2015-02-06 12:07:48 +00:00
|
|
|
// Copyright 2015 the V8 project authors. All rights reserved.
|
|
|
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
|
|
|
// found in the LICENSE file.
|
|
|
|
|
|
2017-08-11 11:22:28 +00:00
|
|
|
#ifndef V8_TEST_CCTEST_TEST_API_H_
|
|
|
|
|
#define V8_TEST_CCTEST_TEST_API_H_
|
|
|
|
|
|
2019-05-24 13:51:59 +00:00
|
|
|
#include "src/init/v8.h"
|
2015-02-06 12:07:48 +00:00
|
|
|
|
2019-05-17 12:13:44 +00:00
|
|
|
#include "src/api/api.h"
|
2019-05-22 07:55:37 +00:00
|
|
|
#include "src/execution/isolate.h"
|
|
|
|
|
#include "src/execution/vm-state.h"
|
2015-02-06 12:07:48 +00:00
|
|
|
#include "test/cctest/cctest.h"
|
|
|
|
|
|
|
|
|
|
template <typename T>
|
|
|
|
|
static void CheckReturnValue(const T& t, i::Address callback) {
|
|
|
|
|
v8::ReturnValue<v8::Value> rv = t.GetReturnValue();
|
2018-12-17 13:34:08 +00:00
|
|
|
i::FullObjectSlot o(*reinterpret_cast<i::Address*>(&rv));
|
2015-02-06 12:07:48 +00:00
|
|
|
CHECK_EQ(CcTest::isolate(), t.GetIsolate());
|
2016-06-06 12:58:10 +00:00
|
|
|
i::Isolate* isolate = reinterpret_cast<i::Isolate*>(t.GetIsolate());
|
2015-02-06 12:07:48 +00:00
|
|
|
CHECK_EQ(t.GetIsolate(), rv.GetIsolate());
|
2016-06-06 12:58:10 +00:00
|
|
|
CHECK((*o).IsTheHole(isolate) || (*o).IsUndefined(isolate));
|
2015-02-06 12:07:48 +00:00
|
|
|
// Verify reset
|
2016-06-06 12:58:10 +00:00
|
|
|
bool is_runtime = (*o).IsTheHole(isolate);
|
2016-04-12 09:33:13 +00:00
|
|
|
if (is_runtime) {
|
|
|
|
|
CHECK(rv.Get()->IsUndefined());
|
|
|
|
|
} else {
|
|
|
|
|
i::Handle<i::Object> v = v8::Utils::OpenHandle(*rv.Get());
|
|
|
|
|
CHECK_EQ(*v, *o);
|
|
|
|
|
}
|
2015-02-06 12:07:48 +00:00
|
|
|
rv.Set(true);
|
2016-06-06 12:58:10 +00:00
|
|
|
CHECK(!(*o).IsTheHole(isolate) && !(*o).IsUndefined(isolate));
|
2015-09-25 14:35:20 +00:00
|
|
|
rv.Set(v8::Local<v8::Object>());
|
2016-06-06 12:58:10 +00:00
|
|
|
CHECK((*o).IsTheHole(isolate) || (*o).IsUndefined(isolate));
|
2016-06-14 10:08:44 +00:00
|
|
|
CHECK_EQ(is_runtime, (*o).IsTheHole(isolate));
|
2015-02-06 12:07:48 +00:00
|
|
|
// If CPU profiler is active check that when API callback is invoked
|
|
|
|
|
// VMState is set to EXTERNAL.
|
2016-06-09 05:23:34 +00:00
|
|
|
if (isolate->is_profiling()) {
|
2015-02-06 12:07:48 +00:00
|
|
|
CHECK_EQ(v8::EXTERNAL, isolate->current_vm_state());
|
|
|
|
|
CHECK(isolate->external_callback_scope());
|
|
|
|
|
CHECK_EQ(callback, isolate->external_callback_scope()->callback());
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-08-11 11:22:28 +00:00
|
|
|
|
2019-06-17 14:45:51 +00:00
|
|
|
template <typename T>
|
|
|
|
|
static void CheckInternalFieldsAreZero(v8::Local<T> value) {
|
|
|
|
|
CHECK_EQ(T::kInternalFieldCount, value->InternalFieldCount());
|
|
|
|
|
for (int i = 0; i < value->InternalFieldCount(); i++) {
|
|
|
|
|
CHECK_EQ(0, value->GetInternalField(i)
|
|
|
|
|
->Int32Value(CcTest::isolate()->GetCurrentContext())
|
|
|
|
|
.FromJust());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
[compiler] Re-reland "Faster JS-to-Wasm calls"
This is a reland of 6ada6a90ee387d8de183208b0ef8b786f1768665
- Fixed a GC issue
https://bugs.chromium.org/p/v8/issues/detail?id=11335:
GC expected all arguments on the stack from code with
CodeKind::TURBOFAN to be tagged objects. This is not the case now with
inlined Wasm calls, and this information can be passed in
SafepointEntry for each call site.
- Disabled JS-to-Wasm inlining for calls inside try/catch.
For more details, see updated doc:
https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit#
Bug: v8:11092
Original change's description:
> Reland "Faster JS-to-Wasm calls"
>
> This is a reland of 860fcb1bd2bd6447e08f3636874ac7abcd77b781
>
> - Disabled the tests for this feature in V8-lite mode (the original
> change broke V8-lite tests).
> - Also modified test console-profile-wasm.js that was brittle with this
> change because it assumed that there was always a JS-to-Wasm wrapper
> but this is not the case when the TurboFan compilation completes before
> the Liftoff-compiled code starts to run.
>
> More changes in Patchset 8:
>
> - Moved inlining of the "JSToWasm Wrapper" away from simplified-lowering,
> into a new phase, wasm-inlining that reuses the JSInliner reducer.
> The doc
> https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit#
> describes the new logic.
>
> - Fixed a couple of small issues in wasm_compiler.cc to make sure that
> the graph "JSToWasm Wrapper" subgraph has a valid Control chain;
> this should solve the problem we had inlining the calls in functions
> that can throw exception.
Original change's description:
> Faster JS-to-Wasm calls
>
> This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/.
>
> Currently JS-to-Wasm calls go through a wrapper/trampoline, built on
> the basis of the signature of a Wasm function to call, and whose task
> is to:
> - set "thread_in_wasm_flag" to true
> - convert the arguments from tagged types into Wasm native types
> - calculate the address of the Wasm function to call and call it
> - convert back the result from Wasm native types into tagged types
> - reset "thread_in_wasm_flag" to false.
>
> This CL tries to improve the performance of JS-to-Wasm calls by
> inlining the code of the JS-to-Wasm wrappers in the call site.
>
> It introduces a new IR operand, JSWasmCall, which replaces JSCall for
> this kind of calls. A 'JSWasmCall' node is associated to
> WasmCallParameters, which contain information about the signature of
> the Wasm function to call.
>
> WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid
> generating code to convert the types for the arguments
> of the Wasm function, when the conversion is not necessary.
> The actual inlining of the graph generated for this wrapper happens in
> the simplified-lowering phase.
>
> A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage
> lazy deoptimizations that can happen if the Wasm function callee calls
> back some JS code that invalidates the compiled JS caller function.
>
Bug: v8:11092
Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
Change-Id: Ie052634598754feab4ff36d10fd04e008b5227a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649777
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72541}
2021-02-04 15:46:10 +00:00
|
|
|
template <typename T>
|
|
|
|
|
struct ConvertJSValue {
|
|
|
|
|
static v8::Maybe<T> Get(v8::Local<v8::Value> value,
|
|
|
|
|
v8::Local<v8::Context> context);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
template <>
|
|
|
|
|
struct ConvertJSValue<int32_t> {
|
|
|
|
|
static v8::Maybe<int32_t> Get(v8::Local<v8::Value> value,
|
|
|
|
|
v8::Local<v8::Context> context) {
|
|
|
|
|
return value->Int32Value(context);
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
template <>
|
|
|
|
|
struct ConvertJSValue<uint32_t> {
|
|
|
|
|
static v8::Maybe<uint32_t> Get(v8::Local<v8::Value> value,
|
|
|
|
|
v8::Local<v8::Context> context) {
|
|
|
|
|
return value->Uint32Value(context);
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// NaNs and +/-Infinity should be 0, otherwise (modulo 2^64) - 2^63.
|
|
|
|
|
// Step 8 - 12 of https://heycam.github.io/webidl/#abstract-opdef-converttoint
|
|
|
|
|
// The int64_t and uint64_t implementations below are copied from Blink:
|
|
|
|
|
// https://source.chromium.org/chromium/chromium/src/+/master:third_party/blink/renderer/bindings/core/v8/v8_binding_for_core.h;l=249?q=doubletointeger&sq=&ss=chromium%2Fchromium%2Fsrc
|
|
|
|
|
template <>
|
|
|
|
|
struct ConvertJSValue<int64_t> {
|
|
|
|
|
static v8::Maybe<int64_t> Get(v8::Local<v8::Value> value,
|
|
|
|
|
v8::Local<v8::Context> context) {
|
|
|
|
|
v8::Maybe<double> double_value = value->NumberValue(context);
|
|
|
|
|
if (!double_value.IsJust()) {
|
|
|
|
|
return v8::Nothing<int64_t>();
|
|
|
|
|
}
|
|
|
|
|
double result = double_value.ToChecked();
|
|
|
|
|
if (std::isinf(result) || std::isnan(result)) {
|
|
|
|
|
return v8::Just(int64_t(0));
|
|
|
|
|
}
|
|
|
|
|
result = trunc(result);
|
|
|
|
|
|
|
|
|
|
constexpr uint64_t kMaxULL = std::numeric_limits<uint64_t>::max();
|
|
|
|
|
|
|
|
|
|
// -2^{64} < fmod_value < 2^{64}.
|
2021-06-25 17:08:16 +00:00
|
|
|
double fmod_value = fmod(result, static_cast<double>(kMaxULL));
|
[compiler] Re-reland "Faster JS-to-Wasm calls"
This is a reland of 6ada6a90ee387d8de183208b0ef8b786f1768665
- Fixed a GC issue
https://bugs.chromium.org/p/v8/issues/detail?id=11335:
GC expected all arguments on the stack from code with
CodeKind::TURBOFAN to be tagged objects. This is not the case now with
inlined Wasm calls, and this information can be passed in
SafepointEntry for each call site.
- Disabled JS-to-Wasm inlining for calls inside try/catch.
For more details, see updated doc:
https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit#
Bug: v8:11092
Original change's description:
> Reland "Faster JS-to-Wasm calls"
>
> This is a reland of 860fcb1bd2bd6447e08f3636874ac7abcd77b781
>
> - Disabled the tests for this feature in V8-lite mode (the original
> change broke V8-lite tests).
> - Also modified test console-profile-wasm.js that was brittle with this
> change because it assumed that there was always a JS-to-Wasm wrapper
> but this is not the case when the TurboFan compilation completes before
> the Liftoff-compiled code starts to run.
>
> More changes in Patchset 8:
>
> - Moved inlining of the "JSToWasm Wrapper" away from simplified-lowering,
> into a new phase, wasm-inlining that reuses the JSInliner reducer.
> The doc
> https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit#
> describes the new logic.
>
> - Fixed a couple of small issues in wasm_compiler.cc to make sure that
> the graph "JSToWasm Wrapper" subgraph has a valid Control chain;
> this should solve the problem we had inlining the calls in functions
> that can throw exception.
Original change's description:
> Faster JS-to-Wasm calls
>
> This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/.
>
> Currently JS-to-Wasm calls go through a wrapper/trampoline, built on
> the basis of the signature of a Wasm function to call, and whose task
> is to:
> - set "thread_in_wasm_flag" to true
> - convert the arguments from tagged types into Wasm native types
> - calculate the address of the Wasm function to call and call it
> - convert back the result from Wasm native types into tagged types
> - reset "thread_in_wasm_flag" to false.
>
> This CL tries to improve the performance of JS-to-Wasm calls by
> inlining the code of the JS-to-Wasm wrappers in the call site.
>
> It introduces a new IR operand, JSWasmCall, which replaces JSCall for
> this kind of calls. A 'JSWasmCall' node is associated to
> WasmCallParameters, which contain information about the signature of
> the Wasm function to call.
>
> WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid
> generating code to convert the types for the arguments
> of the Wasm function, when the conversion is not necessary.
> The actual inlining of the graph generated for this wrapper happens in
> the simplified-lowering phase.
>
> A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage
> lazy deoptimizations that can happen if the Wasm function callee calls
> back some JS code that invalidates the compiled JS caller function.
>
Bug: v8:11092
Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
Change-Id: Ie052634598754feab4ff36d10fd04e008b5227a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649777
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72541}
2021-02-04 15:46:10 +00:00
|
|
|
if (fmod_value >= 0) {
|
|
|
|
|
if (fmod_value < pow(2, 63)) {
|
|
|
|
|
// 0 <= fmod_value < 2^{63}.
|
|
|
|
|
// 0 <= value < 2^{63}. This cast causes no loss.
|
|
|
|
|
return v8::Just(static_cast<int64_t>(fmod_value));
|
|
|
|
|
} else {
|
|
|
|
|
// 2^{63} <= fmod_value < 2^{64}.
|
|
|
|
|
// 2^{63} <= value < 2^{64}. This cast causes no loss.
|
|
|
|
|
return v8::Just(static_cast<int64_t>(fmod_value - pow(2, 64)));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
// -2^{64} < fmod_value < 0.
|
|
|
|
|
// 0 < fmod_value_uint64 < 2^{64}. This cast causes no loss.
|
|
|
|
|
uint64_t fmod_value_uint64 = static_cast<uint64_t>(-fmod_value);
|
|
|
|
|
// -1 < (kMaxULL - fmod_value_uint64) < 2^{64} - 1.
|
|
|
|
|
// 0 < value < 2^{64}.
|
|
|
|
|
return v8::Just(static_cast<int64_t>(kMaxULL - fmod_value_uint64 + 1));
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
template <>
|
|
|
|
|
struct ConvertJSValue<uint64_t> {
|
|
|
|
|
static v8::Maybe<uint64_t> Get(v8::Local<v8::Value> value,
|
|
|
|
|
v8::Local<v8::Context> context) {
|
|
|
|
|
v8::Maybe<double> double_value = value->NumberValue(context);
|
|
|
|
|
if (!double_value.IsJust()) {
|
|
|
|
|
return v8::Nothing<uint64_t>();
|
|
|
|
|
}
|
|
|
|
|
double result = double_value.ToChecked();
|
|
|
|
|
if (std::isinf(result) || std::isnan(result)) {
|
|
|
|
|
return v8::Just(uint64_t(0));
|
|
|
|
|
}
|
|
|
|
|
result = trunc(result);
|
|
|
|
|
|
|
|
|
|
constexpr uint64_t kMaxULL = std::numeric_limits<uint64_t>::max();
|
|
|
|
|
|
|
|
|
|
// -2^{64} < fmod_value < 2^{64}.
|
2021-06-25 17:08:16 +00:00
|
|
|
double fmod_value = fmod(result, static_cast<double>(kMaxULL));
|
[compiler] Re-reland "Faster JS-to-Wasm calls"
This is a reland of 6ada6a90ee387d8de183208b0ef8b786f1768665
- Fixed a GC issue
https://bugs.chromium.org/p/v8/issues/detail?id=11335:
GC expected all arguments on the stack from code with
CodeKind::TURBOFAN to be tagged objects. This is not the case now with
inlined Wasm calls, and this information can be passed in
SafepointEntry for each call site.
- Disabled JS-to-Wasm inlining for calls inside try/catch.
For more details, see updated doc:
https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit#
Bug: v8:11092
Original change's description:
> Reland "Faster JS-to-Wasm calls"
>
> This is a reland of 860fcb1bd2bd6447e08f3636874ac7abcd77b781
>
> - Disabled the tests for this feature in V8-lite mode (the original
> change broke V8-lite tests).
> - Also modified test console-profile-wasm.js that was brittle with this
> change because it assumed that there was always a JS-to-Wasm wrapper
> but this is not the case when the TurboFan compilation completes before
> the Liftoff-compiled code starts to run.
>
> More changes in Patchset 8:
>
> - Moved inlining of the "JSToWasm Wrapper" away from simplified-lowering,
> into a new phase, wasm-inlining that reuses the JSInliner reducer.
> The doc
> https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit#
> describes the new logic.
>
> - Fixed a couple of small issues in wasm_compiler.cc to make sure that
> the graph "JSToWasm Wrapper" subgraph has a valid Control chain;
> this should solve the problem we had inlining the calls in functions
> that can throw exception.
Original change's description:
> Faster JS-to-Wasm calls
>
> This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/.
>
> Currently JS-to-Wasm calls go through a wrapper/trampoline, built on
> the basis of the signature of a Wasm function to call, and whose task
> is to:
> - set "thread_in_wasm_flag" to true
> - convert the arguments from tagged types into Wasm native types
> - calculate the address of the Wasm function to call and call it
> - convert back the result from Wasm native types into tagged types
> - reset "thread_in_wasm_flag" to false.
>
> This CL tries to improve the performance of JS-to-Wasm calls by
> inlining the code of the JS-to-Wasm wrappers in the call site.
>
> It introduces a new IR operand, JSWasmCall, which replaces JSCall for
> this kind of calls. A 'JSWasmCall' node is associated to
> WasmCallParameters, which contain information about the signature of
> the Wasm function to call.
>
> WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid
> generating code to convert the types for the arguments
> of the Wasm function, when the conversion is not necessary.
> The actual inlining of the graph generated for this wrapper happens in
> the simplified-lowering phase.
>
> A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage
> lazy deoptimizations that can happen if the Wasm function callee calls
> back some JS code that invalidates the compiled JS caller function.
>
Bug: v8:11092
Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
Change-Id: Ie052634598754feab4ff36d10fd04e008b5227a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649777
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72541}
2021-02-04 15:46:10 +00:00
|
|
|
if (fmod_value >= 0) {
|
|
|
|
|
return v8::Just(static_cast<uint64_t>(fmod_value));
|
|
|
|
|
}
|
|
|
|
|
// -2^{64} < fmod_value < 0.
|
|
|
|
|
// 0 < fmod_value_uint64 < 2^{64}. This cast causes no loss.
|
|
|
|
|
uint64_t fmod_value_uint64 = static_cast<uint64_t>(-fmod_value);
|
|
|
|
|
// -1 < (kMaxULL - fmod_value_uint64) < 2^{64} - 1.
|
|
|
|
|
// 0 < value < 2^{64}.
|
|
|
|
|
return v8::Just(static_cast<uint64_t>(kMaxULL - fmod_value_uint64 + 1));
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
template <>
|
|
|
|
|
struct ConvertJSValue<v8::BigInt> {
|
|
|
|
|
static v8::Maybe<v8::Local<v8::BigInt>> Get(v8::Local<v8::Value> value,
|
|
|
|
|
v8::Local<v8::Context> context) {
|
|
|
|
|
if (value->IsBigInt()) {
|
|
|
|
|
return v8::Just(value.As<v8::BigInt>());
|
|
|
|
|
}
|
|
|
|
|
return v8::Nothing<v8::Local<v8::BigInt>>();
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
template <>
|
|
|
|
|
struct ConvertJSValue<float> {
|
|
|
|
|
static v8::Maybe<float> Get(v8::Local<v8::Value> value,
|
|
|
|
|
v8::Local<v8::Context> context) {
|
|
|
|
|
v8::Maybe<double> val = value->NumberValue(context);
|
|
|
|
|
if (val.IsNothing()) return v8::Nothing<float>();
|
|
|
|
|
return v8::Just(static_cast<float>(val.ToChecked()));
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
template <>
|
|
|
|
|
struct ConvertJSValue<double> {
|
|
|
|
|
static v8::Maybe<double> Get(v8::Local<v8::Value> value,
|
|
|
|
|
v8::Local<v8::Context> context) {
|
|
|
|
|
return value->NumberValue(context);
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
template <>
|
|
|
|
|
struct ConvertJSValue<bool> {
|
|
|
|
|
static v8::Maybe<bool> Get(v8::Local<v8::Value> value,
|
|
|
|
|
v8::Local<v8::Context> context) {
|
|
|
|
|
return v8::Just<bool>(value->BooleanValue(CcTest::isolate()));
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2017-08-11 11:22:28 +00:00
|
|
|
#endif // V8_TEST_CCTEST_TEST_API_H_
|
