1. 01 Oct, 2020 26 commits
  2. 30 Sep, 2020 14 commits
    • Ng Zhi An's avatar
      [wasm-simd][arm64] Consolidate fp rounding opcodes · 19e6ead0
      Ng Zhi An authored
      Remove 8 NEON rounding opcodes, merging them into the existing float
      rounding opcodes, since the instruction used is the same, only the
      register format is different, and can be determined at codegen time.
      
      Bug: v8:10930
      Change-Id: Ice19c1e2a31f6913c748976fe3a021035a752d88
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436617Reviewed-by: 's avatarBill Budge <bbudge@chromium.org>
      Commit-Queue: Zhi An Ng <zhin@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70241}
      19e6ead0
    • Milad Fa's avatar
      PPC: [wasm-simd] Implement Bitmask operations · 88dfe1c8
      Milad Fa authored
      This CL has started using new vector instructions introduced
      in Power 9, which includes:
      
      - Move To VSR Double Doubleword
      - Vector Extract
      
      Change-Id: Ieda677b33f4aae059afb3ab94d18f044001887a5
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438956Reviewed-by: 's avatarJunliang Yan <junyan@redhat.com>
      Commit-Queue: Milad Fa <mfarazma@redhat.com>
      Cr-Commit-Position: refs/heads/master@{#70240}
      88dfe1c8
    • Ng Zhi An's avatar
      [wasm] Fix test arguments for i64.trunc_f64_s · 2d236b90
      Ng Zhi An authored
      It was incorrectly using int64 test arguments, it should be using
      double. After changing the test, it was failing for values outside of
      int64 range (UB), so check and skip those values, see
      https://source.chromium.org/chromium/chromium/src/+/master:v8/test/cctest/wasm/test-run-wasm-64.cc;l=762-767;drc=0c918bd8418b92a095885dc98ef5a939febf4069
      
      Change-Id: I2f97c3f78e197b39cbf320468daefc339844d515
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436639
      Commit-Queue: Zhi An Ng <zhin@chromium.org>
      Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70239}
      2d236b90
    • Etienne Pierre-doray's avatar
      Reland "Reland "[Heap] ScavengerCollector use Jobs."" · b376a124
      Etienne Pierre-doray authored
      This is a reland of 92f815a8
      Safe to reland as-is with task id lifetime fix in
      https://chromium-review.googlesource.com/c/v8/v8/+/2437005
      
      Original change's description:
      > Reland "[Heap] ScavengerCollector use Jobs."
      >
      > This is a reland of 9e8c54f8
      > Safe to reland as-is with fix in AcquireTaskId
      > https://chromium-review.googlesource.com/c/v8/v8/+/2401964
      >
      > Additional changes are made in the reland:
      > -TRACE_GC is be split for background/foreground scope.
      > -New IndexGenerator is used for dynamic work assignement.
      >
      > Original change's description:
      > > [Heap] ScavengerCollector use Jobs.
      > >
      > > No yielding is necessary since the main thread Join()s.
      > >
      > > max concurrency is determined based on either
      > > remaining_memory_chunks_ or global pool size
      > > (copied_list_ + promotion_list_)
      > >
      > > Change-Id: Ie30fa86c44d3224b04df5d79569bce126ce7d96b
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2354390
      > > Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
      > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#69746}
      >
      > Change-Id: Id9d7a5bf3b2337ae4cf1e76770f4b14ebb8ca256
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2399041
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70135}
      
      Change-Id: Id0451b6eca9a125c7695d251d1a7d813e0664dd3
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2432071
      Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70238}
      b376a124
    • Marja Hölttä's avatar
      [super property speed] Switch --super-ic on under --future · b2c4fec5
      Marja Hölttä authored
      This enables correctness fuzzing.
      
      Bug: v8:9237
      Change-Id: I9b8e5506cf22a482cf39e92d3d67629382ac4b39
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436539Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Commit-Queue: Marja Hölttä <marja@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70237}
      b2c4fec5
    • Mike Stanton's avatar
      [Turbofan] Never serialize CallHandlerInfo objects · abab49d9
      Mike Stanton authored
      CallHandleInfos are observed for optimizing API calls in TurboFan.
      The place to be careful is on allocation and installation of these
      objects in a FunctionTemplate. As long as store order is preserved there,
      we can safely directly access the class members.
      
      Bug: v8:7790
      Change-Id: I6acb318d01c19d97725c7218e913765c33e0d8b8
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2435096
      Commit-Queue: Michael Stanton <mvstanton@chromium.org>
      Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70236}
      abab49d9
    • Clemens Backes's avatar
      [wasm] Add a "boolean validation" mode · 43f0f49d
      Clemens Backes authored
      All instantiations of the function body decoder (validation, Liftoff,
      TurboFan) currently generate precise error messages. For Liftoff though,
      the error message and location is never used. Thus we can save some
      binary size and performance by only keeping a flag whether an error
      occured or not. In the error case, the TurboFan compiler will execute
      right afterwards anyway, generating a proper error message.
      
      As as follow-up, we can avoid storing the pc in {ValueBase} and
      {ControlBase}, because that's only used for error reporting.
      
      R=thibaudm@chromium.org
      
      Bug: v8:10969
      Change-Id: I65c46cb9d8b654f9476f2c34ca9a8dd45d6bbbc5
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436347
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarThibaud Michaud <thibaudm@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70235}
      43f0f49d
    • Jakob Gruber's avatar
      Rename legacy code kinds · 29bcdaad
      Jakob Gruber authored
      CodeKind::OPTIMIZED_CODE -> TURBOFAN
      
      Kinds are now more fine-grained and distinguish between TF, TP, NCI.
      
      CodeKind::STUB -> DEOPT_ENTRIES_OR_FOR_TESTING
      
      Code stubs (like builtins, but generated at runtime) were removed from
      the codebase years ago, this is the last remnant. This kind is used
      only for deopt entries (which should be converted into builtins) and
      for tests.
      
      Change-Id: I67beb15377cb60f395e9b051b25f3e5764982e93
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440335
      Auto-Submit: Jakob Gruber <jgruber@chromium.org>
      Commit-Queue: Mythri Alle <mythria@chromium.org>
      Reviewed-by: 's avatarMythri Alle <mythria@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70234}
      29bcdaad
    • Jakob Kummerow's avatar
      Fix Array.p.pop() for read-only length 0 · 9c55b1d6
      Jakob Kummerow authored
      Array.prototype.pop() must throw a TypeError whenever the array's
      length is readonly; there is no exception to that when the length
      is 0. This patch moves the length==0 special case after the read-
      only length check in both fast paths (CSA and C++).
      
      Fixed: v8:10908
      Change-Id: I4a77439478cffeaf11022ff8beb78b0a907290d2
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440576
      Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
      Commit-Queue: Toon Verwaest <verwaest@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70233}
      9c55b1d6
    • Jakob Kummerow's avatar
      [typedarray] Throw rather than crash when too large to sort · 6c07d6e3
      Jakob Kummerow authored
      Sorting a TypedArray with a custom compare function requires us to
      copy the array's contents to a FixedArray. When the TypedArray is
      larger than FixedArray::kMaxLength, we should throw a RangeError
      rather than crashing with an OOM message.
      
      Fixed: v8:10931
      Change-Id: I8a27cc0ac80a9172bc5e8e154fdf4ccce5974317
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440575
      Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
      Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70232}
      6c07d6e3
    • Leszek Swirski's avatar
      Revert "[serializer] Allocate during deserialization" · 74f3665c
      Leszek Swirski authored
      This reverts commit 5d7a29c9.
      
      Reason for revert: UBSan -- https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/13100
      
      Original change's description:
      > [serializer] Allocate during deserialization
      >
      > This patch removes the concept of reservations and a specialized
      > deserializer allocator, and instead makes the deserializer allocate
      > directly with the Heap's Allocate method.
      >
      > The major consequence of this is that the GC can now run during
      > deserialization, which means that:
      >
      >   a) Deserialized objects are visible to the GC, and
      >   b) Objects that the deserializer/deserialized objects point to can
      >      move.
      >
      > Point a) is mostly not a problem due to previous work in making
      > deserialized objects "GC valid", i.e. making sure that they have a valid
      > size before any subsequent allocation/safepoint. We now additionally
      > have to initialize the allocated space with a valid tagged value -- this
      > is a magic Smi value to keep "uninitialized" checks simple.
      >
      > Point b) is solved by Handlifying the deserializer. This involves
      > changing any vectors of objects into vectors of Handles, and any object
      > keyed map into an IdentityMap (we can't use Handles as keys because
      > the object's address is no longer a stable hash).
      >
      > Back-references can no longer be direct chunk offsets, so instead the
      > deserializer stores a Handle to each deserialized object, and the
      > backreference is an index into this handle array. This encoding could
      > be optimized in the future with e.g. a second pass over the serialized
      > array which emits a different bytecode for objects that are and aren't
      > back-referenced.
      >
      > Additionally, the slot-walk over objects to initialize them can no
      > longer use absolute slot offsets, as again an object may move and its
      > slot address would become invalid. Now, slots are walked as relative
      > offsets to a Handle to the object, or as absolute slots for the case of
      > root pointers. A concept of "slot accessor" is introduced to share the
      > code between these two modes, and writing the slot (including write
      > barriers) is abstracted into this accessor.
      >
      > Finally, the Code body walk is modified to deserialize all objects
      > referred to by RelocInfos before doing the RelocInfo walk itself. This
      > is because RelocInfoIterator uses raw pointers, so we cannot allocate
      > during a RelocInfo walk.
      >
      > As a drive-by, the VariableRawData bytecode is tweaked to use tagged
      > size rather than byte size -- the size is expected to be tagged-aligned
      > anyway, so now we get an extra few bits in the size encoding.
      >
      > Bug: chromium:1075999
      > Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451
      > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70229}
      
      TBR=ulan@chromium.org,jgruber@chromium.org,leszeks@chromium.org
      
      Change-Id: I2bd792a24861e8f54897e51522769b50f8f814e2
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: chromium:1075999
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440827
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70231}
      74f3665c
    • Gus Caplan's avatar
      [regexp] Refactor experimental instruction emits and labels · 1682a876
      Gus Caplan authored
      This is some general cleanup for the experimental regexp implementation.
      DeferredLabels have been merged into Labels, label APIs more closely
      resemble other parts of V8, and instruction codegen has been moved into
      its own class.
      
      Bug: v8:10765
      Change-Id: I139c0a0df30e539ee39eae70fc206e6406d898b1
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2433058Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Gus Caplan <snek@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70230}
      1682a876
    • Leszek Swirski's avatar
      [serializer] Allocate during deserialization · 5d7a29c9
      Leszek Swirski authored
      This patch removes the concept of reservations and a specialized
      deserializer allocator, and instead makes the deserializer allocate
      directly with the Heap's Allocate method.
      
      The major consequence of this is that the GC can now run during
      deserialization, which means that:
      
        a) Deserialized objects are visible to the GC, and
        b) Objects that the deserializer/deserialized objects point to can
           move.
      
      Point a) is mostly not a problem due to previous work in making
      deserialized objects "GC valid", i.e. making sure that they have a valid
      size before any subsequent allocation/safepoint. We now additionally
      have to initialize the allocated space with a valid tagged value -- this
      is a magic Smi value to keep "uninitialized" checks simple.
      
      Point b) is solved by Handlifying the deserializer. This involves
      changing any vectors of objects into vectors of Handles, and any object
      keyed map into an IdentityMap (we can't use Handles as keys because
      the object's address is no longer a stable hash).
      
      Back-references can no longer be direct chunk offsets, so instead the
      deserializer stores a Handle to each deserialized object, and the
      backreference is an index into this handle array. This encoding could
      be optimized in the future with e.g. a second pass over the serialized
      array which emits a different bytecode for objects that are and aren't
      back-referenced.
      
      Additionally, the slot-walk over objects to initialize them can no
      longer use absolute slot offsets, as again an object may move and its
      slot address would become invalid. Now, slots are walked as relative
      offsets to a Handle to the object, or as absolute slots for the case of
      root pointers. A concept of "slot accessor" is introduced to share the
      code between these two modes, and writing the slot (including write
      barriers) is abstracted into this accessor.
      
      Finally, the Code body walk is modified to deserialize all objects
      referred to by RelocInfos before doing the RelocInfo walk itself. This
      is because RelocInfoIterator uses raw pointers, so we cannot allocate
      during a RelocInfo walk.
      
      As a drive-by, the VariableRawData bytecode is tweaked to use tagged
      size rather than byte size -- the size is expected to be tagged-aligned
      anyway, so now we get an extra few bits in the size encoding.
      
      Bug: chromium:1075999
      Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70229}
      5d7a29c9
    • Michael Achenbach's avatar
      [test] Add fallback to legacy output directory · bf3adea5
      Michael Achenbach authored
      The infrastructure will soon start using the canonical build output
      location out/build. New flake bisect jobs will then be started with
      --outdir=out/build.
      
      This change picks the current out/Release or out/Debug as an
      alternative output location to be compatible with the future value
      of the flag.
      
      This code will be removed when the property change happens.
      
      This prepares:
      https://crrev.com/c/2426643
      
      Bug: chromium:1132088
      Change-Id: I1fe3bcb239b05d069a1006646bc9306a16a3cecd
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440336Reviewed-by: 's avatarLiviu Rau <liviurau@chromium.org>
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70228}
      bf3adea5