This reverts commit 83d289b87f.
Reason for revert: lock order inversion, see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/12584/overview
Original change's description:
> Reland [wasm] Reduce job priority once baseline compilation finishes
>
> ReduceCompilationPriority takes a lock now.
>
> Original message:
> This Cl changes the priority of baseline compilation from kUserVisible
> to kUserBlocking. Once baseline compilation finishes, the priority is
> reduced to kUserVisible. The reason for using kUserBlocking is that
> thereby TurboFan compilation cannot block Liftoff compilation anymore.
> Additionally, kUserBlocking is quite appropriate, as the initial
> compilation does block a whole section of a web app from execution.
>
> R=clemensb@chromium.org
>
> Bug: v8:11088
> Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
> Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
> Change-Id: I6e1bcc809148198a4b4f88bfd4f2e62b1b061439
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2563675
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71546}
TBR=ahaas@chromium.org,clemensb@chromium.org
Change-Id: I62e4e3d0663dbd181b14f77f0c1586d5e503f324
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:11088
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567953
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71557}
The SWEEPING phase in incremental marking was used to finish sweeping
of the last GC cycle concurrently before starting incremental marking.
This avoids potentially long pauses when starting incremental marking.
However this shouldn't be necessary in most cases where sweeping is
already finished when starting the next cycle. The implementation also
didn't cleanly separate the GC cycles.
In case the sweeping phase is necessary for pause times, we can
introduce a "CompleteSweep" phase which runs right before starting
incremental marking.
Change-Id: Iaff8c06d5691e584894f57941f181d0424051eec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567707
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71555}
This reverts commit 3599cce1f5.
Originally landed in
https://chromium-review.googlesource.com/c/v8/v8/+/2531775
Work on NCI is suspended, remove unused complexity. We may want to share
native-context-independent feedback in the future, but probably through other
means.
Bug: v8:8888
Change-Id: I23dfb67f6f01b4891af87bc42a9e62f99d0bf044
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567701
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71553}
Prototype v128.{load,store}{8,16,32,64}_lane on arm64.
All the required assembler, disassembler, and simulator changes are
already available. The biggest changes here are in the
instruction-selector. ld1 and st1 only supports no-offset or post-index
addressing, so we have to do our own addition (base + index) to
construction the actual memory address to load/store from.
Bug: v8:10975
Change-Id: I026e3075003ff5dece7cd1a590894b09e2e823db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2558268
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71551}
This is a reland of a69b7ef2ff
Original change's description:
> [wasm-simd][ia32] Prototype store lane
>
> Prototype v128.store{8,16,32,64}_lane on IA32.
>
> Drive by fix for wrong disassembly of movlps.
>
> Also added more test cases for StoreLane, test for more alignment and offset.
>
> Bug: v8:10975
> Change-Id: I0e16f1b5be824b6fc818d02d0fd84ebc0dff4174
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557068
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71511}
Bug: v8:10975
Change-Id: I2c9b219b9ab9d78a83d1bf32ad1271d717471c19
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567317
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71547}
ReduceCompilationPriority takes a lock now.
Original message:
This Cl changes the priority of baseline compilation from kUserVisible
to kUserBlocking. Once baseline compilation finishes, the priority is
reduced to kUserVisible. The reason for using kUserBlocking is that
thereby TurboFan compilation cannot block Liftoff compilation anymore.
Additionally, kUserBlocking is quite appropriate, as the initial
compilation does block a whole section of a web app from execution.
R=clemensb@chromium.org
Bug: v8:11088
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Change-Id: I6e1bcc809148198a4b4f88bfd4f2e62b1b061439
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2563675
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71546}
In order to reduce the codegen size of dynamic map checks, add the
ability to have an eager with resume deopt point, which can call
a given builitin to perform a more detailed check than can be done
in codegen, and then either deoptimizes itself (as if the calling
code had performed an eager deopt) or resumes execution in the
calling code after the check.
In addition, support for adding extra arguments to a
deoptimization continuation is added to enable us to pass the
necessary arguments to the DynamicMapChecks builtin.
Finally, a trampoline is added to the DynamicMapChecks which saves
the registers that might be clobbered by that builtin, to avoid
having to save them in the generated code. This trampoline also
performs the deoptimization based on the result of the
DynamicMapChecks builtin.
In order to ensure both the trampoline and DynamicMapChecks
builtin have the same call interface, and to limit the number
of registers that need saving in the trampoline, the
DynamicMapChecks builtin is moved to be a CSA builtin with a
custom CallInterfaceDescriptor, that calls an exported Torque
macro that implements the actual functionality.
All told, this changes the codegen for a monomorphic dynamic
map check from:
movl rbx,<expected_map>
cmpl [<object>-0x1],rbx
jnz <deferred_call>
resume_point:
...
deferred_call:
<spill registers>
movl rax,<slot>
movq rbx,<object>
movq rcx,<handler>
movq r10,<DynamicMapChecks>
call r10
cmpq rax,0x0
jz <restore_regs>
cmpq rax,0x1
jz <deopt_point_1>
cmpq rax,0x2
jz <deopt_point_2>
int3l
restore_regs:
<restore_regs>
jmp <resume_point>
...
deopt_point_1:
call Deoptimization_Eager
deopt_point_2:
call Deoptimization_Bailout
To: movl rax,<slot>
movl rcx,<expected_map>
movq rdx,<handler>
cmpl [<object>-0x1],rcx
jnz <deopt_point>
resume_point:
...
deopt_point:
call DynamicMapChecksTrampoline
jmp <resume_point>
BUG=v8:10582
Change-Id: Ica4927b9acc963b9b73dc62d9379a7815335650f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2560197
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71545}
In this CL we fix the emitted code for Load Splat and Load Extend.
Load Splat loads a byte, half word, word or double word based
on the specific opcode.
Load Extend always loads a double word and then unpacks it
accordingly.
Change-Id: Ic1619c81a58f4997d69612f08edb6975d17e8bb3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2568132
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71543}
This is a reland of 535fd785a3.
This CL was not the culprit, thus landing unmodified.
Original change's description:
> [wasm] Make DecodeLocals return the number of decoded locals
>
> Currently, when the new locals are not appended to the existing ones,
> there is no way to know how many new locals were defined. This CL
> addresses this issue.
>
> Drive-by: Fix the pc passed to DecodeLocals in OpcodeLength.
> Change-Id: Id9de561a6380b52dcce398301727aa12196c0677
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567695
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71526}
TBR=manoskouk@chromium.org
Change-Id: I1b2fbe9f6d0a19da9d73202de9f488870e79cd30
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567704
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71539}
This is a reland of 4ad08c82f7
The reland organizes the different error types in separate functions
for separate call stacks. Error simulation is also guarded by
a minimum file size to prevent Clusterfuzz from getting stuck with
its bad-build check.
Original change's description:
> Enable simulating errors to test fuzzer reliability
>
> This adds a d8 flag --simulate-errors, which on shutdown will cause
> certain errors. This enables testing the reliability of sanitizers.
>
> This will cause a fatal error, a dcheck (if available) or a
> violation that can be detected with one of the following sanitizers:
> ASAN, UBSAN, MSAN, CFI.
>
> The same flag used in differential fuzzing will cause an error
> subsumed with the error state "fake_difference".
>
> Bug: chromium:1152412
> Change-Id: I4b36c6fe716797004d634263617d22ca67b05600
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554999
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71430}
Bug: chromium:1152412
Change-Id: I604258b4c1ebd215c26b1de6b2822663f857bf64
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565125
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71538}
The wasm fuzzer corpus is pretty outdated. The script that was used to
generate it did not work any more.
This CL updates the script, and runs it. This generates a fuzzer corpus
of 42011 wasm modules, compared to 15290 before. The new modules will
contain new features like SIMD and multi-value, which will be
interesting fuzzer inputs.
R=ahaas@chromium.org
Change-Id: Ic3df26930cb8c1c6e8d521597ceb06cc338c02ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565512
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71537}
Await is a unary operator and should be disallowed on the LHS of
exponentiation like all other unary operators.
Bug: v8:11213
Change-Id: I9c51e33cb37660627748cd926ec222ac0ac246de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2566442
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71535}
So far the main thread can have two different kinds of local handles,
regular main thread handles and local handles in its LocalIsolate. This
is both confusing and error-prone.
This CL retargets local handles creation for the LocalIsolate on the
main thread to always create regular main thread handles instead.
Bug: v8:10315
Change-Id: I4df509a0fc1bd630ba956b5eaacacbe706ddb4ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527062
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71534}
Add support for array and struct definitions and the rest of gc-related
opcodes.
Drive-by: Remove obsolete kWasmAnyFunctionTypeForm, replace it with
kWasmFuncRef.
Bug: v8:7748
Change-Id: I9512ff22d661fead5ad86767871632ae94346465
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567691
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71533}
- Uses linkage location information, to keep in sync with how
LinkageAllocator and Frame work to assign stack slots.
Bug: v8:9198
Change-Id: I299038e4cff706355263f00603ba32515449fefe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2556259
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71532}
This reverts commit 535fd785a3.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/31193/blamelist
Original change's description:
> [wasm] Make DecodeLocals return the number of decoded locals
>
> Currently, when the new locals are not appended to the existing ones,
> there is no way to know how many new locals were defined. This CL
> addresses this issue.
>
> Drive-by: Fix the pc passed to DecodeLocals in OpcodeLength.
> Change-Id: Id9de561a6380b52dcce398301727aa12196c0677
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567695
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71526}
TBR=clemensb@chromium.org,manoskouk@chromium.org
Change-Id: Ie2bbb1b14e5326bce62bb42fa528528b662d3528
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567199
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71531}
Instead of processing batches with a fixed number of functions, process
batches with approximately the same number of bytes. This prevents
disproportionately large batches to block the pipeline.
R=ahaas@chromium.org
Bug: v8:11164
Change-Id: I7fe57abac13c5fb749a002e339c5a9b2dab607be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567699
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71530}
Null checks were not optimized out for non-nullable arrays for array.len.
This CL brings array.len in line with the rest of the gc operations.
Bug: v8:7748
Change-Id: I8d4d5f159ed220f6e64cb812079e15d6e92de68b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567690
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71529}
Avoid data race when enabling flag with concurrent thread that reads
that flag as well.
Bug: v8:10315
Change-Id: I9eecc48e21b1070e8db444021264eec2784f5102
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567697
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71528}
The DCHECK on number_of_elements was making TSAN unhappy. Given that
making this field atomic would be a performance penalty, and that the
DCHECK isn't expected to catch any errors in practice (other DCHECKs
check the same invariant), we can just drop it.
Bug: v8:11183
Change-Id: Ic1b5697b233c4c45c3951816531f888459c3e69f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567698
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71527}
Currently, when the new locals are not appended to the existing ones,
there is no way to know how many new locals were defined. This CL
addresses this issue.
Drive-by: Fix the pc passed to DecodeLocals in OpcodeLength.
Change-Id: Id9de561a6380b52dcce398301727aa12196c0677
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567695
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71526}
This reverts commit be52501d52.
Reason for revert: Multiple TSan issues: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/34457/overview (and others)
Original change's description:
> [heap] Add epoch to GC tracing events
>
> This CL adds the TRACE_GC_EPOCH macro, which adds the epoch as attribute
> to the trace event. Use TRACE_GC_EPOCH for top-level events, nested
> events can get the information from its parent.
>
> V8's GC needs an epoch for young and full collections, since scavenges
> also occur during incremental marking. The epoch is also process-wide,
> so different isolates do not reuse the same id.
>
> Change-Id: I8889bccce51e008374b4796445a50062bd87a45d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565247
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71521}
TBR=ulan@chromium.org,dinfuehr@chromium.org
Change-Id: I8219595f0751de84cbea7e047ef21aa95da32f07
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567696
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71523}
When one comparison run crashes, we cap the outputs to compare to the
shorter one. If one of those, however, contains ignored lines, the
comparison get's skewed.
This makes the main source of ignored lines more robust (the line
printed for unknown flags), by not printing it in the first place in
the context of differential fuzzing.
Bug: chromium:1153871
Change-Id: If2e534959779be14a686be5e43630cbf66e215a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567692
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71522}
This CL adds the TRACE_GC_EPOCH macro, which adds the epoch as attribute
to the trace event. Use TRACE_GC_EPOCH for top-level events, nested
events can get the information from its parent.
V8's GC needs an epoch for young and full collections, since scavenges
also occur during incremental marking. The epoch is also process-wide,
so different isolates do not reuse the same id.
Change-Id: I8889bccce51e008374b4796445a50062bd87a45d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565247
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71521}
This reverts commit 064ee3c835.
Reason for revert: Causing blink_web_tests to fail on builder "WebKit Linux MSAN"
https://bugs.chromium.org/p/chromium/issues/detail?id=1153968
Original change's description:
> Reland "[wasm]: Use CancelAndDetach and barrier on BackgroundCompileJob."
>
> Reason for revert: Data race:
> https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/34121
>
> It was assume that MockPlatform runs everything on 1 thread. However,
> MockPlatform::PostJob previously would schedule the job through
> TestPlatform, which eventually posts concurrent tasks, thus causing
> data race.
> Fix: Manually calling NewDefaultJobHandle and passing the MockPlatform
> ensures the jobs also run sequentially.
>
> Additional change:
> - CancelAndDetach is now called in ~CompilationStateImpl() to make sure
> it's called in sequence with ScheduleCompileJobForNewUnits
>
> Original CL description:
> To avoid keeping around a list of job handles, CancelAndDetach() is
> used in CancelCompilation. Dependency on WasmEngine is handled by a
> barrier that waits on all jobs to finish.
>
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498659
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Original-Commit-Position: refs/heads/master@{#71074}
> Change-Id: Ie9556f7f96f6fb9a61ada0e5cbd58d4fb4a0f571
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2559137
> Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71459}
TBR=ulan@chromium.org,jkummerow@chromium.org,ahaas@chromium.org,clemensb@chromium.org,etiennep@chromium.org
Bug: chromium:1153968, v8:11209, v8:11210, v8:11212
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I2c8406bea81ee7cf6c5726c2fec50fffdce09611
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2566446
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71519}
This CL applies kSetOverflowToMin in TruncateFloat32ToInt32,
TruncateFloat32ToUint32, and TruncateFloat64ToInt64, allowing
EffectControlLinearizer to request truncating to INT32_MIN
or INT64_MIN in case of overflow.
Port: d4b29d7525
Bug: v8:11121
Change-Id: I1ef794e89641d0be6e9be9bdb99fd7737f465821
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2537417
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#71516}
The auto-generated inspector fuzzer corpus seed files will overwrite the
'utils' class by a proxy which provides non-existing functions.
See https://crrev.com/c/2563552.
R=szuend@chromium.org
Bug: chromium:1142437
Change-Id: If1e86617c4244f1b12fe007b5059b5a5f57454d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565127
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71515}
This reverts commit a69b7ef2ff.
Reason for revert: Broke msvc https://ci.chromium.org/p/v8/builders/ci/V8%20Win64%20-%20msvc/15975?
Original change's description:
> [wasm-simd][ia32] Prototype store lane
>
> Prototype v128.store{8,16,32,64}_lane on IA32.
>
> Drive by fix for wrong disassembly of movlps.
>
> Also added more test cases for StoreLane, test for more alignment and offset.
>
> Bug: v8:10975
> Change-Id: I0e16f1b5be824b6fc818d02d0fd84ebc0dff4174
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557068
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71511}
TBR=bbudge@chromium.org,zhin@chromium.org
Change-Id: Ic9386ea1254c1e0d9b42e92723b1a951fafe3a8b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10975
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567315
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71512}
Prototype v128.store{8,16,32,64}_lane on IA32.
Drive by fix for wrong disassembly of movlps.
Also added more test cases for StoreLane, test for more alignment and offset.
Bug: v8:10975
Change-Id: I0e16f1b5be824b6fc818d02d0fd84ebc0dff4174
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557068
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71511}
We forgot to check if a load's input node (index) has any replacement.
This led to weird cases like I32x4ExtractLane persisting even after
scalar lowering is done, which is incorrect.
This manifested in a crash, where we try to call pextrd with a general
register operand.
With this, we can run all currently checked in performance tests without
crashing.
Bug: chromium:1124885
Change-Id: Ide36ef94ab5f63446c725b9c2eb64be01e7fa6ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2562817
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71510}
