1. 19 Aug, 2020 1 commit
    • Ng Zhi An's avatar
      [wasm-simd] Fix bounds check for load extends · a85b5a63
      Ng Zhi An authored
      Load extends always load 8 bytes, so the access size does not depend on
      MachineType of the load. The MachineType is used for classifying the
      lane shape of the 8-byte load.
      
      Also add cctest to load splats and load extends to test OOB. (Note that
      load splats access size depends on MachineType).
      
      Add regression test from clusterfuzz, minimized by ahaas@. Remove the
      `--no-wasm-trap-handler` flag since we have a no_wasm_traps variant that
      should test this flag.
      
      Bug: chromium:1116019
      Change-Id: I27ba051d0536ca0f6fd75dd641ca9b78132dafed
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2363291
      Commit-Queue: Zhi An Ng <zhin@chromium.org>
      Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69489}
      a85b5a63
  2. 14 Aug, 2020 1 commit
  3. 13 Aug, 2020 1 commit
  4. 05 Aug, 2020 2 commits
    • Manos Koukoutos's avatar
      [wasm-gc] Allow reference types to function signatures · a61aaed9
      Manos Koukoutos authored
      Changes:
      - Remove restriction that function types cannot be used as ref types.
      - Introduce WasmModule::has_type().
      - Remove deferred signature checks in module-decoder. Instead, check if
        type indices are out of bounds in consume_value_type (was bugged
        before).
      - Remove obsolete GetCanonicalRttIndex.
      - Refine type of ref.func.
      - Statically check immediate type against table type for call_indirect.
      - Dynamic check for call_indirect should only happen when for funcref
        (currently the only function supertype).
      - Allocate a different map per function signature (with Map::Copy).
      - Introduce function type equivalence and (trivial) subtyping.
      - Add a few elementary tests.
      
      Bug: v8:7748
      Change-Id: If57d0bfd856c9eb3784191f3de423f53dfd26ef1
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335190
      Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69250}
      a61aaed9
    • Jakob Gruber's avatar
      [nci] Replace CompilationTarget with a new Code::Kind value · c51041f4
      Jakob Gruber authored
      With the new Turbofan variants (NCI and Turboprop), we need a way to
      distinguish between them both during and after compilation. We
      initially introduced CompilationTarget to track the variant during
      compilation, but decided to reuse the code kind as the canonical spot to
      store this information instead.
      
      Why? Because it is an established mechanism, already available in most
      of the necessary spots (inside the pipeline, on Code objects, in
      profiling traces).
      
      This CL removes CompilationTarget and adds a new
      NATIVE_CONTEXT_INDEPENDENT kind, plus helper functions to determine
      various things about a given code kind (e.g.: does this code kind
      deopt?).
      
      As a (very large) drive-by, refactor both Code::Kind and
      AbstractCode::Kind into a new CodeKind enum class.
      
      Bug: v8:8888
      Change-Id: Ie858b9a53311b0731630be35cf5cd108dee95b39
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336793
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69244}
      c51041f4
  5. 03 Aug, 2020 1 commit
  6. 28 Jul, 2020 1 commit
  7. 27 Jul, 2020 1 commit
    • Paolo Severini's avatar
      [wasm] Generate distinct IR trace files for Wasm import call wrappers · 037e64c8
      Paolo Severini authored
      Currently, when running with --trace-turbo, V8 generates a different
      .json file for each wasm-to-js thunk that it compiles, but these files
      all have the same name "turbo-wasm-to-js-0.json", and only one file is
      generated.
      This makes it difficult to actually examine the difference in the IR
      for this call wrappers produced for different signatures.
      
      This patch fixes this by naming each trace file as:
      "wasm-to-js-<kind>-<signature>-0.json", like for example
      "turbo-wasm-to-js-5-ii-i-0.json".
      
      Change-Id: Iebb73829cddd4f6bbf9d02ed1ce94a80dcfa5ca7
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316834
      Commit-Queue: Paolo Severini <paolosev@microsoft.com>
      Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69085}
      037e64c8
  8. 24 Jul, 2020 1 commit
  9. 22 Jul, 2020 2 commits
  10. 21 Jul, 2020 3 commits
  11. 16 Jul, 2020 1 commit
  12. 15 Jul, 2020 1 commit
  13. 10 Jul, 2020 2 commits
  14. 09 Jul, 2020 1 commit
  15. 07 Jul, 2020 1 commit
  16. 02 Jul, 2020 1 commit
  17. 01 Jul, 2020 4 commits
  18. 30 Jun, 2020 3 commits
  19. 29 Jun, 2020 4 commits
  20. 26 Jun, 2020 2 commits
    • Shu-yu Guo's avatar
      Revert "[wasm-gc] Implement rtt.sub" · 30456566
      Shu-yu Guo authored
      This reverts commit 04ce88ea.
      
      Reason for revert: TSAN failure: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/32135
      
      Original change's description:
      > [wasm-gc] Implement rtt.sub
      > 
      > RTTs are internally represented as Maps. To store supertype information,
      > this patch introduces a WasmTypeInfo object, which is installed on Wasm
      > objects' Maps and points at both the off-heap type information and the
      > parent RTT.
      > In this patch, rtt.sub always creates a fresh RTT. The canonicalization
      > that the proposal requires will be implemented later.
      > 
      > Bug: v8:7748
      > Change-Id: I8286dd11f520966155cd95c2bd844ec34fccd131
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260566
      > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#68564}
      
      TBR=ulan@chromium.org,jkummerow@chromium.org,tebbi@chromium.org
      
      Change-Id: I311732e1ced4de7a58b87d4a9b6056e0d62aa986
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:7748
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270734Reviewed-by: 's avatarShu-yu Guo <syg@chromium.org>
      Commit-Queue: Shu-yu Guo <syg@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#68567}
      30456566
    • Jakob Kummerow's avatar
      [wasm-gc] Implement rtt.sub · 04ce88ea
      Jakob Kummerow authored
      RTTs are internally represented as Maps. To store supertype information,
      this patch introduces a WasmTypeInfo object, which is installed on Wasm
      objects' Maps and points at both the off-heap type information and the
      parent RTT.
      In this patch, rtt.sub always creates a fresh RTT. The canonicalization
      that the proposal requires will be implemented later.
      
      Bug: v8:7748
      Change-Id: I8286dd11f520966155cd95c2bd844ec34fccd131
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260566
      Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#68564}
      04ce88ea
  21. 25 Jun, 2020 1 commit
  22. 24 Jun, 2020 5 commits