- 05 May, 2021 1 commit
-
-
Manos Koukoutos authored
Main changes: - Allow global.get in elements segments with expressions-as-elements. - Allow element segments with types other than funcref. Detailed changes: - Move WasmInitExpr to its own file. Add stream opearator << support. - Simplify type of PrintCollection. - Make WasmElemSegment use an array of WasmInitExpr's over the previous ad-hoc implementation. Move null_index to WasmModuleBuilder. - Refactor consume_element_segment_header. Make it return a WasmElemSegment. - Refactor consume_element_expr. Make it return a WasmInitExpr. - Refactor DecodeElementSection. Make it invoke consume_element_segment_header, then populate its element array. - Update module-instantiate.cc to handle global.get elements. - Fix bug in wasm-objects.cc where the wrong type index was passed into module()->has_signature() - Adapt and add tests. Change-Id: I5abfbe424dbb750ee2dca59f91c451ffcb79f95f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857959 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#74374}
-
- 05 Feb, 2021 1 commit
-
-
Paolo Severini authored
This is a reland of 6ada6a90 - Fixed a GC issue https://bugs.chromium.org/p/v8/issues/detail?id=11335: GC expected all arguments on the stack from code with CodeKind::TURBOFAN to be tagged objects. This is not the case now with inlined Wasm calls, and this information can be passed in SafepointEntry for each call site. - Disabled JS-to-Wasm inlining for calls inside try/catch. For more details, see updated doc: https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit# Bug: v8:11092 Original change's description: > Reland "Faster JS-to-Wasm calls" > > This is a reland of 860fcb1b > > - Disabled the tests for this feature in V8-lite mode (the original > change broke V8-lite tests). > - Also modified test console-profile-wasm.js that was brittle with this > change because it assumed that there was always a JS-to-Wasm wrapper > but this is not the case when the TurboFan compilation completes before > the Liftoff-compiled code starts to run. > > More changes in Patchset 8: > > - Moved inlining of the "JSToWasm Wrapper" away from simplified-lowering, > into a new phase, wasm-inlining that reuses the JSInliner reducer. > The doc > https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit# > describes the new logic. > > - Fixed a couple of small issues in wasm_compiler.cc to make sure that > the graph "JSToWasm Wrapper" subgraph has a valid Control chain; > this should solve the problem we had inlining the calls in functions > that can throw exception. Original change's description: > Faster JS-to-Wasm calls > > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/. > > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on > the basis of the signature of a Wasm function to call, and whose task > is to: > - set "thread_in_wasm_flag" to true > - convert the arguments from tagged types into Wasm native types > - calculate the address of the Wasm function to call and call it > - convert back the result from Wasm native types into tagged types > - reset "thread_in_wasm_flag" to false. > > This CL tries to improve the performance of JS-to-Wasm calls by > inlining the code of the JS-to-Wasm wrappers in the call site. > > It introduces a new IR operand, JSWasmCall, which replaces JSCall for > this kind of calls. A 'JSWasmCall' node is associated to > WasmCallParameters, which contain information about the signature of > the Wasm function to call. > > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid > generating code to convert the types for the arguments > of the Wasm function, when the conversion is not necessary. > The actual inlining of the graph generated for this wrapper happens in > the simplified-lowering phase. > > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage > lazy deoptimizations that can happen if the Wasm function callee calls > back some JS code that invalidates the compiled JS caller function. > Bug: v8:11092 Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng Change-Id: Ie052634598754feab4ff36d10fd04e008b5227a5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649777 Commit-Queue: Paolo Severini <paolosev@microsoft.com> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72541}
-
- 22 Jan, 2021 2 commits
-
-
Jakob Kummerow authored
This implements support for the following instructions: ref.func, call_ref, return_call_ref Bug: v8:7748,v8:9495 Change-Id: If5bdc2b9bc2347de056de2917430b8d9dc901c53 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2632591 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#72270}
-
Paolo Severini authored
This reverts commit 6ada6a90. Reason for revert: Revert for link issue: https://bugs.chromium.org/p/v8/issues/detail?id=11335 Original change's description: > Reland "Faster JS-to-Wasm calls" > > This is a reland of 860fcb1b > > - Disabled the tests for this feature in V8-lite mode (the original > change broke V8-lite tests) > - Also modified test console-profile-wasm.js that was brittle with this > change because it assumed that there was always a JS-to-Wasm wrapper > but this is not the case when the TurboFan compilation completes before > the Liftoff-compiled code starts to run. > > More changes in Patchset 8: > > - Moved inlining of the "JSToWasm Wrapper" away from simplified-lowering, > into a new phase, wasm-inlining that reuses the JSInliner reducer. > The doc > https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit# > describes the new logic. > > - Fixed a couple of small issues in wasm_compiler.cc to make sure that > the graph "JSToWasm Wrapper" subgraph has a valid Control chain; > this should solve the problem we had inlining the calls in functions > that can throw exception. > > > Original change's description: > > Faster JS-to-Wasm calls > > > > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/. > > > > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on > > the basis of the signature of a Wasm function to call, and whose task > > is to: > > - set "thread_in_wasm_flag" to true > > - convert the arguments from tagged types into Wasm native types > > - calculate the address of the Wasm function to call and call it > > - convert back the result from Wasm native types into tagged types > > - reset "thread_in_wasm_flag" to false. > > > > This CL tries to improve the performance of JS-to-Wasm calls by > > inlining the code of the JS-to-Wasm wrappers in the call site. > > > > It introduces a new IR operand, JSWasmCall, which replaces JSCall for > > this kind of calls. A 'JSWasmCall' node is associated to > > WasmCallParameters, which contain information about the signature of > > the Wasm function to call. > > > > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments > > of the Wasm function, when the conversion is not necessary. > > The actual inlining of the graph generated for this wrapper happens in > > the simplified-lowering phase. > > > > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage > > lazy deoptimizations that can happen if the Wasm function callee calls > > back some JS code that invalidates the compiled JS caller function. > > > > Bug: v8:11092 > > Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538 > > Reviewed-by: Igor Sheludko <ishell@chromium.org> > > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > > Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org> > > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > > Reviewed-by: Maya Lekova <mslekova@chromium.org> > > Reviewed-by: Andreas Haas <ahaas@chromium.org> > > Commit-Queue: Paolo Severini <paolosev@microsoft.com> > > Cr-Commit-Position: refs/heads/master@{#71824} > > Bug: v8:11092 > Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng > Change-Id: I7d8523fa916bf4029a31f8c7a72bbd93336dc0b9 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2596784 > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Commit-Queue: Paolo Severini <paolosev@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#72147} Tbr: ahaas@chromium.org, jgruber@chromium.org Bug: v8:11092, v8:11335 Change-Id: Iab2908928dfe7ea353f70cb5d3bf2de4d3074db6 Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2644758 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72253}
-
- 19 Jan, 2021 1 commit
-
-
Paolo Severini authored
This is a reland of 860fcb1b - Disabled the tests for this feature in V8-lite mode (the original change broke V8-lite tests) - Also modified test console-profile-wasm.js that was brittle with this change because it assumed that there was always a JS-to-Wasm wrapper but this is not the case when the TurboFan compilation completes before the Liftoff-compiled code starts to run. More changes in Patchset 8: - Moved inlining of the "JSToWasm Wrapper" away from simplified-lowering, into a new phase, wasm-inlining that reuses the JSInliner reducer. The doc https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit# describes the new logic. - Fixed a couple of small issues in wasm_compiler.cc to make sure that the graph "JSToWasm Wrapper" subgraph has a valid Control chain; this should solve the problem we had inlining the calls in functions that can throw exception. Original change's description: > Faster JS-to-Wasm calls > > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/. > > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on > the basis of the signature of a Wasm function to call, and whose task > is to: > - set "thread_in_wasm_flag" to true > - convert the arguments from tagged types into Wasm native types > - calculate the address of the Wasm function to call and call it > - convert back the result from Wasm native types into tagged types > - reset "thread_in_wasm_flag" to false. > > This CL tries to improve the performance of JS-to-Wasm calls by > inlining the code of the JS-to-Wasm wrappers in the call site. > > It introduces a new IR operand, JSWasmCall, which replaces JSCall for > this kind of calls. A 'JSWasmCall' node is associated to > WasmCallParameters, which contain information about the signature of > the Wasm function to call. > > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments > of the Wasm function, when the conversion is not necessary. > The actual inlining of the graph generated for this wrapper happens in > the simplified-lowering phase. > > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage > lazy deoptimizations that can happen if the Wasm function callee calls > back some JS code that invalidates the compiled JS caller function. > > Bug: v8:11092 > Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Commit-Queue: Paolo Severini <paolosev@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#71824} Bug: v8:11092 Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng Change-Id: I7d8523fa916bf4029a31f8c7a72bbd93336dc0b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2596784Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Paolo Severini <paolosev@microsoft.com> Cr-Commit-Position: refs/heads/master@{#72147}
-
- 17 Dec, 2020 2 commits
-
-
Nico Hartmann authored
This reverts commit 860fcb1b. Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/13831/overview Original change's description: > Faster JS-to-Wasm calls > > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/. > > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on > the basis of the signature of a Wasm function to call, and whose task > is to: > - set "thread_in_wasm_flag" to true > - convert the arguments from tagged types into Wasm native types > - calculate the address of the Wasm function to call and call it > - convert back the result from Wasm native types into tagged types > - reset "thread_in_wasm_flag" to false. > > This CL tries to improve the performance of JS-to-Wasm calls by > inlining the code of the JS-to-Wasm wrappers in the call site. > > It introduces a new IR operand, JSWasmCall, which replaces JSCall for > this kind of calls. A 'JSWasmCall' node is associated to > WasmCallParameters, which contain information about the signature of > the Wasm function to call. > > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments > of the Wasm function, when the conversion is not necessary. > The actual inlining of the graph generated for this wrapper happens in > the simplified-lowering phase. > > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage > lazy deoptimizations that can happen if the Wasm function callee calls > back some JS code that invalidates the compiled JS caller function. > > Bug: v8:11092 > Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538 > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Commit-Queue: Paolo Severini <paolosev@microsoft.com> > Cr-Commit-Position: refs/heads/master@{#71824} TBR=neis@chromium.org,ahaas@chromium.org,jgruber@chromium.org,tebbi@chromium.org,ishell@chromium.org,mslekova@chromium.org,nicohartmann@chromium.org,paolosev@microsoft.com Change-Id: I214cbdee74c1a2aaad907ffc84662ed25631983e No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:11092 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595438Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#71825}
-
Paolo Severini authored
This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/. Currently JS-to-Wasm calls go through a wrapper/trampoline, built on the basis of the signature of a Wasm function to call, and whose task is to: - set "thread_in_wasm_flag" to true - convert the arguments from tagged types into Wasm native types - calculate the address of the Wasm function to call and call it - convert back the result from Wasm native types into tagged types - reset "thread_in_wasm_flag" to false. This CL tries to improve the performance of JS-to-Wasm calls by inlining the code of the JS-to-Wasm wrappers in the call site. It introduces a new IR operand, JSWasmCall, which replaces JSCall for this kind of calls. A 'JSWasmCall' node is associated to WasmCallParameters, which contain information about the signature of the Wasm function to call. WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments of the Wasm function, when the conversion is not necessary. The actual inlining of the graph generated for this wrapper happens in the simplified-lowering phase. A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage lazy deoptimizations that can happen if the Wasm function callee calls back some JS code that invalidates the compiled JS caller function. Bug: v8:11092 Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Georg Neis (ooo until January 5) <neis@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Paolo Severini <paolosev@microsoft.com> Cr-Commit-Position: refs/heads/master@{#71824}
-
- 16 Dec, 2020 1 commit
-
-
Jakob Kummerow authored
This is useful in particular as preparation for calling this builtin from Liftoff code (where we don't have access to a Context). Bug: v8:7748 Change-Id: Ie1a10a0487a99a1e6b75693da1554d7af28e7924 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593256Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#71792}
-
- 16 Nov, 2020 1 commit
-
-
Jakob Kummerow authored
- allow arrays to be allocated in LargeObjectSpace - check requested array allocation length against maximum - fix array element offsets for pointer-typed elements - fix GC handling of arrays when there are forwarding pointers - module builder: fix rtt.sub global initializer expressions - debug printing: print "UNIMPLEMENTED" instead of crashing - WasmGCTester: make some exceptions easier to diagnose Bug: v8:7748, chromium:1141376 Change-Id: Ie0281658748f3dd5e5d90d85bab78f0ea2fc3865 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2534815Reviewed-by:
Manos Koukoutos <manoskouk@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#71208}
-
- 22 Oct, 2020 1 commit
-
-
Manos Koukoutos authored
This is a reland of 6227c95e Fixes compared to original landing: - Decode a WASM_TO_JS_FUNCTION Code object as a WASM_TO_JS frame. - Enable call_ref on WasmJSFunctions with arity mismatch. - Use builtin pointer in BuildWasmToJSWrapper, to avoid having to resolve the relocatable constant. Original change's description: > [wasm-gc] Implement call_ref on WasmJSFunction > > Changes: > - Introduce turbofan builtin WasmAllocatePair. > - Implement call_ref for WasmJSFunction in wasm-compiler.cc. > - Remove WasmJSFunction trap. > - Improve and extend call-ref.js test. > > Bug: v8:9495 > Change-Id: I8b4d1ab70cbbe9ae37887a6241d409eec638fd28 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463226 > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70535} Bug: v8:9495 Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng Change-Id: I294947059e612d417d92614a43cb7383cd5f3b92 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476314 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70719}
-
- 15 Oct, 2020 2 commits
-
-
Maya Lekova authored
This reverts commit 6227c95e. Reason for revert: Breaks Mac64 GC stress - https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8866365194967638384/+/steps/Check_-_d8/0/logs/call-ref/0 Original change's description: > [wasm-gc] Implement call_ref on WasmJSFunction > > Changes: > - Introduce turbofan builtin WasmAllocatePair. > - Implement call_ref for WasmJSFunction in wasm-compiler.cc. > - Remove WasmJSFunction trap. > - Improve and extend call-ref.js test. > > Bug: v8:9495 > Change-Id: I8b4d1ab70cbbe9ae37887a6241d409eec638fd28 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463226 > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70535} TBR=clemensb@chromium.org,manoskouk@chromium.org Change-Id: Ifad2cd8185df5e8d6766cefbcd3f28234a157dfb No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:9495 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2475735Reviewed-by:
Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#70539}
-
Manos Koukoutos authored
Changes: - Introduce turbofan builtin WasmAllocatePair. - Implement call_ref for WasmJSFunction in wasm-compiler.cc. - Remove WasmJSFunction trap. - Improve and extend call-ref.js test. Bug: v8:9495 Change-Id: I8b4d1ab70cbbe9ae37887a6241d409eec638fd28 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463226 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70535}
-
- 01 Oct, 2020 1 commit
-
-
Dan Elphick authored
CodeAssembler::Parameter now takes a Type template parameter and performs a checked cast to it. There is also UncheckedParameter which returns a TNode but doesn't check the cast. The original Parameter method is still there as UntypedParameter. Parameter<T>(x) in many cases replaces CAST(Parameter(x)), where the cast is performed inside Parameter. Since Parameter is not a macro, this means it cannot see the original expression or its file name and line number. So the error messages are vaguely useful, Parameter<T>() takes a SourceLocation parameter which with a default value of SourceLocation::Current(), which at least gives us the file name and line number for the error message. Bug: v8:6949, v8:10933 Change-Id: I27157bec7dc7462210c1eb9c430c0180217d25c1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2435106Reviewed-by:
Bill Budge <bbudge@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#70264}
-
- 21 Jul, 2020 2 commits
-
-
Manos Koukoutos authored
They have been replaced with {array,struct}.new_with_rtt. Also, rework tests that used those instructions. Bug: v8:7748 Change-Id: I2aaccb1958bf2b8d6cad4969abc612216856393d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2307318 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#68961}
-
Manos Koukoutos authored
Also remove traces of array.new_sub Bug: v8:7748 Change-Id: I96a922a16406960a80af0788e9cad5aa5692000a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2307237 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#68956}
-
- 19 May, 2020 1 commit
-
-
Bill Budge authored
Bug: v8:9891 Change-Id: I9fda15122fc4f24e237af6bfc00eb529ae37cb01 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2177512 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#67901}
-
- 13 May, 2020 1 commit
-
-
Bill Budge authored
- Rewrites the following builtins using Torque: WasmAtomicNotify WasmI32AtomicWait64 WasmI64AtomicWait64 WasmAllocateStruct - Adds some helper builtins to reduce the size of the Atomics builtins. These do multiple conversions and CSA inlines all of this code. As these are runtime calls, the call overhead should be negligible. WasmInt32ToNumber WasmUint32ToNumber Change-Id: Ie15e15a965dc383c54ae50164d83bce211178888 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2176895Reviewed-by:
Bill Budge <bbudge@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#67785}
-
- 11 May, 2020 1 commit
-
-
Clemens Backes authored
Also, rename the WASM_COMPILED frame type to just WASM. R=jkummerow@chromium.org Bug: v8:10389 Change-Id: I71f16f41a69f8b0295ba34bd7d7fad71729546f2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187613 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by:
Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#67698}
-
- 09 May, 2020 1 commit
-
-
Bill Budge authored
- Reworks it to use a builtin to GetProperty, after making sure it's an "own" property. This reduces the size of the builtin by 2/3 (from 1476 to 596 bytes on x64). Change-Id: I41c1642369f73e5322790f3091b8cea9a650a529 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2181642Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#67693}
-
- 08 May, 2020 1 commit
-
-
Jakob Kummerow authored
along with WASM_ARRAY_TYPE, a WasmArray class, and a very basic test. Bug: v8:7748 Change-Id: I1ad4ff78e428972be52130cc179a91c76fcdbdc6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185136 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#67671}
-
- 06 May, 2020 2 commits
-
-
Bill Budge authored
- Rewrites the following builtins in Torque: WasmThrow WasmRethrow WasmStackGuard WasmStackOverflow WasmTraceMemory WasmAllocateJSArray ThrowWasmTrap* builtins - Changes return type of LoadContext* functions to NativeContext, so we can more easily construct JS objects. Change-Id: Id034358f9f15e0acc58fd1f493b15d1cfd177a23 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2174830 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#67621}
-
Jakob Kummerow authored
and avoid runtime calls for struct allocation. We can load the map from the instance and do the allocation in a CSA builtin. Bug: v8:7748 Change-Id: I76dfcb6c28800d69046b3d7381d3b8ba774fbf09 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169099 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#67617}
-
- 05 May, 2020 1 commit
-
-
Bill Budge authored
- Port WasmTableGet, WasmTableSet, and WasmRefFunc to Torque. - Breaks WasmBuiltinsAssembler into .cc and .h files. Change-Id: I0f62715ce10beedabf7b4f9502c9476de9efdd5a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2175090 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#67575}
-
- 04 May, 2020 2 commits
-
-
Bill Budge authored
- Implements WasmInt32ToHeapNumber, WasmTaggedNonSmiToInt32, and WasmTaggedToFloat64 as Torque builtins. Bug: v8:10070 Change-Id: I8b16d000b5283f27f7762341e9dbbaf5ab3ebb62 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2173395Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#67544}
-
Manos Koukoutos authored
Motivation: Improve code efficiency by replacing runtime calls with manually written turbofan code where possible. Changes: - Remove the runtime functions `Runtime_WasmExceptionGetTag` and `Runtime_WasmExceptionGetValues` and replace them with turbofan code. - Introduce the builtin function `GetOwnProperty`. - Change `wasm-compiler.h` and `wasm-compiler.cc` to accomodate the new changes. - Introduce three new macros in `wasm-compiler.cc`. - Use those macros in two additional places to remove code duplication. Change-Id: I4a32f9e5f7ee55dc50cd03378a68897888ece5c8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2162905Reviewed-by:
Clemens Backes <clemensb@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#67530}
-
- 29 Apr, 2020 1 commit
-
-
Manos Koukoutos authored
Motivation: Improve code efficiency by replacing runtime calls with manually written turbofan code where possible. Changes: - Remove the runtime functions `Runtime_WasmNewMultiReturnFixedArray` and `Runtime_WasmNewMultiReturnJSArray` and replace them with turbofan code. - Introduce the builtin function `WasmAllocateJSArray`. R=clemensb@chromium.org R=ecmziegler@chromium.org R=jkummerow@chromium.org Change-Id: Idc0db39286c4242392c0422919bbc8fd7bedf2af Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2143816Reviewed-by:
Clemens Backes <clemensb@chromium.org> Reviewed-by:
Emanuel Ziegler <ecmziegler@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#67472}
-
- 23 Apr, 2020 2 commits
-
-
Bill Budge authored
- Use a builtin for the fast path of Wasm RefFunc. - Simplify the runtime function by passing instance as first argument. Change-Id: I5f6993cae21a878cee21a391a25c4d574243058b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144533 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#67346}
-
Bill Budge authored
- Use the new builtin to convert f32 to Number, rather than changing to f64, then calling f64 to Number. Bug: v8:10070 Change-Id: I9a0660af8f5e517c2c6691d57d665b7e6316a51b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2111714 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#67342}
-
- 21 Apr, 2020 2 commits
-
-
Bill Budge authored
- Reworks the builtins WasmTableGet and WasmTableSet to do the fast path, instead of generating this inline in wasm-compiler. Change-Id: I0a47c09d6f4f6d81c7b362f6f45e95b19e3edf86 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135864 Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#67296}
-
Bill Budge authored
- Adds builtins to convert between Int32/Float64 and JS Number. - WasmInt32ToHeapNumber (bypass SMI test) - WasmFloat64ToNumber - Adds builtins to convert between Tagged and Int32/Float64. - WasmTaggedNonSmiToInt32 (bypass SMI test) - WasmTaggedToFloat64 - Uses these builtins in Wasm import and export wrappers instead of generating the equivalent code inline. Results of running Wasm/import-export-wrappers.js Benchmark: https://docs.google.com/document/d/1QIB0xnqdJFRsOJKQYZ8DZgzWn4WysybgugbcO0sYcQA/edit?usp=sharing NOTE: CL will need to be rebased after linkage fix lands. Bug: v8:10070 Change-Id: Ib34507fcd18bdf80938b5707310a5a4f76cdec72 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2099445Reviewed-by:
Andreas Haas <ahaas@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#67292}
-
- 23 Mar, 2020 1 commit
-
-
Clemens Backes authored
The behaviour was clarified in the spec: https://github.com/WebAssembly/exception-handling/pull/97 br_on_exn (which was done in another CL) and also rethrow should trap on nullptr. This CL implements this by an explicit check in the builtin called for rethrow. R=jkummerow@chromium.org CC=aheejin@chromium.org Bug: v8:10128 Change-Id: Icb0f4e54991b3385917bf183efa825048db4cb82 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2115430 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#66827}
-
- 19 Mar, 2020 2 commits
-
-
Andreas Haas authored
This CL introduces a CSA builtin for the TableCopy instruction. This builtin allows to generate smaller code for both TurboFan and Liftoff, and easier code generation from Liftoff. The smaller code size comes from: * Parameters are passed through registers, not the stack. * Lower number of parameters: the call target, number of parameters, and context are not passed as parameters. * No int to smi conversion in generated code. R=clemensb@chromium.org Bug: v8:10281 Change-Id: I4734b94c8a2aff08a5938504e3e36d0d2424f8ca Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2110010 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#66797}
-
Andreas Haas authored
This CL introduces a CSA builtin for the TableInit instruction. This builtin allows to generate smaller code for both TurboFan and Liftoff, and easier code generation from Liftoff. The smaller code size comes from: * Parameters are passed through registers, not the stack. * Lower number of parameters: the call target, number of parameters, and context are not passed as parameters. * No int to smi conversion in generated code. The CL also introduces a small CSA function which takes an uint32 value and a max value as parameters and returns a Smi of the minimum of these two. R=clemensb@chromium.org, ishell@chromium.org Bug: v8:10281 Change-Id: I40f248c20ec76e6ae9483a5e2907a68f42f2cb04 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2106201 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#66792}
-
- 02 Mar, 2020 1 commit
-
-
Andreas Haas authored
Stack parameters in the StubCallDescriptor were set to the wrong type. I changed it now so that for stack parameters that are specified in the CallInterfaceDescriptor, type specified type is used. All other parameters are assumed to be tagged, as it has been until now. Original change's description: > [wasm] Refactor AtomicWait implementation > > The existing implementation included aspects that are not > straight-forward to implement in Liftoff and seemed inefficient: > * Convert the timeout in WebAssembly code from I64 to F64, just to > convert it back in the runtime. > * On 32-bit platforms this conversion needs an additional C-call. > * Split the I64 expected value from I64 into two I32 values in the > wasm-compiler. > * Ideally the int64-lowering takes care of 32-bit specific handling. > > With this CL the timeout and the expected value are passed as I64 to > the runtime (a builtin moves the I64 into a bigint for that). The > int64-lowering takes care of 32-bit platforms. There are special > builtins for 32-bit platforms, but they are written such that ideally > also the int64-lowering could create them. Bug: v8:10108 Change-Id: Ib87b543666708457c0d686208a86e46cdca3f9a2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2080362Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#66533}
-
- 28 Feb, 2020 2 commits
-
-
Sathya Gunasekaran authored
This reverts commit 77d4e230. Reason for revert: verify csa build bot broken https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20verify%20csa/16218? Original change's description: > [wasm] Refactor AtomicWait implementation > > The existing implementation included aspects that are not > straight-forward to implement in Liftoff and seemed inefficient: > * Convert the timeout in WebAssembly code from I64 to F64, just to > convert it back in the runtime. > * On 32-bit platforms this conversion needs an additional C-call. > * Split the I64 expected value from I64 into two I32 values in the > wasm-compiler. > * Ideally the int64-lowering takes care of 32-bit specific handling. > > With this CL the timeout and the expected value are passed as I64 to > the runtime (a builtin moves the I64 into a bigint for that). The > int64-lowering takes care of 32-bit platforms. There are special > builtins for 32-bit platforms, but they are written such that ideally > also the int64-lowering could create them. > > R=jkummerow@chromium.org, binji@chromium.org > > Bug: v8:10108 > Change-Id: I2dbba5839779961b1c5bde4c23fc3f38f1895a52 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2071867 > Commit-Queue: Andreas Haas <ahaas@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Ben Smith <binji@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66497} TBR=binji@chromium.org,jkummerow@chromium.org,ahaas@chromium.org,clemensb@chromium.org Change-Id: If284aa07eedddd2fbea4df8c53c7d371cac1d42e No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10108 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2080250Reviewed-by:
Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#66498}
-
Andreas Haas authored
The existing implementation included aspects that are not straight-forward to implement in Liftoff and seemed inefficient: * Convert the timeout in WebAssembly code from I64 to F64, just to convert it back in the runtime. * On 32-bit platforms this conversion needs an additional C-call. * Split the I64 expected value from I64 into two I32 values in the wasm-compiler. * Ideally the int64-lowering takes care of 32-bit specific handling. With this CL the timeout and the expected value are passed as I64 to the runtime (a builtin moves the I64 into a bigint for that). The int64-lowering takes care of 32-bit platforms. There are special builtins for 32-bit platforms, but they are written such that ideally also the int64-lowering could create them. R=jkummerow@chromium.org, binji@chromium.org Bug: v8:10108 Change-Id: I2dbba5839779961b1c5bde4c23fc3f38f1895a52 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2071867 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Ben Smith <binji@chromium.org> Cr-Commit-Position: refs/heads/master@{#66497}
-
- 28 Nov, 2019 2 commits
-
-
Michael Starzinger authored
This makes sure that proper checked casts (i.e. {CAST} instead of the unsafe {UncheckedCast} before) are used for all WebAssembly runtime stubs. This is possible because the corresponding builtins are embedded and hence can use proper assertion mechanisms. R=clemensb@chromium.org BUG=v8:10021 Change-Id: I344ae8ba7dd4c5d3f5dc2467f7d58b93517d9af7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940264 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#65236}
-
Michael Starzinger authored
This removes the aforementioned untyped method and switches all users to the typed TNode<> version. Those versions now contain proper checks to compare the static information against the return count and types stored in the call descriptor. R=leszeks@chromium.org BUG=v8:10021 Change-Id: I393ea6211babc100e007fb1678877d36efa7bbf7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939753Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#65225}
-
- 20 Nov, 2019 1 commit
-
-
Deepti Gandluri authored
Bug: chromium:1010272 Change-Id: Ifc7ed5ff66b84e889668fd0820cea1d5b6af328f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925809Reviewed-by:
Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#65060}
-
- 08 Nov, 2019 1 commit
-
-
Michael Starzinger authored
This removes the support to emit runtime calls in Liftoff code and uses WebAssembly runtime stubs instead. Calls to such stubs are smaller and more efficient. They also use embedded builtins directly instead of the on-heap {Code} object trampolines. This also removes the last use of a runtime call that passes a dynamically loaded CEntry builtin from the macro assembler. R=clemensb@chromium.org Change-Id: I9fa9f3b7a2b66cb76a677b70ce3cee49cb340f0f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903443 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#64855}
-