa46fb204e85c1e7344c
Reviewed-on: https://chromium-review.googlesource.com/1224430
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55899}
This reverts commit 99e13e587e.
Reason for revert: Reverting in favor of a general mechanism for this in Torque.
Original change's description:
> [builtins] Add FastCallFunction builtin that elides some checks
>
> This CL adds a new "Call" stub that can be used by builtins that will
> call the same JS call-back function often (e.g. compare function in
> Array.p.sort). The checks have to be done upfront once, but can then
> be omitted.
>
> R=jgruber@chromium.org
>
> Bug: v8:7861
> Change-Id: Id6e4ca27c3d488a7b1f708cbcb4cbe6cc382513e
> Reviewed-on: https://chromium-review.googlesource.com/1208574
> Commit-Queue: Simon Zünd <szuend@google.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55769}
TBR=cbruni@chromium.org,jgruber@chromium.org,szuend@google.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:7861
Change-Id: I47260993ef2a16bd5348bb0b46da4d34d33ea10b
Reviewed-on: https://chromium-review.googlesource.com/1226871
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55897}
We are currently wrapping the pointer to the instruction start in a
Foreign. The argument buffer, which is also a raw pointer, is passed
directly though.
This CL changes this to also pass the code entry as a raw pointer.
R=mstarzinger@chromium.org
Change-Id: Id7344efa589a5297339ec01c3cfa7688bcc706b3
Reviewed-on: https://chromium-review.googlesource.com/1226970
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55895}
Reduce the number of workers in the atomic compare-exchange test to
make it run faster on systems with few cores.
Bug: v8:8164
Change-Id: I4de22863e1f2a44d9da4416161d08f5acfcece22
Reviewed-on: https://chromium-review.googlesource.com/1224771
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55887}
This adds support to TurboFan's representation selection for the Word64
representation, and makes use of that to handle indices for memory access
and allocation instructions (i.e. LoadElement, StoreElement, Allocate,
etc.). These instructions had previously used Word32 as representation
for the indices / sizes, and then internally converted it to the correct
representation (aka Word64 on 64-bit architectures) later on, but that
was kind of brittle, and sometimes led to weird generated code.
The change thus only adds support to convert integer values in the safe
integer range from all kinds of representations to Word64 (on 64-bit
architectures). We don't yet handle the opposite direction and none of
the representation selection heuristics for the numeric operations were
changed so far. This will be done in follow-up CLs.
This CL itself is supposed to be neutral wrt. functionality, and only
serves as a starting point, and a cleanup for the (weird) implicit
Word64 index/size handling.
Bug: v8:7881, v8:8015, v8:8171
Design-Document: http://bit.ly/turbofan-word64
Change-Id: I3c6961a0e96cbc3fb8ac9d3e1be8f2e5c89bfd25
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel
Reviewed-on: https://chromium-review.googlesource.com/1224932
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55886}
This adds `queue` and `pending_microtask_count` as members of
v8::internal::MicrotaskQueue, and implements its EnqueueMicrotask.
The implementation itself is similar to Isolate::EnqueueMicrotask.
Bug: v8:8124
Change-Id: Idb5c50b2add96b72cbe9e36aeec7cb568072f0cb
Reviewed-on: https://chromium-review.googlesource.com/1205430
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55884}
Also fix type-check to check receiver for JSReceiver, not JSObject,
and add a test for DateTimeFormat verifying that it already
has the proper behavior.
Bug: chromium:881023
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I950c86094dfb9634e0b7e49bcbbb022fa81a71f7
Reviewed-on: https://chromium-review.googlesource.com/1225612
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55880}
This CL enables source maps support for wasm. Devtools should
be able to pick up source_mapping_url parsed here and load the
corresponding source maps.
R=kozyatinskiy@chromium.org,clemensh@chromium.org,titzer@chromium.org,yangguo@chromium.org
BUG=v8:8081
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I1db0ff597d229e7db8d383fe9ee081c7fa4e7648
Reviewed-on: https://chromium-review.googlesource.com/1185973
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55878}
Previously the [[ArrayBufferByteLength]] internal field was represented
as a boxed number (i.e. either Smi or HeapNumber) in safe integer range.
This is the first step to change the representation of all the array
buffer and array buffer view length/offset fields to unboxed integers,
to eventually support the full range of 4GiB (and potentially even more)
for typed arrays and array buffers. This will allow WebAssembly memories
with 4GiB to be usable.
Tbr: yangguo@chromium.org
Bug: v8:7881, v8:8015, v8:8171
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ic6c6c8fe087afee898254cd903e82a55bfc173a9
Reviewed-on: https://chromium-review.googlesource.com/1222309
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55877}
It turned out that the original implementation was broken
from the beginning. This patch fixes the API to return
the correct one.
GetIncumbentContext was implemented at
https://chromium-review.googlesource.com/c/v8/v8/+/536728
Change-Id: Iba29171bac10ed82575a8079396768a9d5af3b13
Bug: chromium:883036
Reviewed-on: https://chromium-review.googlesource.com/1219368
Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55874}
This verifies that asm.js over the internal parameter count limit
does not crash. The internal limit is 1000 parameters, and the test
was using >3000 parameters. Reduce this down to 1005, and also
introduce a test which does not dynamically construct the string
and eval it, because the construction of this string takes time.
Mark the old test as slow in debug mode.
R=machenbach@chromium.org
BUG=v8:8165
Change-Id: Ib6ef5e1e58d3f37a71720fb59afa19464e7f2ff7
Reviewed-on: https://chromium-review.googlesource.com/1224057
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55860}
Adds a new stack trace API which overrides Error.prepareStackTrace.
Bug: v8:7637,v8:6974
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ie09e74485d81264359c264b2f4a05e9bfd76b2d9
Reviewed-on: https://chromium-review.googlesource.com/1119768
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55858}
It turns out that this function didn't make much sense since
ReduceTypeOf already dispatches on the type of the input.
Bug: v8:7790
Change-Id: Ib02149db78e507500bbe79e16380ea7de8c4abfe
Reviewed-on: https://chromium-review.googlesource.com/1219329
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55854}
Since trampolines and long branches are now PIC, these instructions
are not used anymore. Hence 256 MB alignment requirement can be
removed.
Change-Id: Ibdc51631a8c5efc97f058f09b809d3dc13a9f933
Reviewed-on: https://chromium-review.googlesource.com/1219022
Commit-Queue: Sreten Kovacevic <skovacevic@wavecomp.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#55852}
This is an unmodified reland of ece86adc6b.
Original change's description:
> [typedarray] Properly convert hole to undefined in TypedArray.from
>
> It used to call the old IterableToList, which had the wrong
> semantics for holes.
>
> Bug: v8:8133
> Change-Id: Idd5acd55a155bc43df7552135a44151bb2db38e9
> Reviewed-on: https://chromium-review.googlesource.com/1213204
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55745}
Tbr: petermarshall@chromium.org
Bug: v8:8133
Change-Id: I91c1eaf61cbcc29116e3a6cc3415f29cfba3561e
Reviewed-on: https://chromium-review.googlesource.com/1223007
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55846}
This also fixes a use where it should be a public name. For public
names, we use what is defined in the module or wasm-function[%d] as per
the wasm names spec.
Bug: v8:8015
Change-Id: Ie102db4e1114b20caeb4a990cb9e07cacf0666bc
Reviewed-on: https://chromium-review.googlesource.com/1215627
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55827}
This is a reland of 6afe7d1815.
The reason for the revert is fixed in https://crrev.com/c/1219633.
Original change's description:
> [Liftoff] Implement f32.copysign and f64.copysign
>
> These are two of the few missing instructions. This CL implements them
> for ia32 and x64, and bails out on other platforms.
> On x64, we are using the BTR instruction since we cannot have 64-bit
> immediates.
>
> Drive-by: Fix naming of existing bt/bts instructions on x64.
>
> R=titzer@chromium.org
>
> Bug: v8:6600
> Change-Id: Ib8532ca811160cd61f4ba7c06b04ce093861c872
> Reviewed-on: https://chromium-review.googlesource.com/1174383
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55780}
Bug: v8:6600
Change-Id: Ie14ba3a14848ba8e67f97e66d3379178f35dea40
TBR=titzer@chromium.org
Change-Id: Ie14ba3a14848ba8e67f97e66d3379178f35dea40
Reviewed-on: https://chromium-review.googlesource.com/1219693
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55817}
This reverts commit f0f5f8778c.
Reason for revert: Merge conflict (does not compile).
Original change's description:
> Reland "[Liftoff] Implement f32.copysign and f64.copysign"
>
> This is a reland of 6afe7d1815.
> The reason for the revert is fixed in https://crrev.com/c/1219633.
>
> Original change's description:
> > [Liftoff] Implement f32.copysign and f64.copysign
> >
> > These are two of the few missing instructions. This CL implements them
> > for ia32 and x64, and bails out on other platforms.
> > On x64, we are using the BTR instruction since we cannot have 64-bit
> > immediates.
> >
> > Drive-by: Fix naming of existing bt/bts instructions on x64.
> >
> > R=titzer@chromium.org
> >
> > Bug: v8:6600
> > Change-Id: Ib8532ca811160cd61f4ba7c06b04ce093861c872
> > Reviewed-on: https://chromium-review.googlesource.com/1174383
> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> > Reviewed-by: Ben Titzer <titzer@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#55780}
>
> Bug: v8:6600
> Change-Id: I4baeec6b02b17450988cfa7fedd5037f9cfe1638
> Reviewed-on: https://chromium-review.googlesource.com/1219508
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55812}
TBR=titzer@chromium.org,clemensh@chromium.org
Change-Id: Iae075a8f5225f1678691698bf3a304faa5ae2aab
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6600
Reviewed-on: https://chromium-review.googlesource.com/1220747
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55813}
This is a reland of 6afe7d1815.
The reason for the revert is fixed in https://crrev.com/c/1219633.
Original change's description:
> [Liftoff] Implement f32.copysign and f64.copysign
>
> These are two of the few missing instructions. This CL implements them
> for ia32 and x64, and bails out on other platforms.
> On x64, we are using the BTR instruction since we cannot have 64-bit
> immediates.
>
> Drive-by: Fix naming of existing bt/bts instructions on x64.
>
> R=titzer@chromium.org
>
> Bug: v8:6600
> Change-Id: Ib8532ca811160cd61f4ba7c06b04ce093861c872
> Reviewed-on: https://chromium-review.googlesource.com/1174383
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55780}
Bug: v8:6600
Change-Id: I4baeec6b02b17450988cfa7fedd5037f9cfe1638
Reviewed-on: https://chromium-review.googlesource.com/1219508
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55812}
The CSA implementation is a separate handler so that TF has the
opportunity to reduce to a direct call, skipping some of the dispatching
in the CloneObjectIC stub.
This patch moves the looping over a source object's keys and values into the
base CodeStubAssembler, so that it can be shared between ObjectAssignFast
and CloneObjectIC_Slow.
During each step of the loop, storing is delegated to a new SetPropertyInLiteral
helper in KeyedStoreGenericGenerator, which performs a store without consulting
the prototype chain, and automatically reconfigures accessors into data
properties regardless of their attributes.
BUG=v8:8067, v8:7611
R=ishell@chromium.org, jkummerow@chromium.org
Change-Id: I06ae89f37e9b4265aab67389cf68a96529f90578
Reviewed-on: https://chromium-review.googlesource.com/1182122
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55806}
We had an optimization in Crankshaft where we would call into the
megamorphic handler stub directly if an inline cache was already
found to be megamorphic when it hit the optimizing compiler. This
way we could avoid the dispatch overhead when we know that there's
no point in checking for the other states anyways. However we somehow
missed to port this optimization to TurboFan.
Now this change introduces support to call into LoadIC_Megamorphic and
KeyedLoadIC_Megamorphic directly (plus the trampoline versions), which
saves quite a lot of overhead for the cases where the map/name pair is
found in the megamorphic stub cache, and it's quite a simple change. We
can later extend this to also handle the StoreIC and KeyedStoreIC cases
if that turns out to be beneficial.
This improves the score on the Octane/TypeScript test by around ~2%
and the TypeScript test in the web-tooling-benchmark by around ~4%. On
the ARES-6 Air test the steady state mean improves by 2-4%, and on the
ARES-6 ML test the steady state mean seems to also improve by 1-2%, but
that might be within noise.
On a micro-benchmark that just runs `o.x` in a hot loop on a set of 9
different objects, which all have `x` as the first property and are
all in fast mode, we improve by around ~30%, and are now almost on par
with JavaScriptCore.
Bug: v8:6344, v8:6936
Change-Id: Iaa4c6e34c37e78da217ee75f32f6acc95a834250
Reviewed-on: https://chromium-review.googlesource.com/1215623
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55803}
This reverts commit ece86adc6b.
Reason for revert: Potential cause of auto-roller breakage https://ci.chromium.org/p/chromium/builders/luci.chromium.try/win10_chromium_x64_rel_ng/91864
Original change's description:
> [typedarray] Properly convert hole to undefined in TypedArray.from
>
> It used to call the old IterableToList, which had the wrong
> semantics for holes.
>
> Bug: v8:8133
> Change-Id: Idd5acd55a155bc43df7552135a44151bb2db38e9
> Reviewed-on: https://chromium-review.googlesource.com/1213204
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55745}
TBR=neis@chromium.org,petermarshall@chromium.org,dhai@google.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:8133
Change-Id: I09b108e7844c598253fbbe02d705699c21308637
Reviewed-on: https://chromium-review.googlesource.com/1220286
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55802}
In the CHECK_FLOAT_EQ and CHECK_DOUBLE_EQ wrappers, do also print hex
representations on failure. Otherwise, single bit flips might not be
visible in the output, like here:
Check failed: DoubleWrapper(x) == y (-2e+66 vs. -2e+66).
R=titzer@chromium.org
Change-Id: I2521706aedc6ff81c0dbb25259230f8e29ce9a3e
Reviewed-on: https://chromium-review.googlesource.com/1219630
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55799}
To make the changes in base.tq work, there were 2 changes needed on
the C++ side:
- calls to "FromConstexpr" are generated by the compiler for
implicit conversions.
- type switch is desugared and uses "Cast"
R=jgruber@chromium.org, tebbi@chromium.org
Change-Id: I085f1a393f93e501e6bbcaeacb0d6568259a4714
Reviewed-on: https://chromium-review.googlesource.com/1219629
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55794}
This checks the type signature during import against the expected
signature. For this the {WasmExceptionObject} now contains a serialized
version of the signature.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-import
BUG=v8:8091
Change-Id: I5a34ef87eccf4d2ed3a784620796ec009623fd90
Reviewed-on: https://chromium-review.googlesource.com/1219509
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55789}
There was a bug in WebAssembly.instantiate in the case where a CSP
disallows WebAssembly compilation. In this case the promise returned by
WebAssembly.instantiate was rejected immediately because of the CSP,
but then compilation was started anyways, and the promise was resolved
after compilation for a second time, which caused the crash. With this
CL we do not start compilation if CSP disallows WebAssembly compilation.
R=clemensh@chromium.org
Bug: chromium:881978
Change-Id: Iffdb3e02c3006eb7f86211ab197f81cf20438f0e
Reviewed-on: https://chromium-review.googlesource.com/1219706
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55788}
This enables cctest, unittests, fuzzer and inspector on Android.
The cctest suite requires extra resource-fetching logic for the
bytecode-generator expectation files.
Bug: chromium:866862
Cq-Include-Trybots: luci.v8.try:v8_android_arm64_n5x_rel_ng
Change-Id: If3da853a62c047388476a7f38e32e64e2859f186
Reviewed-on: https://chromium-review.googlesource.com/1213208
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55784}
This reverts commit 6afe7d1815.
Reason for revert: Failures (-2e+66 vs. -2e+66): https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20debug/22148
Original change's description:
> [Liftoff] Implement f32.copysign and f64.copysign
>
> These are two of the few missing instructions. This CL implements them
> for ia32 and x64, and bails out on other platforms.
> On x64, we are using the BTR instruction since we cannot have 64-bit
> immediates.
>
> Drive-by: Fix naming of existing bt/bts instructions on x64.
>
> R=titzer@chromium.org
>
> Bug: v8:6600
> Change-Id: Ib8532ca811160cd61f4ba7c06b04ce093861c872
> Reviewed-on: https://chromium-review.googlesource.com/1174383
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55780}
TBR=titzer@chromium.org,clemensh@chromium.org
Change-Id: I4377c13346b42b65e8db04cbd15fc2f906113f65
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6600
Reviewed-on: https://chromium-review.googlesource.com/1219446
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55783}
These are two of the few missing instructions. This CL implements them
for ia32 and x64, and bails out on other platforms.
On x64, we are using the BTR instruction since we cannot have 64-bit
immediates.
Drive-by: Fix naming of existing bt/bts instructions on x64.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ib8532ca811160cd61f4ba7c06b04ce093861c872
Reviewed-on: https://chromium-review.googlesource.com/1174383
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55780}
This adds the ability to import exception into a module at instantiation
time. Only a {WasmExceptionObject} that has been exported by another
module instance can be imported, all other values are rejected.
Note that currently there is no signature check being performed to make
sure the imported exception matches the expected type. Also the identity
of imported exceptions is not yet preserved.
Furthermore the engine does not yet match thrown exception objects on a
global level across modules. Hence imported exceptions will (wrongly)
behave as completely new types within the module.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-import,unittests/WasmModuleVerifyTest
BUG=v8:8091
Change-Id: If247762b949a1ba4a87d13bc3e790a45dbc67815
Reviewed-on: https://chromium-review.googlesource.com/1216402
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55777}
Manually roll ICU to 7ca3ffa to pick up an upstream fix for quarter handling.
Remove the hack that prevent unexpected behavior in ICU
and remove the skip of failing tests.
Bug: v8:8151,v8:7869
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ic9a56679bf1eb9dc18c739161838d518fd664d6f
Reviewed-on: https://chromium-review.googlesource.com/1214522
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55774}
This CL adds a new "Call" stub that can be used by builtins that will
call the same JS call-back function often (e.g. compare function in
Array.p.sort). The checks have to be done upfront once, but can then
be omitted.
R=jgruber@chromium.org
Bug: v8:7861
Change-Id: Id6e4ca27c3d488a7b1f708cbcb4cbe6cc382513e
Reviewed-on: https://chromium-review.googlesource.com/1208574
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55769}
The ICU API for maximizing and minimizing a locale ID takes ICU format locale id as an input
so that a BCP 47 language tag must be converted to the corresponding ICU locale id.
Bug: v8:7982
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I1cb1dacbf057bbc8bb8beb9b62d1ec4becd82624
Reviewed-on: https://chromium-review.googlesource.com/1150934
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55768}
Previously the builtins table had a value for every single
OperandScale/Bytecode combination regardless of whether it was valid.
This change makes it so that only valid bytecode handlers are stored in
the builtins table. This prevents placeholders being serialized into the
snapshot (and embedded into the binary) saving 9KB in
CODE_SPACE/OLD_SPACE and 2.5KB in the embedded data as well as 66
entries in the builtins table.
To do this, it generates a new header file bytecodes-builtins-list.h
which is created from the BYTECODE_LIST and OPERAND_SCALE_LIST macros.
Since list macros cannot be used to conditionally generate elements in
the C-preprocessor, this is done by generator executable, compiled from
interpreter/generate-flat-headers.cc.
Additionally the generator creates the flat bytecode list so that it is
transposed from the previous result, i.e. the results are grouped by
bytecode and then operand scale rather than operand scale then bytecode.
This should give better locality for commonly used bytecodes and may
allow less commonly used ExtraWide bytecodes to never be mapped into
memory at all.
The cost to storing the handlers densely is that looking up a handler
now requires a binary search through the builtins table, but this should
only happen during debugging. It is also fixable at least for non-wide
handlers and could be improved for wide ones if the need arises.
Bug: v8:8068
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iaad22a952e2858f508030c5ddc082f91bf59f667
Reviewed-on: https://chromium-review.googlesource.com/1209304
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55757}
- Provide MapData::SerializeDescriptors method for serializing the whole
descriptor array.
- Trigger this in JSObjectData::SerializeAsBoilerplate.
- Further make things more consistent across the broker.
Bug: v8:7790
Change-Id: Ie6499da8857f7c6561f7c44922aeffcea4876be7
Reviewed-on: https://chromium-review.googlesource.com/1199102
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55756}
Issues that caused failure of this test have been resolved with commit
https://chromium-review.googlesource.com/c/v8/v8/+/1213183, so it can
be re-enabled.
Change-Id: I441998e5e63fce7a7e718b593c8e58a71841b78e
Reviewed-on: https://chromium-review.googlesource.com/1215168
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Sreten Kovacevic <skovacevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#55754}
This new instance type will be used for wrapper objects representing
exported exceptions. Currently the objects are empty and only serve as
an identity for exported exceptions. Eventually they will also need to
reference the signature underlying the exception to perform a signature
check upon import.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-import
BUG=v8:8091
Change-Id: Ifdd561fc000090f4a985aeb45549fd7110849646
Reviewed-on: https://chromium-review.googlesource.com/1215166
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55752}
* Enable Liftoff wasm cctests on BE for mips and mips64
* Fix issues that were introduced with these tests and that are
linked with Load/Store instructions
* Change endianness on GetGlobal and SetGlobal, as done in TF
* Skip I32Binop tests that fail with OOM error and seem to not be
related directly to this task
Bug: v8:6600
Change-Id: Ib62ca5e3c681326d28e70a5157d8646e0c8d0b51
Reviewed-on: https://chromium-review.googlesource.com/1213183
Commit-Queue: Sreten Kovacevic <skovacevic@wavecomp.com>
Reviewed-by: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55751}
This CL makes sure, that logical operators (||, &&) always have return
type never. Together with a check that never is never passed as a
function argument, this prevents faulty evaluation as in !(x || y).
Before, the logical operators had a behavior similar to
(bool labels Taken, NotTaken), with a fast exit if the left-hand side
allowed shor-circuit evaluation, but returning the right-hand side
otherwise. Since we want to allow existing (a || b || c) patterns in
the codebase, this requires weakening the restriction that the left-
and right-hand side need to have the same type. Now the possibilites
are:
bool, never
never, bool
never, never
bool, bool
constexpr bool, constexpr bool
Bug: v8:8137
Change-Id: I9576b337dc4008ac58b4625e77fef4e73bcdd6e3
Reviewed-on: https://chromium-review.googlesource.com/1215162
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55750}
This CL fixes a bug that allowed calls to Array.p.shift on
zero-length arrays where the 'length' is read-only without throwing
a TypeError.
R=bmeurer@chromium.org, jgruber@chromium.org
Bug: chromium:882233
Change-Id: Ib129ab4c4f4f233e7bb553effa77539badfbe26e
Reviewed-on: https://chromium-review.googlesource.com/1215164
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55746}
It used to call the old IterableToList, which had the wrong
semantics for holes.
Bug: v8:8133
Change-Id: Idd5acd55a155bc43df7552135a44151bb2db38e9
Reviewed-on: https://chromium-review.googlesource.com/1213204
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55745}
Makes for a nicer stack trace
Bug: v8:5367
Change-Id: I6d77907e08c2c4efc7a1b25016c7e83841c7c574
Reviewed-on: https://chromium-review.googlesource.com/1211444
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55736}
The isolates step times out due to some very slow tests. Marking as slow
changes the test order and increases throughput.
NOTRY=true
TBR=yangguo@chromium.org
Change-Id: Iaaf6fe93e7f0e17266923d1ab6f0fe7b09abea9e
Reviewed-on: https://chromium-review.googlesource.com/1213212
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55734}
Seems like most lifeedit tests are not predicable.
NOTRY=true
TBR=yangguo@chromium.org
Bug: v8:8147
Change-Id: Ia0a3871112f5a6f4b5821ee401bfdfd26dd8f9e5
Reviewed-on: https://chromium-review.googlesource.com/1213211
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55730}
This replaces the previous CheckStringAdd operator which deopts in case
the combined length overflows with a dedicated pure StringConcat operator.
This operator is similar to NewConsString in that it takes the resulting
length plus the two input strings. The operator relies on the length
being checked explicitly by the surrounding code instead of baking the
check into the operator itself. This way TurboFan can eliminate
redundant/unnecessary StringConcat operations, since they are pure now.
This also unifies the treatment of string addition in JSTypedLowering,
and generalizes the StringLength constant-folding to apply to more cases
not just the JSAdd cases inside JSTypedLowering.
Bug: v8:7902, v8:8015
Change-Id: I987ec39815a9464fd5fd9c4f7b26b709f94f2b3f
Reviewed-on: https://chromium-review.googlesource.com/1213205
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55725}
Add a test that runs multiple workers that concurrently try to advance
along a random sequence of numbers, using AtomicCompareExchange to
update the shared current position.
Change-Id: Ie073bbdce6fd6766ef1f73f996dd592b90b8b3c2
Reviewed-on: https://chromium-review.googlesource.com/1198769
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55722}
Splits PreParsedScopeDataBuilder out of ProducedPreParserScopeData to make the split between
building PreParsedScopeData and using already build PreParserScopeData more explicit.
BUG=v8:8041
Change-Id: Iab42cab84c247152c14ac39f3136f985753160ec
Reviewed-on: https://chromium-review.googlesource.com/1202104
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55718}
The first: we allocated within the argument list of a function call on
a handlified receiver. The allocation may trigger GC which leaves us
with a stale receiver reference.
The second: in generated code we triggered further allocations while
an uninitialized fixed array was live.
Bug: v8:8145
Change-Id: If59cab6274277534b2ff6463daa5863b8feae22c
Reviewed-on: https://chromium-review.googlesource.com/1213162
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55717}
Adds support for zone allocated (off-heap) ConsumedPreParsingScopeData to
enable worker-thread access to PreParsingScopeData during parallel IIFE
compile tasks.
In order to avoid code-duplication, a templated
BaseConsumedPreParsingScopeData is added which implements the logic for
decoding the bytestream into scope data. Two implementations of this
base class are instantiated for each of the underlying serialized scope date:
- ZoneConsumedPreParsedScopeData for exposing ZonePreParsedScopeData
- OnHeapConsumedPreParsedScopeData for exposing on-heap PreParsedScopeData
The interface for each of these classes is the ConsumedPreParsingScopeData,
which exposes the methods required by the parser to deserialize the required
data.
As a side-cleanup, moved Ucs2CharLength and Utf8LengthHelper implementations
to cc file so that we don't get a linker error if one of them are unused by
the cc file including the header.
BUG=v8:8041
Change-Id: Id502312d32fe4a9ddb6f5d2d9d3e3a9d30b9b27d
Reviewed-on: https://chromium-review.googlesource.com/1199462
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55711}
The provided page allocator will serve all the memory requests done by the virtual
memory object.
This is a necessary cleanup before introducing BoundedPageAllocator.
Bug: v8:8096
Change-Id: I95477d67e5f532013322a991db3ee1a1f2e821e6
Reviewed-on: https://chromium-review.googlesource.com/1210122
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55703}
