This loads references to {null} values from the instance object instead
of embedding them into the generated code. It is one step towards making
the {WasmCode} objects independent of the Isolate.
Note that this also fixes an issue with the serializer/deserializer that
failed to properly serialize {null} values and accidentally collapsed
them to {undefined} values instead.
R=ahaas@chromium.org
TEST=mjsunit/regress/wasm/regress-7785
BUG=v8:7424,v8:7785
Change-Id: Ie436c2d96890e7c8c89ffe2bd4189a759254775b
Reviewed-on: https://chromium-review.googlesource.com/1070981
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53352}
This adds basic support to emit IA disassembly to the json files
digested by turbolizer.
Change-Id: I8964c2f44565e8242e09c9be879c7db2654b65b6
Reviewed-on: https://chromium-review.googlesource.com/1071669
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53351}
This addresses one of the major remaining slowdowns with embedded
builtins on x64.
When generating code for a call to a builtin callee from a builtin
caller, we'd look up the Code target object from the builtins constant
list, calculate the location of the first instruction, and jump to it.
Note that for embedded builtin callees, the Code object is itself only
a trampoline to the off-heap code and thus an additional indirection.
An example of the call sequence in pseudo-asm:
// Load from the constants list.
mov reg, [kRootPointer, kBuiltinsConstantListOffset]
mov reg, [reg, offset_of_the_code_constant]
// Calculate first instruction and call it.
add reg, Code::kHeaderOffset
call reg
// The trampoline forwards to the off-heap area.
mov kOffHeapTrampolineRegister, <off-heap instruction_start>
jmp kOffHeapTrampolineRegister
This CL changes calls to embedded builtin targets to use pc-relative
addressing. This reduces the above instruction sequence to:
call <pc-relative offset to target instruction_start>
Embedded-to-embedded calls jump directly to the embedded instruction
stream, bypassing the trampoline. Heap-to-embedded calls (and all
calls to heap-builtins) use pc-relative addressing targeting the
on-heap Code object.
Other relevant platforms (arm,arm64,mips,mips64) do not use pc-relative
calls. For these, we'll need a different solution, e.g. a table of
embedded builtin addresses reachable from the root pointer, similar to
the external reference table.
Bug: v8:6666
Change-Id: Ic0317d454e2da37d74eaecebcdfcbc0d5f5041ad
Reviewed-on: https://chromium-review.googlesource.com/1068732
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53349}
Port ea7499f5da
Original Commit Message:
Currently, we context allocate all parameters for generators.
With this CL, we keep arguments on stack (unless they escape to inner
closure) and copy them between the stack and the generator's register
file on suspend/resume. This will save context allocation in most cases.
- Suspend copies arguments and registers to the generator.
- Resume copies only the registers from the generator, the arguments
are copied by the ResumeGenerator trampoline.
R=jarin@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I4a22024ce4e29a4e0217697a3b53b1c7bba0ddf1
Reviewed-on: https://chromium-review.googlesource.com/1072309
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#53348}
At the moment, WebAssembly.instantiate(bytes) is implemented by
desugaring it to WebAssembly.compile(bytes).then(WebAssembly.instantiate).
The problem is that the {then} in this snippet is observable. With this
CL I introduce a CompilationResultResolver which allows to do the
desugaring internally and thereby make the {then} unobservable.
Unfortunately the result of WebAssembly.instantiate(bytes) is different
than the result of WebAssembly.instantiate(module). Therefore I also
introduced an InstantiationResultResolver for symmetry with
WebAssembly.compile.
R=mstarzinger@chromium.org
Bug: chromium:837417
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2d98e03d65f2ada19041d5a9e2df5da91b24ccca
Reviewed-on: https://chromium-review.googlesource.com/1059783
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53347}
Implement lowering for simd operations I32x4ConvertI16x8 and
I16x8ConvertI8x16. Also, remove skip tests from status files that
were overriden when tests were renamed.
TEST=cctest/test-run-wasm-simd/RunWasm_I16x8ConvertI8x16_turbofan
Change-Id: If428f5039a32995c8ee64294c936419173a87aa7
Reviewed-on: https://chromium-review.googlesource.com/1069007
Reviewed-by: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53343}
Aseem is the main auther of simd-scalar-lowering and should therefore be
able to lgtm changes to that file.
No-Try: true
No-Tree-Checks: true
R=titzer@chromium.orgCC=aseemgarg@chromium.org
Change-Id: If62d895fb18e8fd59735fec63faa38ca7a6598c5
Reviewed-on: https://chromium-review.googlesource.com/1070984
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53342}
The RelocInfo::RUNTIME_ENTRY relocation mode is only used for deopt
points in JavaScript code and should never appear in WebAssembly code.
R=titzer@chromium.org
Change-Id: Ied1d61e2b1eb886565d13448442dd6a6ed35d3f0
Reviewed-on: https://chromium-review.googlesource.com/1070197
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53340}
This CL completely removes the C++ builtin implementation of the
DataView.prototype.buffer, DataView.prototype.byteLength, and
DataView.prototype.byteOffset getters, and moves them to
a Torque implementation (that still relies on a bit of CSA).
Change-Id: Id46678ae709c3787b7b93d0f78bd2a6e16e00f7b
Reviewed-on: https://chromium-review.googlesource.com/1070369
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53339}
The slow test tests SmiLexicographicCompare on a large number of Smi comparisons;
we can disable this test for some debug/noopt builds without losing much coverage.
Bug: v8:7783
Change-Id: Iab40e596604bb957b4d3312073ad85dbac08c6a0
Reviewed-on: https://chromium-review.googlesource.com/1068190
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53333}
We store deopt inline frames for all functions when we receive the code
creation event. We only ever use this information for code which is
deoptimized. Given that we receive code deopt events, we can just store
this information when the code is deoptimized.
At the time of the code deopt event, we also know the associated
deopt_id. That means we don't need to store a map of deopt_ids to
vectors of frames, because we will only ever access the frames for the
deopt_id that is already set.
This means we store way less data, particularly for long-running
processes which see fewer deopts. This saves 10MiB peak memory on the
node server example.
Bug: v8:7719
Change-Id: If6cf5ec413848e4c9f3c1e2106366ae2adae6fb1
Reviewed-on: https://chromium-review.googlesource.com/1050289
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53330}
This distinction doesn't matter, they aren't treated any differently to
other strings.
Change-Id: I524a0a1c4089284af97aa507afc5bd5985fe6631
Reviewed-on: https://chromium-review.googlesource.com/1071628
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53329}
Moving them away was a mistake. Fixing this enables getting rid of a bunch of
includes.
BUG=v8:5402
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I5482eab4281c7450350f058fe0a04a6f375ea082
Reviewed-on: https://chromium-review.googlesource.com/1070188
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53328}
Currently, we context allocate all parameters for generators.
With this CL, we keep arguments on stack (unless they escape to inner
closure) and copy them between the stack and the generator's register
file on suspend/resume. This will save context allocation in most cases.
Note: There is an asymmetry between suspend and resume.
- Suspend copies arguments and registers to the generator.
- Resume copies only the registers from the generator, the arguments
are copied by the ResumeGenerator trampoline.
Bug: v8:5164
Change-Id: I6333898c60abf461b1ab1b5c6d3dc7188fa95649
Reviewed-on: https://chromium-review.googlesource.com/1063712
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53327}
The timeout in the test is close to execution time in debug mode so it
fails occasionally. The test is measuring array slice algorithm
performance but changes unrelated to it affect the test result in debug
mode, therefore it should be skipped.
BUG=v8:7726
TEST=regress/regress-165637
Change-Id: Ib330d8e3c0d3f6a1150ccb59b60d17a41b87df87
Reviewed-on: https://chromium-review.googlesource.com/1071576
Commit-Queue: Miran Karić <miran.karic@mips.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53326}
Removes uses of HeapObject::GetIsolate()/GetHeap() from
VerifyPointersVisitor by adding it to the visitor at construction time.
Bug: v8:7786
Change-Id: I28388f2eadbaf9947eafe0c62492c9a4781be250
Reviewed-on: https://chromium-review.googlesource.com/1071575
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53325}
This adds basic support to emit wasm disassembly to the json files
digested by turbolizer.
Change-Id: Icd8fc92e9539dc336879ef6da76e31890b95e40e
Reviewed-on: https://chromium-review.googlesource.com/1069275
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53323}
This CL uses the new function pointers and generic features of Torque
to improve the performance of TypedArray.p.sort.
Instead of one Load/Store builtin that dispatches at runtime based on
the element kind, there are now many small builtins (one for each
element kind). The sorting algorithm then uses function pointers to
those small builtins, which get set once.
Changes in the relevant benchmarks:
Benchmark Original (JS) Current This CL
IntTypes 83.9 202.3 240.7
BigIntTypes 32.1 47.2 53.3
FloatTypes 99.3 109.3 129.3
Bug: v8:7382
Change-Id: I8684410524d546615b19f6edcbfdc615068196aa
Reviewed-on: https://chromium-review.googlesource.com/1070069
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53322}
Instead use the canonical empty fixed array. Some code assumes
that this is the only fixed array of length 0.
Bug: chromium:843062
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: If780acf50147c061a81f2ff2b31779fbd1c78559
Reviewed-on: https://chromium-review.googlesource.com/1064052
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53320}
The patch makes it manage a free list of released code_entries_ slots,
and reuse the slots as needed.
BUG=v8:7719
Change-Id: I07df1ce983fe00e0ca3d1a1ea20e1a141aabad99
Reviewed-on: https://chromium-review.googlesource.com/1062769
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53314}
This CL adds a baseline Torque implementation of the DataView getters
and setters.
Right now, the Torque code just calls the C++ implementation, which
has moved to runtime.
Change-Id: Ic96fde7ea908c628af9586e84511037c237c4d3b
Reviewed-on: https://chromium-review.googlesource.com/1061520
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Théotime Grohens <theotime@google.com>
Cr-Commit-Position: refs/heads/master@{#53312}
Since the StubCache it's cleared at the end of the GC, it doesn't
matter if it contains weak or strong pointers.
BUG=v8:7308
Change-Id: Ib141e3d411523c67ccb8f8979845a88488d6e4ee
Reviewed-on: https://chromium-review.googlesource.com/1064053
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53311}
This CL replaces the default ConsoleErrorListener with a custom one.
The only difference is that the error message now also includes
the file name where the lexer/parser error happened.
R=tebbi@chromium.org
Change-Id: Ifa22501a55066b82b32234c76df180db41ee8b62
Reviewed-on: https://chromium-review.googlesource.com/1069137
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53309}
This CL stops torque from crashing when a function pointer call site
uses wrong parameters.
R=tebbi@chromium.org
Change-Id: If097d0882ca5370e525097c68014f7ec051b3fe8
Reviewed-on: https://chromium-review.googlesource.com/1068181
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53308}
Also mark another slow tests as SLOW.
TBR=jgruber@chromium.org
Bug: v8:7783
Change-Id: I69a8ac82e7898fa3b374c5b66a441f040d241413
Reviewed-on: https://chromium-review.googlesource.com/1069093
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53306}
This is based on https://chromium-review.googlesource.com/c/v8/v8/+/940174.
It is fine to use the more complex addressing modes here because our
poisoning does not poison indexes anymore (it poisons value instead).
Bug: chromium:839789
Change-Id: I818a060f835f7dea842cb855d077e871a95b2c01
Reviewed-on: https://chromium-review.googlesource.com/1065773
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53303}
