- 07 Aug, 2020 2 commits
-
-
Andreas Haas authored
Up until now. we only checked the size of tables defined in a module at instantiation time. For imported tables we only checked if the imported table matched the declared import in size. This causes a problem because we allocate function tables also for imported tabled before we actually look at the imported table. With this CL we first check the size of all tables, and only then start to initialize and load them. R=jkummerow@chromium.org Bug: chromium:1114006 Change-Id: Iaf194ed21fb83304fe3a7f0f7ba7b282396e3954 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339473 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#69291}
-
Andreas Haas authored
The cast from uint32_t to int caused an integer overflow that let a bounds check succeed that should have failed. R=jkummerow@chromium.org Bug: chromium:1114005 Change-Id: Iea1af70af300be54c2a33d7dd10b3faa34d56eaa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339472Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#69289}
-
- 06 Aug, 2020 1 commit
-
-
Andreas Haas authored
We used to check the size of tables at compile time, and threw a CompilationError if a given size exceeded the implementation-defined limit. However, the spec defines that an error should only be thrown when the implementation-defined limit is reached, which is either at instantiation time of during runtime at a table.grow. With this CL the V8 implementation becomes spec compliant in this regard. R=jkummerow@chromium.org Bug: v8:10556 Change-Id: I7d0e688b385a65e4060a569e5ab1dec68947ceea Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2326331 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#69267}
-
- 05 Aug, 2020 2 commits
-
-
Manos Koukoutos authored
Changes: - Remove restriction that function types cannot be used as ref types. - Introduce WasmModule::has_type(). - Remove deferred signature checks in module-decoder. Instead, check if type indices are out of bounds in consume_value_type (was bugged before). - Remove obsolete GetCanonicalRttIndex. - Refine type of ref.func. - Statically check immediate type against table type for call_indirect. - Dynamic check for call_indirect should only happen when for funcref (currently the only function supertype). - Allocate a different map per function signature (with Map::Copy). - Introduce function type equivalence and (trivial) subtyping. - Add a few elementary tests. Bug: v8:7748 Change-Id: If57d0bfd856c9eb3784191f3de423f53dfd26ef1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335190 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#69250}
-
Clemens Backes authored
Use the new jobs API for WebAssembly compilation. This avoids having to schedule as many background tasks as there are worker threads. Instead the one job specifies the maximum concurrency, which changes dynamically as new compile jobs become available. This also avoids the artificial deadline we used to ensure that other tasks get some share of the CPU resources if needed. Even though this CL moves actual wasm function completely over to the Jobs API, other similar tasks (like wrapper compilation) are still using the Task API and need to be ported in a follow-up CL. Also, we are still using the same priority for baseline compilation and tier up. We should split this in a follow-up CL to have two jobs with different priorities. This will also allow us to only block on baseline compilation where we currently block on both. R=ahaas@chromium.org CC=gab@chromium.org Bug: chromium:1101340 Change-Id: I5656697753346e5fdb15d578425cdb949ac6e364 Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng Cq-Include-Trybots: luci.chromium.try:linux-rel Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2280100 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#69239}
-
- 28 Jul, 2020 1 commit
-
-
Paolo Severini authored
Currently WebAssembly always goes through the ArgumentsAdaptorTrampoline builtin for wasm-to-js calls as soon as there's a mismatch between the actual number of arguments and the expected number of arguments. This can be made faster in cases where: 1. the callee has "don't adapt arguments" set, which is often the case for builtins, or 2. the callee has "skip adapt arguments" set, which is often the case for strict mode functions. TurboFan already supports this for JS calls: https://chromium-review.googlesource.com/c/1482735; explainer document: http://bit.ly/v8-faster-calls-with-arguments-mismatch. Even though it is probably not as common to have arity mismatches in Wasm->JS calls as it is in JS->JS calls, this still seems a worthwhile optimization to do. This CL ports the TurboFan fix to WebAssembly. In particular, the CL introduces a new WasmImportCallKind (kJSFunctionArityMismatchSkipAdaptor) for the case where the call to Builtins_ArgumentsAdaptorTrampoline can be skipped, and modifies WasmImportWrapperCache::CacheKey to also consider the arity of the imported JS function. A micro-benchmark for this change can be found here: - https://gist.github.com/paolosevMSFT/72c67591170d6163f67c9b03a7e12525#file-adapter-cc - https://gist.github.com/paolosevMSFT/72c67591170d6163f67c9b03a7e12525#file-adapter_test-js With this benchmark, we can save a 40% overhead of Builtins_ArgumentsAdaptorTrampoline for calls that pass too many arguments, while the savings for calls that pass too few arguments are less impressive: Before After callProperApplication: 563 ms 566 ms callOverApplication1: 972 ms 562 ms callOverApplication2: 962 ms 562 ms callUnderApplication: 949 ms 890 ms Bug: v8:8909 Change-Id: Id51764e7c422d00ecc4a48704323e11bdca9377f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2317061 Commit-Queue: Paolo Severini <paolosev@microsoft.com> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69110}
-
- 24 Jul, 2020 1 commit
-
-
Ng Zhi An authored
Using uint8_t[] causes decay to pointer issue, which manifests in copying garbage values in the call to WriteLittleEndianValue. Change it to use a std::array, which doesn't have the decaying behavior. Also add a regression test from comment#6 of the linked bug. Bug: v8:10731 Change-Id: I4a1ca69fe99806642e9931625ca7aeab6663f955 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316465Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#69052}
-
- 21 Jul, 2020 2 commits
-
-
Ng Zhi An authored
v128.const (kExprS128) is the only constant expression supported (similar to the other value types). Bug: v8:10731 Change-Id: I9b11b47a851903dfd79d3590eff67b615057f81c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2308389 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#68975}
-
Manos Koukoutos authored
Drive-by: Improve comment, use << operator where possible Change-Id: I5d2bff57a3f19a0fbb746136a897bf50e1173775 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2308337Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#68966}
-
- 15 Jul, 2020 1 commit
-
-
Jakob Kummerow authored
In addition to decoding them, we also have to evaluate the initializer instructions when instantiating a module. Drive-by fix: use "big-endian" encoding (prefix comes first) when emitting initializers in the module builder. Bug: v8:7748 Change-Id: Idfa0f5db298a8f6c6100fc09e1984e4a2e170e4a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2298004 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#68866}
-
- 10 Jul, 2020 1 commit
-
-
Jakob Kummerow authored
This reverts commit 8ba517e1. Reason for revert: causing Chromium test failures on external/wpt/wasm/jsapi/functions/entry-different-function-realm.html, e.g. here: https://ci.chromium.org/p/v8/builders/ci/V8%20Blink%20Mac/3045 Original change's description: > [wasm] Make an "incumbent context" available for module instantiation > > A Wasm module's start function might be imported from JavaScript, and > as such might contain calls to Blink. For such a case, we must make > sure that an "incumbent context" is available. > See microtask queue handling for a similar example. > > Bug: chromium:1096558 > Change-Id: I2e3c0fc20d4e3581e490822c3ac63ce2c5e1e990 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284982 > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> > Cr-Commit-Position: refs/heads/master@{#68760} TBR=jkummerow@chromium.org,verwaest@chromium.org Change-Id: Ib36d2198cf686f561a2a64034faf0479686f3500 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1096558 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2290853Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#68775}
-
- 09 Jul, 2020 3 commits
-
-
Jakob Kummerow authored
A Wasm module's start function might be imported from JavaScript, and as such might contain calls to Blink. For such a case, we must make sure that an "incumbent context" is available. See microtask queue handling for a similar example. Bug: chromium:1096558 Change-Id: I2e3c0fc20d4e3581e490822c3ac63ce2c5e1e990 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284982Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#68760}
-
Manos Koukoutos authored
Motivation: With rtt.sub now allowed in constant expressions, we have to generalize WasmInitExpr to be able to handle expressions with operands. This CL prepares the ground for this change and adds no functionality. Changes: - ValueType::heap_representation and HeapType::representation now return HeapType::Representation. - Add ValueType::is_rtt(). - WasmInitExpr: - Make kind private. Rename val -> operator, make it private. Add accessors. - Rename kGlobalIndex -> kGlobalGet. - Squash global_index and function_index into index. - Add heap_type Immediate. Use it for RefNullConst. TypeOf in module-decoder.cc can now fully determine the type of a WasmInitExpr. - Add class constructors/static method constructors for each Operator kind. - Delete copy constructor. WasmInitExpr will use std::unique_ptr for its operands. - consume_init_expr now uses a stack. - A few minor improvements. Bug: v8:7748 Change-Id: I3ba3ee7ac2d6bc58e887790c37110ceb80658985 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284483 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#68759}
-
Jakob Kummerow authored
By introducing a globally known map for each generic type. These maps are never used to allocate objects, they only serve as sentinels for generic heap types. Bug: v8:7748 Change-Id: I950a8c712dc1510759a833fe9122b9e9a6222dc2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2288860 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#68755}
-
- 08 Jul, 2020 1 commit
-
-
Manos Koukoutos authored
Bug: chromium:1103161 Change-Id: I8b6155ec4f1033eb7024d798a08cd6f55f5f609d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287502Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#68737}
-
- 29 Jun, 2020 2 commits
-
-
Jakob Kummerow authored
Relanding without changes, revert reason was fixed by: https://chromium-review.googlesource.com/c/v8/v8/+/2272564 Originally reviewed at: https://chromium-review.googlesource.com/c/v8/v8/+/2260566 Original description: RTTs are internally represented as Maps. To store supertype information, this patch introduces a WasmTypeInfo object, which is installed on Wasm objects' Maps and points at both the off-heap type information and the parent RTT. In this patch, rtt.sub always creates a fresh RTT. The canonicalization that the proposal requires will be implemented later. Bug: v8:7748 Change-Id: I7fd4986efa3153ac68037ec418ea617f3f7636e8 Tbr: ulan@chromium.org Tbr: tebbi@chromium.org Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273123Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#68581}
-
Manos Koukoutos authored
Drive-by: Fix ref.is_null calling is_reference_type to typecheck its argument (which would also allow rtts). Bug: v8:7748 Change-Id: I2ad01d0f70ac15d37ac4cc344bd0280a7ca08073 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264094 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#68572}
-
- 26 Jun, 2020 2 commits
-
-
Shu-yu Guo authored
This reverts commit 04ce88ea. Reason for revert: TSAN failure: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/32135 Original change's description: > [wasm-gc] Implement rtt.sub > > RTTs are internally represented as Maps. To store supertype information, > this patch introduces a WasmTypeInfo object, which is installed on Wasm > objects' Maps and points at both the off-heap type information and the > parent RTT. > In this patch, rtt.sub always creates a fresh RTT. The canonicalization > that the proposal requires will be implemented later. > > Bug: v8:7748 > Change-Id: I8286dd11f520966155cd95c2bd844ec34fccd131 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260566 > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#68564} TBR=ulan@chromium.org,jkummerow@chromium.org,tebbi@chromium.org Change-Id: I311732e1ced4de7a58b87d4a9b6056e0d62aa986 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7748 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270734Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#68567}
-
Jakob Kummerow authored
RTTs are internally represented as Maps. To store supertype information, this patch introduces a WasmTypeInfo object, which is installed on Wasm objects' Maps and points at both the off-heap type information and the parent RTT. In this patch, rtt.sub always creates a fresh RTT. The canonicalization that the proposal requires will be implemented later. Bug: v8:7748 Change-Id: I8286dd11f520966155cd95c2bd844ec34fccd131 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260566 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#68564}
-
- 25 Jun, 2020 1 commit
-
-
Andreas Haas authored
This is a reland of f7a1932e There was a wpt test in Chrome that expected the incorrect behavior. I disable the test in https://crrev.com/c/2264418 so that we can land the fix here. Original change's description: > [wasm] Re-exported globals preserve their identity > > V8 fails a recently added spec test that when an imported global get > re-exported, it should preserve its identity. This CL fixes the behavior > in V8. > > Drive-by change: fix the object printer of globals: a global which > stores a reference type only has a tagged buffer, a global which stores > a value type only has an untagged buffer. > > R=clemensb@chromium.org > > Bug: v8:10556 > Change-Id: I949d147fe4395610cfec6cf60082e1faecb23036 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235702 > Commit-Queue: Andreas Haas <ahaas@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#68513} Bug: v8:10556 Change-Id: I8e1b08fc9f72dde166cba167e6e320e714796769 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264097Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#68552}
-
- 24 Jun, 2020 3 commits
-
-
Shu-yu Guo authored
This reverts commit f7a1932e. Reason for revert: Breaking wasm wpt tests: https://ci.chromium.org/p/v8/builders/ci/V8%20Blink%20Linux/5408 Original change's description: > [wasm] Re-exported globals preserve their identity > > V8 fails a recently added spec test that when an imported global get > re-exported, it should preserve its identity. This CL fixes the behavior > in V8. > > Drive-by change: fix the object printer of globals: a global which > stores a reference type only has a tagged buffer, a global which stores > a value type only has an untagged buffer. > > R=clemensb@chromium.org > > Bug: v8:10556 > Change-Id: I949d147fe4395610cfec6cf60082e1faecb23036 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235702 > Commit-Queue: Andreas Haas <ahaas@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#68513} TBR=ahaas@chromium.org,clemensb@chromium.org Change-Id: I06eb1996cafe7d4e93a7e59d21679fea239cf961 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10556 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264956Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#68528}
-
Andreas Haas authored
V8 fails a recently added spec test that when an imported global get re-exported, it should preserve its identity. This CL fixes the behavior in V8. Drive-by change: fix the object printer of globals: a global which stores a reference type only has a tagged buffer, a global which stores a value type only has an untagged buffer. R=clemensb@chromium.org Bug: v8:10556 Change-Id: I949d147fe4395610cfec6cf60082e1faecb23036 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235702 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#68513}
-
Deepti Gandluri authored
The IsInBounds function is used in a few different places, when used for bounds checks on 32-bit platforms, size_t for max_memory_size leads to incorrect out of bounds accesses as size_t is not guaranteed to be 64-bit on all platforms. Use specific uint32_t, uint64_t methods for Wasm bounds checking instead of size_t. Bug: chromium:1080902 Change-Id: I0e21f0a310382c8ed0703c8302200d3352495c13 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2256858 Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#68500}
-
- 18 Jun, 2020 1 commit
-
-
Manos Koukoutos authored
Motivation: Changes to the typed function references and gc proposals solidified the notion of heap type, clarified nullable vs. non-nullable reference types, and introduced rtts, which contain an integer depth field in addition to a heap type. This required us to overhaul our ValueType representation, which results in extensive changes. To keep this CL "small", we do not try to implement the binary encoding as described in the proposals, but rather devise a simpler one of our own (see below). Also, we do not try to implement additional functionality for the new types. Changes: - Introduce HeapType. Move heap types from ValueType to HeapType. - Introduce Nullability for reference types. - Rework ValueType helper methods. - Introduce rtts in ValueType with an integer depth field. Include depth in the ValueType encoding. - Make the constructor of ValueType private, instead expose static functions which explicitly state what they create. - Change every switch statement on ValueType::Kind. Sometimes, we need nested switches. - Introduce temporary constants in ValueTypeCode for nullable types, use them for decoding. - In WasmGlobalObject, split 'flags' into 'raw_type' and 'is_mutable'. - Change IsSubtypeOfRef to IsSubtypeOfHeap and implement changes in subtyping. - kWasmFuncRef initializers are now non-nullable. Initializers are only required to be subtypes of the declared global type. - Change tests and fuzzers as needed. Bug: v8:7748 Change-Id: If41f783bd4128443b07e94188cea7dd53ab0bfa5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247657 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#68408}
-
- 16 Jun, 2020 1 commit
-
-
Manos Koukoutos authored
This is in anticipation of more complex type names coming from the new proposals. Change-Id: I1e5b8bd8c5b3edb5b603d36f6c5e9a787ebad504 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2243215 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#68370}
-
- 10 Jun, 2020 1 commit
-
-
Manos Koukoutos authored
As per the latest update to the 'reference types' wasm proposal, the nullref type is removed. Following that, all its uses in V8 were also removed. This CL: - Removes now dead code referencing nullref. - Changes names of functions/exceptions containing 'nullref' to 'null'. - Changes nullref to the corresponding nullable type in some tests. Bug: v8:7748 Change-Id: I5b4606671d7b24dd48a45a3341e8a1c056fcd1d0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238026 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#68283}
-
- 09 Jun, 2020 1 commit
-
-
Manos Koukoutos authored
The reference types wasm proposal dropped all subtyping. Subsequently, the 'anyref' type was renamed to externref. This changes all references of the *type* anyref to externref. Additionally, the flag that permits this extension is renamed to "reftypes" to mirror the proposal name. Bug: v8:7748 Change-Id: Icf323f13b9660fd10540e65125af053fca3a03f9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2232941 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#68270}
-
- 05 Jun, 2020 1 commit
-
-
Manos Koukoutos authored
Changes: - Remove subtyping checks from value-type.h and move them to dedicated files. Leave a limited version in value-type.h for testing. - Implement subtyping for struct and array types, according to the wasm-gc proposal. - Implement type equivalence checking. - Introduce a subtyping relation cache in WasmModule. - Rename IsSubTypeOf -> IsSubtypeOf. - Fix v8 possible bug where iterator_range took two unused type parameters. - Add unittests for subtyping. Bug: v8:7748 Change-Id: I0ddbda4145e0412196dcf4fc63f3c5875fb3ab5a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228497 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#68192}
-
- 03 Jun, 2020 1 commit
-
-
Andreas Haas authored
This CL repurposes the v8.wasm trace event category, and introduces additionally the v8.wasm.detailed category. The v8.wasm category is enabled by default and captures core wasm events like validation, compilation, instantiation, and important operations like grow-memory and tier-up timings. The v8.wasm.detailed category is disabled by default. It captures all events the previous v8.wasm category captured, like compilation of single functions, time needed for register allocation, ... This CL splits these categories to allow enabling the v8.wasm category in telemetry benchmarks to calculate compile time and other metrics from traces of telemetry runs. R=ecmziegler@chromium.org Bug: chromium:1084929 Change-Id: Ida58b8f344b0ccb6ee1210e259c3e0e993eff497 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2210230 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org> Cr-Commit-Position: refs/heads/master@{#68156}
-
- 27 May, 2020 1 commit
-
-
Manos Koukoutos authored
Motivation: In the wasm-gc proposal, structs and arrays are allowed to store elements of packed types i8 and i16. Changes: - Add i8 and i16 to ValueType. - Fix all case switches to handle the new cases. - Add a couple helper methods to ValueType and improve the implementation/usage of a couple more. Bug: v8:7748 Change-Id: I527cfe5acf5d877fc38e4212174ba9f9de5c40ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215046Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#67994}
-
- 08 May, 2020 1 commit
-
-
Jakob Kummerow authored
along with WASM_ARRAY_TYPE, a WasmArray class, and a very basic test. Bug: v8:7748 Change-Id: I1ad4ff78e428972be52130cc179a91c76fcdbdc6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185136 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#67671}
-
- 07 May, 2020 1 commit
-
-
Jakob Kummerow authored
When the garbage collector needs to get a struct's type information, it must be prepared to deal with forwarding pointers, as those will only get cleaned up at the end of the GC cycle. Bug: v8:7748 Change-Id: Ifdfdffcef27d1dbe07c86a3abd17711f46c1b900 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187732 Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#67648}
-
- 06 May, 2020 1 commit
-
-
Jakob Kummerow authored
and avoid runtime calls for struct allocation. We can load the map from the instance and do the allocation in a CSA builtin. Bug: v8:7748 Change-Id: I76dfcb6c28800d69046b3d7381d3b8ba774fbf09 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169099 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#67617}
-
- 28 Apr, 2020 1 commit
-
-
Clemens Backes authored
This CL removes all debugging capabilities from the API provided by WasmDebugInfo: - setting and removing breakpoints - stepping - stack inspection The WasmDebugInfo is still kept, since it's used from tests to instantiate the interpreter. R=thibaudm@chromium.org, bmeurer@chromium.org Bug: v8:10389 Change-Id: I297bfc8df2104dae8b9f9f9b13078026c47698da Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2164791Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#67418}
-
- 17 Apr, 2020 1 commit
-
-
Jakob Kummerow authored
And a new flag --experimental-wasm-gc, which doesn't do anything yet. Bug: v8:7748 Change-Id: I927d1d90559249db3ee9f8d240775d45098e52a6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2154197 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#67215}
-
- 31 Mar, 2020 1 commit
-
-
Clemens Backes authored
If we want external people to stop shouting WASM, we should start by avoiding that in our own code base. This CL replaces almost all occurrences of "WASM" by "Wasm". The last remaining ones (in frames.cc) are in capitalized contexts where WASM fits. TBR=ecmziegler@chromium.org Bug: v8:10155 Change-Id: I905b92220768b99bb5e1165255691ffe4498dba3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2126917 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org> Cr-Commit-Position: refs/heads/master@{#66917}
-
- 12 Mar, 2020 1 commit
-
-
Jakob Kummerow authored
In preparation for adding reference types, which need an additional parameter to indicate the referenced type. Bug: v8:7748 Change-Id: If4023f3d9c7f42ed603b69c43356d2e8b81a0daa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2091471 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#66687}
-
- 11 Mar, 2020 3 commits
-
-
Andreas Haas authored
The return value of {memory_copy_wrapper} was defined as {bool} in the original CL. When compiled with clang, the full return register is written when {true} or {false} is returned. With msvc, however, the return value is written as a single byte, without zero-extension. In generated code, the full return register is used and therefore stale bytes in the return register caused problems. With this CL the return value is changed to {uint32_t}. This enforces zero-extension of the return value and thereby fixes the issue. R=clemensb@chromium.org Bug: v8:10281 Change-Id: I628d01cfd7193fa960a7ccdf0d9fd896f510cd3e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2096626 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#66666}
-
Clemens Backes authored
This reverts commit c475e704. Reason for revert: Fails on MSVC: https://ci.chromium.org/p/v8/builders/ci/V8%20Win64%20-%20msvc/12805 Original change's description: > [wasm] Do memory.copy bounds check in C++ code > > In the existing implementation we first did a bounds check in generated > code, and then called a simple C++ function to do the actual copying. > With this CL now we pass the WasmInstanceObject to the C++ function in > addition to the memory.copy parameters. Thereby we can do the bounds > check in C++, which is much easier, less error prone, and which also > speeds up code generation and reduces code size. Performance should not > be worse, because we were already doing the call to C++ anyways. > > R=clemensb@chromium.org > > Bug: v8:10281 > Change-Id: I24488d92056f0b5df27a61783a274895bd37cc24 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2093434 > Commit-Queue: Andreas Haas <ahaas@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66655} TBR=ahaas@chromium.org,clemensb@chromium.org Change-Id: Ic2491f635a292e004f6c95498a045ba102138dc5 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10281 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2096623 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#66658}
-
Andreas Haas authored
In the existing implementation we first did a bounds check in generated code, and then called a simple C++ function to do the actual copying. With this CL now we pass the WasmInstanceObject to the C++ function in addition to the memory.copy parameters. Thereby we can do the bounds check in C++, which is much easier, less error prone, and which also speeds up code generation and reduces code size. Performance should not be worse, because we were already doing the call to C++ anyways. R=clemensb@chromium.org Bug: v8:10281 Change-Id: I24488d92056f0b5df27a61783a274895bd37cc24 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2093434 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#66655}
-