The issue is with this pattern, assuming disjoint uses for all vregs:
phi: v1 = v0 ...
phi: v2 = v0 ...
phi: v3 = v0 ...
...
phi: vN = v0 ...
For every phi, BuildBundles proceeds as follows:
- Create a new bundle for the output
- Merge the input bundle into the output bundle
Since the bundle gets bigger at every iteration, the merges become more
and more expensive and consume Zone memory that is immediately thrown
away at the next iteration.
A simple fix is to check the size of the bundles before merging and
always copy the smallest one into the biggest. In the pattern above this
should always copy the single-range output bundle into the large input
bundle.
R=sigurds@chromium.org
Bug: v8:11237
Change-Id: I6ad9152035da698d94b02b5b41802545ba149307
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584879
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71714}
When Liftoff bails out, the function ExecuteLiftoffCompilation performs
an early return before updating the "counters" data structure with the
bailout reason. The early return was introduced in
https://chromium-review.googlesource.com/c/v8/v8/+/2423710.
We should just drop it again, as there is another
"if (did_bailout()) return" right after updating the counters.
Bug: v8:11259
Change-Id: Ia7f72c3a7eda4252a5a4450646427edb26130996
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584880
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71713}
The gc_in_progress flag was reset to false only after sweeping was done.
As a result, if we call CollectGarbage during an incremental GC and
after marking has finished, the we will observe that a gc is still in
progress but will not have a marker and crash.
The immediate solution is to move resetting the gc_in_progress flag such
that it indicates whether we didn't have the atomic pause yet. That
means we could have gc_in_progress==false and incremental sweeping still
running, which semantically negates the meaning of gc_in_progress.
Observing that gc_in_progress essentially becomes equivalent to having a
marker, this CL removes the gc_in_progress flag and replaces checks on
it with checks on marker.
Bug: chromium:1156170
Change-Id: Ic4b441ec248b5f7e222e988870e46d5166dd4dcc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584875
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71712}
Using the config of one of the builders that catched the chromium:1138115 issue; compile only.
Bug: chromium:1142484
Change-Id: I4ad19a7c32819a3a8306fa169d3c8ec0ffb47a8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584874
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71711}
Add a method that returns the microtask queue that is being used
by the `v8::Context`.
This is helpful in non-monolithic embedders like Node.js, which
accept Contexts created by its own embedders like Electron, or
for native Node.js addons. In particular, it enables:
1. Making sure that “nested” `Context`s use the correct microtask
queue, i.e. the one from the outer Context.
2. Enqueueing microtasks into the correct microtask queue.
Previously, these things only worked when the microtask queue for
a given Context was the Isolate’s default queue.
As an alternative, I considered adding a way to make new `Context`s
inherit the queue from the `Context` that was entered at the time
of their creation, but that seemed a bit more “magic”, less flexible,
and didn’t take care of concern 2 listed above.
Change-Id: I15ed796df90f23c97a545a8e1b30a3bf4a5c4320
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2579914
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71710}
next_enumeration_index is the next free index available to store a
property. ObjectDescriptor tracks this field while instantiating the
literal and updates the next_enumeration_index when finalizing the
instantiation. When adding new properties (named / computed) we were
updating this value to the current value that is being used instead
of next free index. This cl fixes it.
Bug: chromium:1152231
Change-Id: Ica8c36dcabf035db559e29d4573ecd5e53d6062a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2577463
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71709}
movd/movq moves from/to 32/64 bit operand to xmm, the disasm was
incorrect printing both operands as xmm.
Was: "movd xmm2,xmm10"
Now: "movd xmm2,r10"
Change-Id: I4061257da763efd3493a3fd5875dc116296e1737
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2585258
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71708}
Implementation is almost identical to x64, except that in the
instruction-selector, for AVX, we allow the second operand to
be a slot, and so we use InputOperand in the codegen.
Bug: v8:11008
Change-Id: I5b5ea4b5058dc0bf5ff1c24a67f9b787c5312106
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2576887
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71705}
This reverts commit cddaf66c37.
Reason for revert: Multiple fuzzer failures
TBR=neis@chromium.org,ahaas@chromium.org
Original change's description:
> [compiler][wasm] Align Frame slots to value size
>
> - Adds an AlignedSlotAllocator class and tests, to unify slot
> allocation. This attempts to use alignment holes for smaller
> values.
> - Reworks Frame to use the new allocator for stack slots.
> - Reworks LinkageAllocator to use the new allocator for stack
> slots and for ARMv7 FP register aliasing.
> - Fixes the RegisterAllocator to align spill slots.
> - Fixes InstructionSelector to align spill slots.
>
> Bug: v8:9198
>
> Change-Id: Ida148db428be89ef95de748ec5fc0e7b0358f523
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2512840
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71644}
TBR=bbudge@chromium.org,neis@chromium.org,ahaas@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9198
Change-Id: Ib26d016df6f30f333d30b5ac14eed9630bba8252
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584200
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71703}
a few unused functions
Drive-By: Also clean up LoadSimd128 as LoadV128 and remove
Change-Id: I4cdee0fcb1e153309492026b4334af27afba7ec1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2584442
Commit-Queue: Junliang Yan <junyan@redhat.com>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71701}
This commit updates the gen-postmortem-metadaa.py script to
incorporate changes in V8 8.5. This removes the need to float a
patch to the script in Node.js.
Change-Id: I6532495bee906f51eb2b773ec38ff0a6e404dafe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2582705
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/master@{#71699}
Add fields to HeapOptions to denote on heap creation that the heap does
not support incremental/concurrent marking/sweeping.
This only applies to standalone heaps.
When triggering a GC (either explicitly or by the heap growing
heuristics), the given config is limited to not trigger unsupported
marking/sweeping types.
Bug: chromium:1156170
Change-Id: Id7b5cf82962e7c40920f942df9415d798e2b6686
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2581961
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71698}
The NativeModule should not die before the WasmEngine, since state owned
by the engine will still be accessed in the destructor of the
NativeModule.
This CL ensures that by moving the OperationsBarrier from the
CompilationStateImpl to the NativeModule.
R=thibaudm@chromium.org, etiennep@chromium.org
Bug: v8:11250, v8:11243
Change-Id: Ic4d69222e9e6076578c35986b0051817dbd8dbef
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2581959
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71696}
So far we reported the script ID, but DevTools ignores that and uses the
source url instead. That url was just set to "wasm ", which the frontend
couldn't make any sense of.
This CL fixes this by passing the source URL to the code create event,
and also setting the position of the code inside the script (i.e.
wasm module).
R=thibaudm@chromium.org, petermarshall@chromium.org
Bug: chromium:1125986
Change-Id: Ic41dcd2768c60fd6748468d3a89fc4ffccb35932
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2581543
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71695}
Function prototypes can be lazily allocated. This means they go into the
temporary objects set that debug-eval uses to figure out if a write
will be side-effect free.
We were incorrectly classifying writes to function prototypes as
side-effect free because the prototype happened to be lazily allocated
when we first accessed it during debug-eval, but was actually reachable
from the function (not allocated temporarily).
To do this we introduced a way to temporarily turn off the temporary
object tracking, and we use it when lazily allocating function
prototypes.
This could mean that we incorrectly report side-effects when writing to
function prototypes for functions which were themselves created during
debug-eval side-effect free mode. However, it's unclear if this is a
problem, because function declarations set global variables which would
already throw due to side-effects.
Bug: chromium:1154193
Change-Id: I444a673662095f6deabaafdce3cdf3d86b71446d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2581968
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71692}
Add new macro-assembler instructions that can handle both AVX and SSE.
In the SSE case it checks that dst == src1. (This is different from that
the AvxHelper does, which passes dst as the first operand to AVX
instructions.)
Sorted SSSE3_INSTRUCTION_LIST by instruction code.
Header additions are added by clangd, we were already using something
from those headers via transitive includes, adding them explicitly gets
us closer to IWYU.
Codegen sequences are from https://github.com/WebAssembly/simd/pull/380
and also
https://github.com/WebAssembly/simd/pull/380#issuecomment-707440671.
Bug: v8:11086
Change-Id: I4c04f836e471ed8b00f9ff1a1b2e6348a593d4de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2578797
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71688}
SSE2_INSTRUCTION_LIST is unchanged, just sorting by the opcode.
Added ucomisd to the SSE2_UNOP_INSTRUCTION_LIST.
The disassembly for these instructions were mixed with some other
special cases, extracted those out into their own clauses.
Bug: v8:11074
Change-Id: I34871d4bff79d714c006eb5fd96225f7589cf115
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2576886
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71687}
Implement vclt and add some assembler tests.
Bug: v8:10983
Change-Id: I78c701180ddc90af4b59db86a25188f281167366
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2575783
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71685}
Prototype v128.{load,store}{8,16,32,64}_lane on arm.
Code for instruction selector is put in comments, will be moved
into instruction-scheduler-ppc.cc once we mark it as implemented
under instruction-scheduler.cc.
Bug: v8:10975
Change-Id: I43be8f32d0324ffb34220889365340e319fbb9d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2581622
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71683}
Looks like this was accidentally added in https://crrev.com/c/979952.
The file is not loaded by any other test, hence we don't need the
dependency.
R=machenbach@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_android_arm64_n5x_rel_ng
Change-Id: I02f25924980c02e6091bd5d275763adb66bd0b27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2578977
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71682}
We currently report "wasm " as the source URL on all wasm code, with no
position information. This will change in a follow-up CL. To make that
difference visible, extend a test to show the URL and position reported
for wasm code.
R=thibaudm@chromium.org
Bug: chromium:1125986
Change-Id: I09f1820d591f27c1ff3c2acb41f8e279ac08a9e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2575071
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71680}
Since there is no dependence defined in gn, the other file will not be
uploaded to android devices for testing.
We could add this dependence, but not selectively for the one test which
actually needs that dependence. Hence fix it by duplicating the test
body instead.
R=mslekova@chromium.orgCC=machenbach@chromium.org
Change-Id: Ic65eea05a865cf4f521f66e293c4725bc2861444
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2577475
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71679}
This includes a fix to issue 1156334.
BUG: chromium:1156334
Change-Id: I27a97436d7a1ed567077495846dc6260ca3f2340
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2580408
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Andrey Kosyakov <caseq@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71678}
Diamond patterns need to be chained to the current control node. This
was not done consistently in wasm code, particularly the parts
implementing asm-js specific instructions.
Additionally, the graph structure for BuildI32AsmjsDivS is improved.
Change-Id: I4a17e431b5795c197bf56dd034ff5e7d95dd6db0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2578982
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71677}
Seems after an OS upgrade the dimension Mac-11 doesn't work anymore as
swarming captures it only under Mac-11.0.
No-Try: true
Bug: chromium:1156547
Change-Id: If3f975c0aa6f8930634681c5cb05e3fdf58f322b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2579922
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71676}
Add new instruction vpaddl for signed and unsigned integers, adding
assembler, disassembler, simulator support, and also tests.
The signed and unsigned opcodes for vpaddl are separate enums, because
the helper EncodeNeonUnaryOp only takes a NeonSize (not NeonDataType). I
considered changing the signature, but none of the other instructions
use a NeonDataType, so it seems unnecessary.
Bug: v8:11086
Change-Id: I5e6694ae407779c1fd3604c5a40ca0a1b6ce061b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2578233
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71671}
Add a new option to disassembler NEON size encoded in instructions with
two registers, 'size2. Rename the current only to 'size3.
Clean up existing operations to use this new formatting option.
Bug: v8:11074
Change-Id: Ie309d93d24602439c3293c8bbfd6c2ecbc9fdfb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2575786
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71670}
The GDB-stub for Wasm debugging (which builds with the flag
v8_enable_wasm_gdb_remote_debugging) doesn't build anymore after a few changes
in the interface of wasm::DebugInfo.
This CL fixes the build, and also adds a few small changes to the protocol.
Change-Id: I250a8c86fd83048434e68cbdc5cb8ae243577393
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2571341
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#71669}
As an example, kEagerWithResumeDeoptExitSize is always expected to
emit a 6 byte instruction "brcl", however, if the branch offset
is small enough, brc (a 4 byte instruction) might get emitted.
We need a way to force the emission of brcl at times like above.
Change-Id: Ic42c1ad80098067df6a0049bdde20e90f12ef1b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2578061
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71668}
Currently, GetConsName incorrectly includes the null terminator as part
of the length used in the string's hash. Exclude this to be consistent
with GetCopy, GetName, etc. and permit coalescing.
Bug: v8:0
Change-Id: I1e8a4eb7055637f3ed178014725b44e84d7788b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2578192
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Cr-Commit-Position: refs/heads/master@{#71667}
Prototype v128.{load,store}{8,16,32,64}_lane on Big Endian machines.
Lood/Stores need to be reversed manually on BE machines and as such
LoadLane and StoreLane opcodes cannot be done in a single instruction.
Therefore we divide them into separate "Load/Store" and "operation"
nodes.
Bug: v8:10975
Change-Id: If21c9663de41b872fe035d15526830f244605c48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2577820
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71665}
