Skip to content

V
V8
Switch branch/tag
  1. 05 May, 2021 2 commits
    • Benedikt Meurer's avatar
      [wasm] Consider only function names from the name section. · e3f21e6d
      Benedikt Meurer authored 
      As per WebAssembly Web API[1], the engine should only consider names
from the name section to synthesize function names in the context of
call stacks. We previously also added support to harvest the exports
table here in an attempt to improve the DevTools debugging experience,
but that needs a separate fix specifically for the inspector (which
should also take into account the imports to harvest names).

[1]: https://webassembly.github.io/spec/web-api/index.html#conventions

Fixed: chromium:1164305
Change-Id: I4bde5c8398a5164f1d8ac9060ad3743ed494c41e
Bug: chromium:1159307, chromium:1164241, chromium:1071432
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874464
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74382}
      e3f21e6d
    • Manos Koukoutos's avatar
      [wasm][test] Initializer exprs. for element segments · 8d6da6d5
      Manos Koukoutos authored 
      Element segments and tables in tests used an ad-hoc mechanism to
describe the different types of initializer expressions, e.g. an number
which could denote either the value of a constant or the index of a
global. This CL tidies up and generalizes the test infrastructure by
directly using WasmInitExpr in those cases.

Additional changes:
- Introduce WasmElemSegment class.
- Remove obsolete --experimental-wasm-bulk-memory flag from tests.
- Rename WasmInitExpr.type -> kind.
- Remove dependency of wasm-module-builder from mjsunit.js (except in
  assertTraps).

Change-Id: I716254a04ceea9ceb8ac6b848e12e1637f618f0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857638
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74368}
      8d6da6d5
  3. 29 Apr, 2021 1 commit
  5. 27 Apr, 2021 2 commits
  7. 26 Apr, 2021 2 commits
  9. 23 Apr, 2021 1 commit
    • Clemens Backes's avatar
      [wasm] Abort wrapper compilation on isolate shutdown · 8c3c89b0
      Clemens Backes authored 
      JS-to-Wasm wrappers embed heap constants (like the undefined value), and
those heap values are being accessed during compilation for tracing.
This is not a data race, since those values are read-only. But if the
isolate dies while we are compiling those wrappers, we might read from
the heap after it has been free'd.

Ideally we would not access the isolate or the heap at all during
compilation, but delaying all tracing until the "finalization" phase is
not feasible, and removing the heap value printing from tracing would
significantly regress quality of this tracing.

Hence this CL only fixes the actual issue: That we keep compiling
wrappers when the isolate is already gone. It does so by introducing an
{OperationsBarrier} per isolate that is being taken by each thread that
executes wrapper compilation, and is used for waiting for background
threads to finish before the isolate shuts down.
Additionally, we actually cancel all compilation if a module dies (or
the isolate shuts down) before it finished baseline compilation. In this
state, the module cannot be shared between isolates yet, so it's safe to
fully cancel all compilation. This cancellation is not strictly
necessary, but it will reduce the time we are blocked while waiting for
wrapper compilation to finish (because no new compilation will start).

R=thibaudm@chromium.org
CC=manoskouk@chromium.org

Bug: v8:11626, chromium:1200231
Change-Id: I5b19141d22bd0cb00ba84ffa53fb07cf001e13cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2846881Reviewed-by: 's avatarThibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74142}
      8c3c89b0
  11. 21 Apr, 2021 1 commit
    • Manos Koukoutos's avatar
      [wasm][refactor] Simplify/unify parts of the function decoder · c4113c47
      Manos Koukoutos authored 
      Changes:
- Remove TypeCheckBranchResult. Change TypeCheckBranch() to return bool.
  Refactor call sites to reflect this (decouple current code
  reachability check from type check).
- Unify TypeCheckBranch(), TypeCheckFallthrough(), and the type-checking
  part of Return() into TypeCheckStackAgainstMerge().
- Make sure all TypeCheck* functions are only called within VALIDATE.
- In graph-builder-interface, rename end_env -> merge_env to reflect
  its function for loops.
- Change expected error messages in some tests.

Change-Id: I857edc18db9c2454ad12d539ffe7a10e96367710
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2839560Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74100}
      c4113c47
  13. 19 Apr, 2021 1 commit
  15. 15 Apr, 2021 1 commit
  17. 12 Apr, 2021 1 commit
  19. 29 Mar, 2021 1 commit
  21. 22 Mar, 2021 1 commit
  23. 19 Mar, 2021 2 commits
  25. 18 Mar, 2021 3 commits
  27. 17 Mar, 2021 2 commits
  29. 10 Mar, 2021 1 commit
  31. 08 Mar, 2021 2 commits
  33. 28 Feb, 2021 1 commit
  35. 23 Feb, 2021 3 commits
  37. 22 Feb, 2021 1 commit
  39. 19 Feb, 2021 3 commits
  41. 17 Feb, 2021 1 commit
    • Clemens Backes's avatar
      [liftoff] Fix handling of pinned registers · c6269350
      Clemens Backes authored 
      Pinned registers were not considered correctly when taking a volatile
register. This CL refactors handling of the pinned registers list by
combining the candidates list and the pinned list early. This avoid
additional parameters on some functions and might save some redundant
masking.
As a side effect, it also fixes the DCHECK error on arm.

R=ahaas@chromium.org

Bug: chromium:1179025
Change-Id: Ib9193b209c5741ea97fd1d0dffeeb9e824639439
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2699254Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72812}
      c6269350
  43. 05 Feb, 2021 1 commit
    • Paolo Severini's avatar
      [compiler] Re-reland "Faster JS-to-Wasm calls" · 831fa62b
      Paolo Severini authored 
      This is a reland of 6ada6a90

- Fixed a GC issue
  https://bugs.chromium.org/p/v8/issues/detail?id=11335:
  GC expected all arguments on the stack from code with
  CodeKind::TURBOFAN to be tagged objects. This is not the case now with
  inlined Wasm calls, and this information can be passed in
  SafepointEntry for each call site.

- Disabled JS-to-Wasm inlining for calls inside try/catch.

For more details, see updated doc:
https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit#

Bug: v8:11092


Original change's description:
> Reland "Faster JS-to-Wasm calls"
>
> This is a reland of 860fcb1b
>
> - Disabled the tests for this feature in V8-lite mode (the original
> change broke V8-lite tests).
> - Also modified test console-profile-wasm.js that was brittle with this
> change because it assumed that there was always a JS-to-Wasm wrapper
> but this is not the case when the TurboFan compilation completes before
> the Liftoff-compiled code starts to run.
>
> More changes in Patchset 8:
>
> - Moved inlining of the "JSToWasm Wrapper" away from simplified-lowering,
> into a new phase, wasm-inlining that reuses the JSInliner reducer.
> The doc
> https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit#
> describes the new logic.
>
> - Fixed a couple of small issues in wasm_compiler.cc to make sure that
> the graph "JSToWasm Wrapper" subgraph has a valid Control chain;
> this should solve the problem we had inlining the calls in functions
> that can throw exception.


Original change's description:
> Faster JS-to-Wasm calls
>
> This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/.
>
> Currently JS-to-Wasm calls go through a wrapper/trampoline, built on
> the basis of the signature of a Wasm function to call, and whose task
> is to:
> - set "thread_in_wasm_flag" to true
> - convert the arguments from tagged types into Wasm native types
> - calculate the address of the Wasm function to call and call it
> - convert back the result from Wasm native types into tagged types
> - reset "thread_in_wasm_flag" to false.
>
> This CL tries to improve the performance of JS-to-Wasm calls by
> inlining the code of the JS-to-Wasm wrappers in the call site.
>
> It introduces a new IR operand, JSWasmCall, which replaces JSCall for
> this kind of calls. A 'JSWasmCall' node is associated to
> WasmCallParameters, which contain information about the signature of
> the Wasm function to call.
>
> WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid
> generating code to convert the types for the arguments
> of the Wasm function, when the conversion is not necessary.
> The actual inlining of the graph generated for this wrapper happens in
> the simplified-lowering phase.
>
> A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage
> lazy deoptimizations that can happen if the Wasm function callee calls
> back some JS code that invalidates the compiled JS caller function.
>

Bug: v8:11092
Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
Change-Id: Ie052634598754feab4ff36d10fd04e008b5227a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649777
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72541}
      831fa62b
  45. 02 Feb, 2021 1 commit
  47. 01 Feb, 2021 1 commit
  49. 29 Jan, 2021 1 commit
  51. 27 Jan, 2021 1 commit
    • Clemens Backes's avatar
      [wasm] Fix data race in lazy compilation · 591db5d9
      Clemens Backes authored 
      Instead of updating the detected features set directly, use the
synchronized {OnCompilationStopped} method.
In order to avoid this error in the future, the whole
{detected_features()} getter is removed, as it returns a pointer which
can only be accessed when holding the mutex anyway. Also, the refactored
code was the only user of this dangerous method.

Drive-by: Pass the WasmFeatures set by value, since it's just an
EnumSet.
Drive-by 2: Remove a print line from the regression test which can be
confusing if the test is picked up again by foozzie.

R=ahaas@chromium.org
CC=zhin@chromium.org

Bug: v8:11357
Change-Id: I75b5c8f35983d2bc1fd2b61adcb2ecfc18564f39
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2653226Reviewed-by: 's avatarZhi An Ng <zhin@chromium.org>
Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72375}
      591db5d9
  53. 26 Jan, 2021 2 commits