Skip to content

V
V8
Switch branch/tag
  1. 29 Aug, 2022 1 commit
    • Clemens Backes's avatar
      [wasm] Use a consistent hash for wire bytes · 918b46af
      Clemens Backes authored 
      We use a hash for different things:
- dumping wasm module to file,
- generating the script name, and
- computing prefix hash / wire byte hash for caching.

Two of them were using the StringHasher, one use base::hash_range.
For experimental PGO support, we will also need a hash value, so unify
this to use the same hash everywhere.
Since the result of base::hash_range is platform-dependent, use the
StringHasher everywhere.

R=thibaudm@chromium.org

Bug: v8:13209
Change-Id: Iae8c2385264ecedd4daea16d7f9221bc94650eef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855310Reviewed-by: 's avatarThibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82766}
      918b46af
  3. 29 Jul, 2022 1 commit
    • Manos Koukoutos's avatar
      [wasm] Use isorecursive canonical types for call_indirect · 4f0ef8c3
      Manos Koukoutos authored 
      Currently, we canonicalize types for call_indirect by looking in the
current module for a signature of the same shape. This is not enough
as of wasm-gc. Instead, the canonical identifier representing a type
has to be computed via isorecursive canonicalization.
This change is implemented behind a flag for now.
Future work: Also integrate export wrappers with isorecursive
canonical types. We need to store wrappers in instance-independent
storage.

Drive-by:
- Always emit type check for call_indirect. We did not emit a check
  only when typed-function-references was enabled, but not gc. This
  is not something that will be possible long-term.
- Fix some wasm cctests.

Bug: v8:7748
Change-Id: I7cced187009ac148c833dff5e720a8bb9a717e68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3784600Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82064}
      4f0ef8c3
  5. 26 Jul, 2022 1 commit
    • Clemens Backes's avatar
      [wasm] Remove methods from NativeModule · 29f0fd66
      Clemens Backes authored 
      {NativeModule::GetJumpTableOffset} is totally independent of the
{NativeModule}, hence should be an independent function. It's now
defined in wasm-module.h, and works only on the WasmModule and the
function index.
{NativeModule::GetCallTargetForFunction} only has a single caller, which
is the wasm instance object, which already has direct access to the jump
table start. Hence we can just add the jump table offset there, and do
not need another helper method. This also makes it more clear that we
are returning a jump table slot.

R=jkummerow@chromium.org

Change-Id: If2e4eb4b3622df08ba905bd10783199bbb59d50a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3781348Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81970}
      29f0fd66
  7. 07 Jul, 2022 1 commit
  9. 30 Jun, 2022 1 commit
    • Jakob Kummerow's avatar
      [wasm] AdaptiveMap for DecodedNameSection · 838a220c
      Jakob Kummerow authored 
      This is a performance improvement; no change in functional
behavior is intended.
AdaptiveMap is an abstraction over a std::map or a std::vector:
after being initialized iteratively with a set of entries, it
can switch to dense vector-based storage if that would be more
efficient.
The motivation is that we expect most name sections, if they
are present at all, to give fairly complete information, so the
dense mode will likely be the typical case. However, it's easy
enough to support sparse mode as well, and parsing the name
section into a std::map at first is particularly convenient for
cases where we can't guess the expected number of entries, such
as for function locals.

Change-Id: Ia17f27576a3061eb05c912f7081411d6f38137e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3726150Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81474}
      838a220c
  11. 29 Jun, 2022 1 commit
  13. 27 Jan, 2022 2 commits
    • Manos Koukoutos's avatar
      [wasm-gc] Implement iso-recursive types · fe531e1f
      Manos Koukoutos authored 
      This CL replaces the equirecursive type system for wasm-gc with the
isorecursive hybrid type system presented here:
https://github.com/WebAssembly/gc/issues/257.

In broad strokes, this includes the following changes:
- In the module decoder, remove equirecursive types. Implement recursive
  type groups, subtype definitions, and function/struct/array
  definitions. Treat nominal modules as syntactic sugar of an
  isorecursive module, where all types belong in the same recursive
  group.
- Remove rtt.sub and all related infrastructure.
- Change subtyping to work with explicit supertypes only.
- Add ValidSubtypeDefinition in subtyping, to check that subtype
  declarations are valid during decoding.
- Remove the subtyping cache.
- Add support for functions to have specific signature index in
  WasmModuleBuilder and in test-gc.cc.
- Adapt tests.

Current restrictions:
- Recursive groups are not stored beyond decoding.
- Type canonicalization is not implemented. No tests relying on types
  being considered identical post-canonicalization.
- No cross-module subtyping is possible. Tests relying on cross-module
  subtyping have been commented out.

Bug: v8:7748
Change-Id: I69fd04ecc5611f6230c95d5c89d1c520163fffae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3416239Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78816}
      fe531e1f
    • Manos Koukoutos's avatar
      [wasm] Small refactoring for module types · 9566a6e3
      Manos Koukoutos authored 
      Changes:
- Introduce {TypeDefinition} for wasm modules.
- Introduce an enum {TypeDefinition::Kind} to represent the three
  different definition types.
- Collapse the {types}, {type_kinds} and {supertypes} vectors into a
  single vector of {TypeDefinition}s.
- Use {TypeDefinition} in WasmModuleBuilder.
- Drive-by: Remove {kNullIndex} in WasmModuleBuilder.
- Drive-by: Tidy-up wasm-module.h.

Change-Id: I97c2c268bcad745176243c693cf169bfa5714f94
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3416233Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78813}
      9566a6e3
  15. 10 Dec, 2021 1 commit
  17. 16 Sep, 2021 1 commit
  19. 15 Sep, 2021 1 commit
  21. 29 Jul, 2021 1 commit
  23. 21 Jul, 2021 1 commit
  25. 20 Jul, 2021 3 commits
  27. 18 Jun, 2021 1 commit
  29. 10 Jun, 2021 1 commit
  31. 05 May, 2021 3 commits
    • Benedikt Meurer's avatar
      [wasm] Consider only function names from the name section. · e3f21e6d
      Benedikt Meurer authored 
      As per WebAssembly Web API[1], the engine should only consider names
from the name section to synthesize function names in the context of
call stacks. We previously also added support to harvest the exports
table here in an attempt to improve the DevTools debugging experience,
but that needs a separate fix specifically for the inspector (which
should also take into account the imports to harvest names).

[1]: https://webassembly.github.io/spec/web-api/index.html#conventions

Fixed: chromium:1164305
Change-Id: I4bde5c8398a5164f1d8ac9060ad3743ed494c41e
Bug: chromium:1159307, chromium:1164241, chromium:1071432
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874464
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74382}
      e3f21e6d
    • Manos Koukoutos's avatar
      [wasm] Complete element segment features for reftypes/typed-funcref · 37579df7
      Manos Koukoutos authored 
      Main changes:
- Allow global.get in elements segments with expressions-as-elements.
- Allow element segments with types other than funcref.

Detailed changes:
- Move WasmInitExpr to its own file. Add stream opearator << support.
- Simplify type of PrintCollection.
- Make WasmElemSegment use an array of WasmInitExpr's over the previous
  ad-hoc implementation. Move null_index to WasmModuleBuilder.
- Refactor consume_element_segment_header. Make it return a
  WasmElemSegment.
- Refactor consume_element_expr. Make it return a WasmInitExpr.
- Refactor DecodeElementSection. Make it invoke
  consume_element_segment_header, then populate its element array.
- Update module-instantiate.cc to handle global.get elements.
- Fix bug in wasm-objects.cc where the wrong type index was passed into
  module()->has_signature()
- Adapt and add tests.

Change-Id: I5abfbe424dbb750ee2dca59f91c451ffcb79f95f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857959
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74374}
      37579df7
    • Manos Koukoutos's avatar
      [wasm][bug] Remove deleted WasmModule from typing cache · 202032c8
      Manos Koukoutos authored 
      WasmModules were not removed from the global type judgement cache when
they were deleted. This created problems if another module got allocated
in the same location as a previously deleted module, by creating false
positive cache hits. This CL fixes this issue by removing WasmModule
from the cache as part of its destructor.

Bug: v8:11700
Change-Id: I4948e361dd681040807f35d759b647d1bce585dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859863
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74370}
      202032c8
  33. 13 Jan, 2021 1 commit
    • Benedikt Meurer's avatar
      [wasm][debug] Simplify debug name handling. · 1bd5755b
      Benedikt Meurer authored 
      This moves the logic for the debug name heuristic, which derives names
for imported and exported entities from the relevant tables, into
wasm-debug.{cc,h} and stores these maps on the DebugInfoImpl rather than
on the WasmModule.

Drive-by-fix: Also use the import table based heuristic for function
names, just like we use it for everything else.

Bug: chromium:1164305
Change-Id: I8a21e0880c680079f63e6607b5b62c788049b9e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2625870
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72061}
      1bd5755b
  35. 17 Nov, 2020 1 commit
  37. 05 Oct, 2020 1 commit
    • Manos Koukoutos's avatar
      [wasm-gc][bug] Fix signature canonicalization · 4d9d8518
      Manos Koukoutos authored 
      We used not to emit canonical indexes for arrays and structs into
WasmModule::signature_ids, which resulted in signature_ids not referring
to the correct type indices in a WasmModule.

Changes:
- Rename signature_ids to canonical_type_ids.
- Emit trivial canonical type ids for structs and arrays.
- Add a test to catch the existing bug.
- Improve DCHECKs for module type accessors.

Bug: v8:7748
Change-Id: I67ad58865e35b459b21db12557564b652035db75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2444989
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70318}
      4d9d8518
  39. 18 Sep, 2020 1 commit
    • Manos Koukoutos's avatar
      [wasm-gc] Preparation for typed function tables · a5f68abe
      Manos Koukoutos authored 
      Changes:
- Rename IsSignatureEqual -> MatchesSignature for consistency
- Add WasmInstanceObject field to WasmTableObject.
- Improve some error messages related to tables in
  function-body-decoder-impl.h.
- Introduce WasmTable::IsValidTableType. Use it wherever appropriate.
- Overload equality operators in HeapType to work with
  HeapType::Representation.
- Rename DynamicTypeCheckRef -> TypecheckJSObject.
- Handle WasmCapiFunctions in TypecheckJSObject.
- Use TypecheckJSObject in WasmTableObject::IsValidElement.
- A few more minor improvements.

Bug: v8:9495
Change-Id: I2867dd3486d7c31717ac26b87a50e15cf2b898be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2416491
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70001}
      a5f68abe
  41. 09 Sep, 2020 1 commit
  43. 05 Aug, 2020 1 commit
    • Manos Koukoutos's avatar
      [wasm-gc] Allow reference types to function signatures · a61aaed9
      Manos Koukoutos authored 
      Changes:
- Remove restriction that function types cannot be used as ref types.
- Introduce WasmModule::has_type().
- Remove deferred signature checks in module-decoder. Instead, check if
  type indices are out of bounds in consume_value_type (was bugged
  before).
- Remove obsolete GetCanonicalRttIndex.
- Refine type of ref.func.
- Statically check immediate type against table type for call_indirect.
- Dynamic check for call_indirect should only happen when for funcref
  (currently the only function supertype).
- Allocate a different map per function signature (with Map::Copy).
- Introduce function type equivalence and (trivial) subtyping.
- Add a few elementary tests.

Bug: v8:7748
Change-Id: If57d0bfd856c9eb3784191f3de423f53dfd26ef1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335190
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69250}
      a61aaed9
  45. 27 Jul, 2020 1 commit
    • Paolo Severini's avatar
      [wasm] Generate distinct IR trace files for Wasm import call wrappers · 037e64c8
      Paolo Severini authored 
      Currently, when running with --trace-turbo, V8 generates a different
.json file for each wasm-to-js thunk that it compiles, but these files
all have the same name "turbo-wasm-to-js-0.json", and only one file is
generated.
This makes it difficult to actually examine the difference in the IR
for this call wrappers produced for different signatures.

This patch fixes this by naming each trace file as:
"wasm-to-js-<kind>-<signature>-0.json", like for example
"turbo-wasm-to-js-5-ii-i-0.json".

Change-Id: Iebb73829cddd4f6bbf9d02ed1ce94a80dcfa5ca7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316834
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69085}
      037e64c8
  47. 21 Jul, 2020 1 commit
  49. 15 Jul, 2020 1 commit
  51. 29 Jun, 2020 1 commit
  53. 18 Jun, 2020 1 commit
    • Manos Koukoutos's avatar
      [wasm-gc] Change ValueType representation to account for new types · 52f65296
      Manos Koukoutos authored 
      Motivation:
Changes to the typed function references and gc proposals solidified
the notion of heap type, clarified nullable vs. non-nullable reference
types, and introduced rtts, which contain an integer depth field in
addition to a heap type. This required us to overhaul our ValueType
representation, which results in extensive changes.

To keep this CL "small", we do not try to implement the binary encoding
as described in the proposals, but rather devise a simpler one of our
own (see below). Also, we do not try to implement additional
functionality for the new types.

Changes:
- Introduce HeapType. Move heap types from ValueType to HeapType.
- Introduce Nullability for reference types.
- Rework ValueType helper methods.
- Introduce rtts in ValueType with an integer depth field. Include depth
  in the ValueType encoding.
- Make the constructor of ValueType private, instead expose static
  functions which explicitly state what they create.
- Change every switch statement on ValueType::Kind. Sometimes, we need
  nested switches.
- Introduce temporary constants in ValueTypeCode for nullable types,
  use them for decoding.
- In WasmGlobalObject, split 'flags' into 'raw_type' and 'is_mutable'.
- Change IsSubtypeOfRef to IsSubtypeOfHeap and implement changes in
  subtyping.
- kWasmFuncRef initializers are now non-nullable. Initializers are
  only required to be subtypes of the declared global type.
- Change tests and fuzzers as needed.

Bug: v8:7748
Change-Id: If41f783bd4128443b07e94188cea7dd53ab0bfa5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247657
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68408}
      52f65296
  55. 16 Jun, 2020 2 commits
  57. 10 Jun, 2020 1 commit
  59. 09 Jun, 2020 1 commit
  61. 05 Jun, 2020 1 commit
  63. 03 Jun, 2020 1 commit
  65. 18 May, 2020 1 commit
  67. 20 Apr, 2020 1 commit