We now have one initial phase (before PROPAGATE) that generates the
traversal that the subphases are going to take. Generates post-order
starting from End for RETYPE and LOWER, and the reverse for PROPAGATE.
As a note, LOWER could use either PO or RPO.
Bug: v8:10424
Change-Id: I7435d681aba012b4f5e5ecd971bfa1d88bfb8b3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2154785
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68007}
Also remove a version that was only used once.
Bug: v8:9708, v8:6949
Change-Id: Ifd65af3866a3740d8da6d4501445b25a48d7219a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2212264
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68006}
The `slot` parameter is expected to be a UintPtr.
Bug: v8:8888
Change-Id: Ia1137cd5af3d3aa0b00e9bf194661067c37332b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215047
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68005}
This CL brings unary op assembler structure closer to that of binary
ops assemblers:
- Decrement, Increment, Negate call into UnaryOpWithFeedback,
- which takes lambdas specifying smi, float, and bigint logic.
- BitwiseNot is different in that it still dispatches using
TaggedToWOrd32OrBigIntWithFeedback.
- These methods are all implemented in the (hidden)
UnaryOpAssemblerImpl class.
- The header only exposes UnaryOpAssembler with the bare minimum of
API.
The last point is the remaining major divergence from binary op
assemblers. I just like how this avoids useless implementation details
in the header.
Bug: v8:8888
Change-Id: I0ac4695483950356885301234d58c1900904aa92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2214830
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68004}
Object shapes or sizes shouldn't change during the string fixup, but
we're seeing crashes that indicate that they might do anyway, so add
some more exhaustive checking to make sure they don't.
Bug: chromium:1086478
Change-Id: I36d41e036a32d8dd072000d900ba1900343d4608
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2214839
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68003}
If the return_count is zero, the Generate will be called twice. The recent update in Generate function already handle the case inside the Generate function overload.
Change-Id: I49e0ee4a0824db60f157ea288ae6d28978c42db5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215816
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68000}
This is a reland of 8374feed55.
Fixed rehashing of global proxy keys by creating its identity hash
early, before the deserialization of the context snapshot.
Original change's description:
> [snapshot] rehash JSMap and JSSet during deserialization
>
> To rehash JSMap and JSSet, we simply replace the backing store
> with a new one created with the new hash.
>
> Bug: v8:9187
> Change-Id: I90c25b18b33b7bc2b6ffe1b89fe17aa5f978b517
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2143983
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67663}
Bug: v8:9187, v8:10523
Change-Id: I7a0319b1d10ff07644de902fec43e7c2b1dd8da9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2212085
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/master@{#67999}
Added --trace-wasm flag which prints function entry in wasm.
R=clemensb@chromium.org
Bug: v8:10559
Change-Id: I049efeadb0149f4f58ce34a29fd53fbf5688bd4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215052
Commit-Queue: Arnaud Robin <arobin@google.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67998}
Previously both the length and the endColumn for Wasm scripts were
reported as 0, and that was sort of okayish, since the front-end
was ignoring both of these fields in case of Wasm, and was applying
special cases. But these special casing lead to some subtle bugs,
and this is the first step towards a more uniform treatment.
Source positions for Wasm are in terms of the bytecode, and the
column field contains the bytecode offset here, while the line
number field is always 0. Hence we send 0 for both startLine and
endLine as before, but endColumn now corresponds to the bytecode
size.
Bug: chromium:1056632
Change-Id: Ia8a9cfe454ed250b87a524f5cbcbbbe242205db6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215817
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67997}
To ensure that regexp syntax errors are reported as early errors, SpiderMonkey calls ParseRegExp at parse time to validate that the regexp parses properly. This does not require the allocation of named capture information. We have a project underway to completely eliminate the allocation of GC things at parse time, which will require us to suppress the allocation of named capture information (or else jump through hoops to implement FixedArray as a non-GC thing).
We can work around this in our shim layer -- for example, by setting a flag on the Factory shim that causes us to allocate dummy objects -- but it's much simpler to add an option to ParseRegExp.
(Note: V8 currently does not treat regexp syntax errors as early errors. See https://bugs.chromium.org/p/v8/issues/detail?id=896.)
Bug: v8:10406
Change-Id: Ib5f0613a54509146e00f90cf61bda4bf03b03859
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2207813
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67995}
Motivation:
In the wasm-gc proposal, structs and arrays are allowed to store
elements of packed types i8 and i16.
Changes:
- Add i8 and i16 to ValueType.
- Fix all case switches to handle the new cases.
- Add a couple helper methods to ValueType and improve the
implementation/usage of a couple more.
Bug: v8:7748
Change-Id: I527cfe5acf5d877fc38e4212174ba9f9de5c40ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215046
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67994}
This removes the post-mvp flag for bitmask, since it was accepted into
the proposal, see https://github.com/WebAssembly/simd/pull/201.
Bug: v8:10308
Change-Id: I4ced43a6484660125d773bc9de46bdea9f72b13b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2216532
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67993}
We can do a good job of optimizing Torque expressions that load and
check multiple bitfields from a bitfield struct, but only if those
expressions are written using the binary `&` operator as opposed to the
logical `&&`. This change adds a lint rule to detect some simple cases
where we should clearly prefer `&` to `&&`.
Bug: v8:7793
Change-Id: Id996a7971cff8f7f83198075a172170d9c7d42e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2207666
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67991}
Making them private was a way to hide the constructor, we can
explicitly delete them, which give a better compilation error message as
well.
Also see: https://stackoverflow.com/q/55205874
Bug: v8:10488
Change-Id: Iddc00b86e5481b90c20d9c68f1261f853ac8d5dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2210778
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67990}
Making them private was a way to hide the constructor, we can
explicitly delete them, which give a better compilation error message as
well.
Also see: https://stackoverflow.com/q/55205874
Bug: v8:10488
Change-Id: I9268f42b9367cc1af4d58e71e2033c254ed4cbf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2210777
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67988}
There was a legacy place in map code that wasn't fully ported to use
the strong, new SloppyArgumentsElements type because of code that used
hard-coded constants.
Bug: chromium:1086470
Change-Id: Ieba152e4bd92c89125f831949c2efb4f4219f95c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215059
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67984}
Making them private was a way to hide them, we can explicitly delete
them, which give a better compilation error message as well.
Also see: https://stackoverflow.com/q/55205874
Bug: v8:10488
Change-Id: Ieffa05951aeefc0225f8fb84e756eb67353e57a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2211184
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67982}
VisitWord32EqualImpl was checking for inputs of type
kCompressedHeapConstant, but it can also sometimes have inputs of type
kHeapConstant. In either case, we can check for whether to do a load
from the roots array. This improves Octane score by about 3% (or about
1.5% if --no-opt is specified).
Bug: v8:8948
Change-Id: Iab6c0b1dacd96c74e4cfb54c772aa92e5baf00ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2213081
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67981}
Making them private was a way to hide them, we can explicitly delete
them, which give a better compilation error message as well.
Also see: https://stackoverflow.com/q/55205874
Bug: v8:10488
Change-Id: I3f2b6881ae2252809c84fbd32ce0687e8328506e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2211182
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67980}
This reverts commit a35d0e8cb5.
The original CL is likely not a culprit for the infra failures.
Bug: chromium:1056170
Change-Id: I8fa85db8a737fb01328021782f0c43626fa52b0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215826
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67977}
Several tests were using them and we can dedup code.
Change-Id: I4ef5ae5772856d1f36e965b6b62ff5895b4e04fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215173
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67974}
This reverts commit 4e5fabaedd.
Reason for revert: performance regressions chromium:1085305, chromium:1084978
Original change's description:
> [torque][cleanup] Use more precise field types in a few classes
>
> This change updates some Torque-defined classes to include more precise
> field types where possible. It also updates those classes to use
> @generateCppClass. One field was removed because it's unused
> (PrototypeInfo::validity_cell), and two fields in StackFrameInfo
> actually became less precise because they're based on Script::name,
> which is an embedder-provided untyped Local<Value>. (Automatically
> generated accessors pointed out this bug easily.)
>
> This change also includes a couple of minor fixes in Torque.
>
> Change-Id: Ib2bc6c7165bb3612b6d344c0686a94165a568277
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2199640
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67907}
TBR=ulan@chromium.org,tebbi@chromium.org,verwaest@chromium.org,seth.brenith@microsoft.com
Change-Id: I720821d8dc84ea0d79eb137f1c2507f75df9a107
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2211322
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67972}
This CL is a step towards reversing JS stack arguments for TurboFan.
It does the following:
1. Add StackOrder to CallInterfaceDescriptor
2. Reverse arguments in TF backend for JS calls.
3. Cleanup TFJ builtins interface descriptors, since calls for these builtins already reverse the arguments, we don't need to reverse the interface descriptor anymore.
Change-Id: Ie840b1757bf023aa381a7fa01cbe66e7cf90778f
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2213440
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67971}
This moves concurrent and incremental sweeping from Blink. This also
adds TestPlatform that makes it easier to test concurrent and
incremental sweeping.
Drive-by: fix unmarking of large pages.
Bug: chromium:1056170
Change-Id: Ifd50ff67b9df17ff117a5f4d4eb5a2937d3023be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2207132
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67969}
Objects allocated on the background thread during incremental marking, need to be allocated black. This prevents concurrent marking to observe uninitialized objects.
Bug: v8:10315
Change-Id: Ia4b05a2a72e4142c79b31a01cbf162a6599a18c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196347
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67967}
The Isolate is only used to access the wasm engine, and the accounting
allocating. The latter is also linked directly from the wasm engine, and
the engine is linked from the native module, to which the DebugInfoImpl
already has access.
Hence, this CL removes the redundant Isolate pointers, and just accesses
the engine and the allocator via the NativeModule.
R=thibaudm@chromium.org
Change-Id: Ib51cee2d166443a34e22fa02e8ad1549328aaa7f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2214827
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67966}
Triggering recompilation can reduce the number of outstanding
recompilation functions. If it gets reduced to zero, we also need to
trigger other callbacks waiting for recompilation to finish.
This situation can happen if all recompiled code was already
installed in the native module, but the compilation state was not
updated yet via {OnFinishedUnits}.
R=thibaudm@chromium.org
Bug: v8:10557, chromium:1084369, v8:10359
Change-Id: Ib80ff110776cf284632303b0b23e4c6e63426411
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2214828
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67965}
The interpreter is still used for testing, but frame inspection is not
wired any more. Hence this CL removes it.
R=thibaudm@chromium.org
Bug: v8:10389
Change-Id: If93928dd3996a19c1251a93d843034574d4c43ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215165
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67964}
... and CallParameters::arity().
The construct arity contains the actual argument count, plus 2 for the
target (the first input) and new target (the last input). This CL adds
a named constant and a helper method for accessing arity without extra
args. In the future we may want to remove the extra args from arity()
altogether.
Call arity is similar but includes the target and receiver.
Bug: v8:10542,v8:8888
Change-Id: I850fa314f88c2bee9d4dcd87eac9295b2bf88281
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2208850
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67963}
If --turbo-nci is enabled, use unary op builtins with feedback
collection during generic lowering.
Bug: v8:8888
Change-Id: Ie32cfe1558a7fbada2ac69a99ef969097558bc89
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2209067
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67962}
This adds the wasm instance to the module scope. The instance
contains the exported entities that can now be inspected.
Bug: chromium:1043034
Change-Id: I9236ac9c126f3bc4b1e056990fe34956bbe8ed6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2213433
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67961}
After all struct/array definitions are parsed, we need to check if all
reference type indices are legal. We need to do it at the end because
types can be mutually recursive.
Bug: v8:7748
Change-Id: I5e6b5185e7d0c5e8d905b6833a2b9026ab630c01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2214821
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67960}
The interpreter is not used for debugging any more. Hence any breakpoint
support and related functionality is dead code.
This CL removes
- the {SetBreakpoint} and {GetBreakpoint} methods,
- the {break_pc_} field which holds the current pause position,
- the {break_flags_} field which is used to break at function entry and
after calls,
- functions to modify {break_flags_},
- the dead {kInternalBreakpoint} and {kInvalidPc} constants (plus
respective macros and enums),
- the {orig_start} and {orig_end} fields (code is not being modified any
more, so we just use {start} and {end} now),
- the {PrepareStepIn} method,
- the unimplemented {SetTracing} method, and
- two tests that test breakpoints in the interpreter.
R=thibaudm@chromium.org
Bug: v8:10389
Change-Id: I52103c37516446e40d3dfa365d6b480a7c623577
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215163
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67958}
