2019-11-11 14:13:20 +00:00
|
|
|
// Copyright 2019 the V8 project authors. All rights reserved.
|
|
|
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
|
|
|
// found in the LICENSE file.
|
|
|
|
|
|
2020-10-21 19:33:52 +00:00
|
|
|
@useParentTypeChecker
|
2020-09-15 15:24:50 +00:00
|
|
|
type PodArrayOfWasmValueType extends ByteArray
|
2020-10-21 19:33:52 +00:00
|
|
|
constexpr 'PodArray<wasm::ValueType>';
|
|
|
|
|
@useParentTypeChecker
|
2020-09-15 15:24:50 +00:00
|
|
|
type ManagedWasmNativeModule extends Foreign
|
2020-10-21 19:33:52 +00:00
|
|
|
constexpr 'Managed<wasm::NativeModule>';
|
2020-09-15 15:24:50 +00:00
|
|
|
|
2019-11-11 14:13:20 +00:00
|
|
|
extern class WasmInstanceObject extends JSObject;
|
|
|
|
|
|
2021-10-27 12:37:27 +00:00
|
|
|
// Represents the context of a function that is defined through the JS or C
|
|
|
|
|
// APIs. Corresponds to the WasmInstanceObject passed to a Wasm function
|
|
|
|
|
// reference.
|
2021-11-08 03:01:32 +00:00
|
|
|
// TODO(manoskouk): If V8_HEAP_SANDBOX, we cannot encode the isolate_root as a
|
|
|
|
|
// sandboxed pointer, because that would require having access to the isolate
|
|
|
|
|
// root in the first place.
|
|
|
|
|
extern class WasmApiFunctionRef extends HeapObject {
|
|
|
|
|
isolate_root: RawPtr;
|
2021-10-27 12:37:27 +00:00
|
|
|
native_context: NativeContext;
|
|
|
|
|
callable: JSReceiver|Undefined;
|
|
|
|
|
}
|
|
|
|
|
|
[wasm] Internal representation for function references
Design doc: bit.ly/3jEVgzz
We separate the internal representation of function references in Wasm
from their JSFunction-based (external) representation. This improves
performance of call_ref by requiring less indirections to load the
context and call target from a function reference. In the boundary
between wasm and JS/the C API, we add transformations between the two
representations.
Detailed changes:
- Introduce WasmInternalFunction, containing fields required by
call_ref, as well as a reference to the corresponding
WasmExternalFunction. Add a reference to the WasmInternalFunction in
WasmFunctionData. The {WasmInternalFunction::FromExternal} helper
extracts the internal out of an external function.
- Change {WasmInstanceObject::external_functions()} to internal
functions.
- Change wasm function tables to contain internal functions.
- Change the following code to use internal functions:
- call_ref in liftoff and Turbofan
- function type checks in liftoff and Turbofan
- CallRefIC and GenericJSToWasmWrapper builtins
- {InitExprInterface::RefFunc}
- module-compiler.cc in {ProcessTypeFeedback}
- In module-instantiate.cc, in function-rtt creation.
- Add transformations between internal and external functions in:
- WasmWrapperGraphBuilder::{ToJS, BuildUnpackObjectWrapper, FromJS,
BuildJSToJSWrapper}.
- debug-wasm-objects.cc in {FunctionProxy::Get},
{WasmValueObject::New} and {AddWasmTableObjectInternalProperties}.
- runtime-wasm.cc in ReplaceWrapper
- the C and JS APIs
- module-instantiate.cc, in import and export processing, as well as
{InitializeIndirectFunctionTables}
- WasmTableObject::{IsValidElement, SetFunctionTableEntry}
- {WasmGlobalObject::SetFuncRef}
- Simplify body descriptors of WasmExternalFunction variants.
- Adjust tests.
Bug: v8:11510
Change-Id: I8377f46f55c3771391ae1c5c8201a83854ee7878
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277878
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78068}
2021-11-23 14:31:18 +00:00
|
|
|
// This is the representation that is used internally by wasm to represent
|
|
|
|
|
// function references.
|
|
|
|
|
// The {foreign_address} field inherited from {Foreign} points to the call
|
|
|
|
|
// target.
|
|
|
|
|
extern class WasmInternalFunction extends Foreign {
|
2021-04-29 17:33:11 +00:00
|
|
|
// This is the "reference" value that must be passed along in the "instance"
|
2021-11-01 06:43:07 +00:00
|
|
|
// register when calling the given function. It is either the target instance
|
|
|
|
|
// (for wasm functions), or a WasmApiFunctionRef object (for functions defined
|
|
|
|
|
// through the JS or C APIs).
|
2021-04-29 17:33:11 +00:00
|
|
|
// For imported functions, this value equals the respective entry in
|
|
|
|
|
// the module's imported_function_refs array.
|
2021-11-01 06:43:07 +00:00
|
|
|
ref: WasmInstanceObject|WasmApiFunctionRef;
|
[wasm] Internal representation for function references
Design doc: bit.ly/3jEVgzz
We separate the internal representation of function references in Wasm
from their JSFunction-based (external) representation. This improves
performance of call_ref by requiring less indirections to load the
context and call target from a function reference. In the boundary
between wasm and JS/the C API, we add transformations between the two
representations.
Detailed changes:
- Introduce WasmInternalFunction, containing fields required by
call_ref, as well as a reference to the corresponding
WasmExternalFunction. Add a reference to the WasmInternalFunction in
WasmFunctionData. The {WasmInternalFunction::FromExternal} helper
extracts the internal out of an external function.
- Change {WasmInstanceObject::external_functions()} to internal
functions.
- Change wasm function tables to contain internal functions.
- Change the following code to use internal functions:
- call_ref in liftoff and Turbofan
- function type checks in liftoff and Turbofan
- CallRefIC and GenericJSToWasmWrapper builtins
- {InitExprInterface::RefFunc}
- module-compiler.cc in {ProcessTypeFeedback}
- In module-instantiate.cc, in function-rtt creation.
- Add transformations between internal and external functions in:
- WasmWrapperGraphBuilder::{ToJS, BuildUnpackObjectWrapper, FromJS,
BuildJSToJSWrapper}.
- debug-wasm-objects.cc in {FunctionProxy::Get},
{WasmValueObject::New} and {AddWasmTableObjectInternalProperties}.
- runtime-wasm.cc in ReplaceWrapper
- the C and JS APIs
- module-instantiate.cc, in import and export processing, as well as
{InitializeIndirectFunctionTables}
- WasmTableObject::{IsValidElement, SetFunctionTableEntry}
- {WasmGlobalObject::SetFuncRef}
- Simplify body descriptors of WasmExternalFunction variants.
- Adjust tests.
Bug: v8:11510
Change-Id: I8377f46f55c3771391ae1c5c8201a83854ee7878
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277878
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78068}
2021-11-23 14:31:18 +00:00
|
|
|
// The external (JS) representation of this function reference.
|
|
|
|
|
external: JSFunction|Undefined;
|
|
|
|
|
// This field is used when the call target is null.
|
|
|
|
|
@if(V8_EXTERNAL_CODE_SPACE) code: CodeDataContainer;
|
|
|
|
|
@ifnot(V8_EXTERNAL_CODE_SPACE) code: Code;
|
|
|
|
|
}
|
|
|
|
|
// WasmInternalFunction is safely comparable for pointer equality.
|
|
|
|
|
extern operator '==' macro TaggedEqual(WasmInternalFunction, Object): bool;
|
|
|
|
|
extern operator '==' macro TaggedEqual(Object, WasmInternalFunction): bool;
|
|
|
|
|
|
|
|
|
|
extern class WasmFunctionData extends HeapObject {
|
|
|
|
|
// The wasm-internal representation of this function object.
|
|
|
|
|
internal: WasmInternalFunction;
|
2021-05-19 15:44:05 +00:00
|
|
|
// Used for calling this function from JavaScript.
|
2021-06-17 17:27:45 +00:00
|
|
|
@if(V8_EXTERNAL_CODE_SPACE) wrapper_code: CodeDataContainer;
|
|
|
|
|
@ifnot(V8_EXTERNAL_CODE_SPACE) wrapper_code: Code;
|
2021-04-29 17:33:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
extern class WasmExportedFunctionData extends WasmFunctionData {
|
2021-07-09 18:06:24 +00:00
|
|
|
// This is the instance that exported the function (which in case of
|
|
|
|
|
// imported and re-exported functions is different from the instance
|
|
|
|
|
// where the function is defined -- for the latter see WasmFunctionData::ref).
|
2019-11-11 14:13:20 +00:00
|
|
|
instance: WasmInstanceObject;
|
|
|
|
|
function_index: Smi;
|
2020-10-06 11:48:17 +00:00
|
|
|
signature: Foreign;
|
2020-11-11 17:23:19 +00:00
|
|
|
wrapper_budget: Smi;
|
2019-11-11 14:13:20 +00:00
|
|
|
// The remaining fields are for fast calling from C++. The contract is
|
|
|
|
|
// that they are lazily populated, and either all will be present or none.
|
2021-06-17 22:10:06 +00:00
|
|
|
@if(V8_EXTERNAL_CODE_SPACE) c_wrapper_code: CodeDataContainer;
|
|
|
|
|
@ifnot(V8_EXTERNAL_CODE_SPACE) c_wrapper_code: Code;
|
2019-11-11 14:13:20 +00:00
|
|
|
packed_args_size: Smi;
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-29 17:33:11 +00:00
|
|
|
extern class WasmJSFunctionData extends WasmFunctionData {
|
2019-11-11 14:13:20 +00:00
|
|
|
serialized_return_count: Smi;
|
|
|
|
|
serialized_parameter_count: Smi;
|
2020-09-15 15:24:50 +00:00
|
|
|
serialized_signature: PodArrayOfWasmValueType;
|
2019-11-11 14:13:20 +00:00
|
|
|
}
|
|
|
|
|
|
2021-05-19 15:44:05 +00:00
|
|
|
extern class WasmCapiFunctionData extends WasmFunctionData {
|
2019-11-11 14:13:20 +00:00
|
|
|
embedder_data: Foreign; // Managed<wasm::FuncData>
|
2020-09-15 15:24:50 +00:00
|
|
|
serialized_signature: PodArrayOfWasmValueType;
|
2019-11-11 14:13:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
extern class WasmIndirectFunctionTable extends Struct {
|
|
|
|
|
size: uint32;
|
|
|
|
|
@if(TAGGED_SIZE_8_BYTES) optional_padding: uint32;
|
|
|
|
|
@ifnot(TAGGED_SIZE_8_BYTES) optional_padding: void;
|
|
|
|
|
sig_ids: RawPtr;
|
|
|
|
|
targets: RawPtr;
|
|
|
|
|
managed_native_allocations: Foreign|Undefined;
|
|
|
|
|
refs: FixedArray;
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-14 14:48:28 +00:00
|
|
|
extern class WasmContinuationObject extends Struct {
|
2021-12-02 14:22:03 +00:00
|
|
|
stack: Foreign;
|
|
|
|
|
jmpbuf: Foreign; // Direct access to the stack's jump buffer.
|
2021-10-14 14:48:28 +00:00
|
|
|
parent: WasmContinuationObject|Undefined;
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-05 14:02:33 +00:00
|
|
|
extern class WasmSuspenderObject extends JSObject {
|
|
|
|
|
continuation: WasmContinuationObject|Undefined;
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-11 14:13:20 +00:00
|
|
|
extern class WasmExceptionTag extends Struct {
|
2020-03-17 17:14:51 +00:00
|
|
|
// Note that this index is only useful for debugging purposes and it is not
|
|
|
|
|
// unique across modules. The GC however does not allow objects without at
|
|
|
|
|
// least one field, hence this also serves as a padding field for now.
|
2019-11-11 14:13:20 +00:00
|
|
|
index: Smi;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
extern class WasmModuleObject extends JSObject {
|
2021-07-09 18:06:24 +00:00
|
|
|
managed_native_module: ManagedWasmNativeModule;
|
2019-11-11 14:13:20 +00:00
|
|
|
export_wrappers: FixedArray;
|
|
|
|
|
script: Script;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
extern class WasmTableObject extends JSObject {
|
2021-07-09 18:06:24 +00:00
|
|
|
// The instance in which this WasmTableObject is defined.
|
|
|
|
|
// This field is undefined if the global is defined outside any Wasm module,
|
|
|
|
|
// i.e., through the JS API (WebAssembly.Table).
|
|
|
|
|
// Because it might be undefined, we declare it as a HeapObject.
|
2020-09-18 15:22:35 +00:00
|
|
|
instance: WasmInstanceObject|Undefined;
|
2021-07-09 18:06:24 +00:00
|
|
|
// The entries array is at least as big as {current_length()}, but might be
|
|
|
|
|
// bigger to make future growth more efficient.
|
2019-11-11 14:13:20 +00:00
|
|
|
entries: FixedArray;
|
2019-11-27 11:58:26 +00:00
|
|
|
current_length: Smi;
|
2019-11-11 14:13:20 +00:00
|
|
|
maximum_length: Smi|HeapNumber|Undefined;
|
|
|
|
|
dispatch_tables: FixedArray;
|
|
|
|
|
raw_type: Smi;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
extern class WasmMemoryObject extends JSObject {
|
|
|
|
|
array_buffer: JSArrayBuffer;
|
|
|
|
|
maximum_pages: Smi;
|
|
|
|
|
instances: WeakArrayList|Undefined;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
extern class WasmGlobalObject extends JSObject {
|
2021-07-09 18:06:24 +00:00
|
|
|
// The instance in which this WasmGlobalObject is defined.
|
|
|
|
|
// This field is undefined if the global is defined outside any Wasm module,
|
|
|
|
|
// i.e., through the JS API (WebAssembly.Global).
|
|
|
|
|
// Because it might be undefined, we declare it as a HeapObject.
|
2020-09-14 08:05:52 +00:00
|
|
|
instance: WasmInstanceObject|Undefined;
|
2019-11-11 14:13:20 +00:00
|
|
|
untagged_buffer: JSArrayBuffer|Undefined;
|
|
|
|
|
tagged_buffer: FixedArray|Undefined;
|
|
|
|
|
offset: Smi;
|
[wasm-gc] Change ValueType representation to account for new types
Motivation:
Changes to the typed function references and gc proposals solidified
the notion of heap type, clarified nullable vs. non-nullable reference
types, and introduced rtts, which contain an integer depth field in
addition to a heap type. This required us to overhaul our ValueType
representation, which results in extensive changes.
To keep this CL "small", we do not try to implement the binary encoding
as described in the proposals, but rather devise a simpler one of our
own (see below). Also, we do not try to implement additional
functionality for the new types.
Changes:
- Introduce HeapType. Move heap types from ValueType to HeapType.
- Introduce Nullability for reference types.
- Rework ValueType helper methods.
- Introduce rtts in ValueType with an integer depth field. Include depth
in the ValueType encoding.
- Make the constructor of ValueType private, instead expose static
functions which explicitly state what they create.
- Change every switch statement on ValueType::Kind. Sometimes, we need
nested switches.
- Introduce temporary constants in ValueTypeCode for nullable types,
use them for decoding.
- In WasmGlobalObject, split 'flags' into 'raw_type' and 'is_mutable'.
- Change IsSubtypeOfRef to IsSubtypeOfHeap and implement changes in
subtyping.
- kWasmFuncRef initializers are now non-nullable. Initializers are
only required to be subtypes of the declared global type.
- Change tests and fuzzers as needed.
Bug: v8:7748
Change-Id: If41f783bd4128443b07e94188cea7dd53ab0bfa5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247657
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68408}
2020-06-18 11:24:07 +00:00
|
|
|
raw_type: Smi;
|
2021-07-09 18:06:24 +00:00
|
|
|
// TODO(7748): If we encode mutability in raw_type, turn this into a boolean
|
|
|
|
|
// accessor.
|
[wasm-gc] Change ValueType representation to account for new types
Motivation:
Changes to the typed function references and gc proposals solidified
the notion of heap type, clarified nullable vs. non-nullable reference
types, and introduced rtts, which contain an integer depth field in
addition to a heap type. This required us to overhaul our ValueType
representation, which results in extensive changes.
To keep this CL "small", we do not try to implement the binary encoding
as described in the proposals, but rather devise a simpler one of our
own (see below). Also, we do not try to implement additional
functionality for the new types.
Changes:
- Introduce HeapType. Move heap types from ValueType to HeapType.
- Introduce Nullability for reference types.
- Rework ValueType helper methods.
- Introduce rtts in ValueType with an integer depth field. Include depth
in the ValueType encoding.
- Make the constructor of ValueType private, instead expose static
functions which explicitly state what they create.
- Change every switch statement on ValueType::Kind. Sometimes, we need
nested switches.
- Introduce temporary constants in ValueTypeCode for nullable types,
use them for decoding.
- In WasmGlobalObject, split 'flags' into 'raw_type' and 'is_mutable'.
- Change IsSubtypeOfRef to IsSubtypeOfHeap and implement changes in
subtyping.
- kWasmFuncRef initializers are now non-nullable. Initializers are
only required to be subtypes of the declared global type.
- Change tests and fuzzers as needed.
Bug: v8:7748
Change-Id: If41f783bd4128443b07e94188cea7dd53ab0bfa5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247657
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68408}
2020-06-18 11:24:07 +00:00
|
|
|
is_mutable: Smi;
|
2019-11-11 14:13:20 +00:00
|
|
|
}
|
|
|
|
|
|
2021-07-29 11:09:02 +00:00
|
|
|
extern class WasmTagObject extends JSObject {
|
2020-09-15 15:24:50 +00:00
|
|
|
serialized_signature: PodArrayOfWasmValueType;
|
2021-07-29 11:09:02 +00:00
|
|
|
tag: HeapObject;
|
2019-11-11 14:13:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type WasmExportedFunction extends JSFunction;
|
|
|
|
|
|
|
|
|
|
extern class AsmWasmData extends Struct {
|
2020-09-15 15:24:50 +00:00
|
|
|
managed_native_module: ManagedWasmNativeModule;
|
2019-11-11 14:13:20 +00:00
|
|
|
export_wrappers: FixedArray;
|
|
|
|
|
uses_bitset: HeapNumber;
|
|
|
|
|
}
|
2020-04-21 10:30:18 +00:00
|
|
|
|
2020-06-29 14:15:41 +00:00
|
|
|
extern class WasmTypeInfo extends Foreign {
|
2020-11-11 16:09:47 +00:00
|
|
|
supertypes: FixedArray;
|
2020-07-07 12:36:00 +00:00
|
|
|
subtypes: ArrayList;
|
2021-05-07 11:37:58 +00:00
|
|
|
// In bytes, used for struct allocation.
|
|
|
|
|
instance_size: Smi;
|
2021-07-22 14:10:51 +00:00
|
|
|
// We must make sure that the StructType/ArrayType, which is allocated in
|
|
|
|
|
// the WasmModule's "signature_zone", stays around as long as there are
|
|
|
|
|
// HeapObjects referring to it. Short term, we simply keep a reference to
|
|
|
|
|
// the instance, which in turn keeps the entire WasmModule alive.
|
|
|
|
|
// TODO(jkummerow): Possible optimization: manage the "signature_zone"'s
|
|
|
|
|
// lifetime separately by having WasmModule refer to it via std::shared_ptr,
|
|
|
|
|
// and introduce a new link from here to just that zone using a Managed<...>.
|
|
|
|
|
// Details: https://bit.ly/2UxD4hW
|
|
|
|
|
instance: WasmInstanceObject;
|
2020-06-29 14:15:41 +00:00
|
|
|
}
|
|
|
|
|
|
2021-05-21 12:28:43 +00:00
|
|
|
// WasmObject corresponds to data ref types which are WasmStruct and WasmArray.
|
|
|
|
|
@abstract
|
2021-05-25 11:24:43 +00:00
|
|
|
extern class WasmObject extends JSReceiver {
|
2021-05-21 12:28:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@highestInstanceTypeWithinParentClassRange
|
|
|
|
|
extern class WasmStruct extends WasmObject {
|
2020-04-21 10:30:18 +00:00
|
|
|
}
|
2020-05-07 14:55:58 +00:00
|
|
|
|
2021-05-21 12:28:43 +00:00
|
|
|
@lowestInstanceTypeWithinParentClassRange
|
|
|
|
|
extern class WasmArray extends WasmObject {
|
2020-05-07 14:55:58 +00:00
|
|
|
length: uint32;
|
|
|
|
|
|
|
|
|
|
@if(TAGGED_SIZE_8_BYTES) optional_padding: uint32;
|
|
|
|
|
@ifnot(TAGGED_SIZE_8_BYTES) optional_padding: void;
|
|
|
|
|
}
|
