Instead, it is supposed to just return an empty context if it failed.
Also don't invoke interceptors (we don't for the parts that deserialize
from the snapshot anyways).
BUG=v8:5830
R=yangguo@chromium.org
Review-Url: https://codereview.chromium.org/2636903002
Cr-Commit-Position: refs/heads/master@{#42404}
Reason for revert:
OK, the failure really does seem to be due to this patch: It triggers Clang to crash
FAILED: obj/test/unittests/unittests/function-body-decoder-unittest.obj
E:\b\build\slave\cache\cipd\goma/gomacc.exe ../../third_party/llvm-build/Release+Asserts/bin/clang-cl.exe /nologo /showIncludes /FC @obj/test/unittests/unittests/function-body-decoder-unittest.obj.rsp /c ../../test/unittests/wasm/function-body-decoder-unittest.cc /Foobj/test/unittests/unittests/function-body-decoder-unittest.obj /Fd"obj/test/unittests/unittests_cc.pdb"
Assertion failed: (NumGaps == 0 || Bias < MaxDefRange) && "large ranges should not have gaps", file E:\b\build\slave\win_upload_clang\build\src\third_party\llvm\lib\MC\MCCodeView.cpp, line 531
Wrote crash dump file "C:\Users\CHROME~2\AppData\Local\Temp\goma_temp.5068\clang-cl.exe-563144.dmp"
Let's leave it out for now.
Original issue's description:
> Reland of [wasm] Enforce that function bodies end with the \"end\" opcode. (patchset #1 id:1 of https://codereview.chromium.org/2628883006/ )
>
> Reason for revert:
> Try a reland; this might not have been the source of tree-closing.
>
> Original issue's description:
> > Revert of [wasm] Enforce that function bodies end with the \"end\" opcode. (patchset #3 id:40001 of https://codereview.chromium.org/2630553002/ )
> >
> > Reason for revert:
> > Caused tree to close by failing compilation:
> >
> > https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20clang/builds/4451
> >
> > Original issue's description:
> > > [wasm] Enforce that function bodies end with the \"end\" opcode.
> > >
> > > R=rossberg@chromium.org
> > > BUG=chromium:575167
> > >
> > > Review-Url: https://codereview.chromium.org/2630553002
> > > Cr-Commit-Position: refs/heads/master@{#42286}
> > > Committed: fcc6e85ec6
> >
> > TBR=mtrofin@chromium.org,rossberg@chromium.org,jbroman@chromium.org,titzer@chromium.org
> > # Skipping CQ checks because original CL landed less than 1 days ago.
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > BUG=chromium:575167
> >
> > Review-Url: https://codereview.chromium.org/2628883006
> > Cr-Commit-Position: refs/heads/master@{#42287}
> > Committed: 1d32a3989b
>
> TBR=mtrofin@chromium.org,rossberg@chromium.org,jbroman@chromium.org,titzer@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:575167
>
> Review-Url: https://codereview.chromium.org/2628203003
> Cr-Commit-Position: refs/heads/master@{#42296}
> Committed: e539bd8e0eTBR=mtrofin@chromium.org,rossberg@chromium.org,jbroman@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:575167
Review-Url: https://codereview.chromium.org/2633583002
Cr-Commit-Position: refs/heads/master@{#42298}
Reason for revert:
Try a reland; this might not have been the source of tree-closing.
Original issue's description:
> Revert of [wasm] Enforce that function bodies end with the \"end\" opcode. (patchset #3 id:40001 of https://codereview.chromium.org/2630553002/ )
>
> Reason for revert:
> Caused tree to close by failing compilation:
>
> https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20clang/builds/4451
>
> Original issue's description:
> > [wasm] Enforce that function bodies end with the \"end\" opcode.
> >
> > R=rossberg@chromium.org
> > BUG=chromium:575167
> >
> > Review-Url: https://codereview.chromium.org/2630553002
> > Cr-Commit-Position: refs/heads/master@{#42286}
> > Committed: fcc6e85ec6
>
> TBR=mtrofin@chromium.org,rossberg@chromium.org,jbroman@chromium.org,titzer@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=chromium:575167
>
> Review-Url: https://codereview.chromium.org/2628883006
> Cr-Commit-Position: refs/heads/master@{#42287}
> Committed: 1d32a3989bTBR=mtrofin@chromium.org,rossberg@chromium.org,jbroman@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:575167
Review-Url: https://codereview.chromium.org/2628203003
Cr-Commit-Position: refs/heads/master@{#42296}
- Refactor Dispatch tables to have separate function, signature tables
- New Relocation type for WasmFunctionTableReference, assembler, compiler support.
- RelocInfo helper functions for Wasm references
Review-Url: https://codereview.chromium.org/2627543003
Cr-Commit-Position: refs/heads/master@{#42192}
Reason for revert:
F32x4Add / Sub are still failing. I'll have to investigate on ARM hardware when I get back.
Original issue's description:
> [WASM] Fix failing Wasm SIMD F32x4 tests.
> - Perform lane checks using FP compare instead of reinterpret casts. 0 and -0
> will be different under I32 compare.
> - Some arithmetic operations can generate NaN results, such as adding -Inf
> and +Inf. Skip these tests until we have a way to do more sophisticated
> FP comparisons in the SIMD tests.
> - Eliminate a redundant F32x4 parameter for FP SIMD vector checking. We will only have this one FP type.
>
> LOG=N
> BUG=v8:4124
>
> Review-Url: https://codereview.chromium.org/2594043002
> Cr-Commit-Position: refs/heads/master@{#42154}
> Committed: 5560bbb498TBR=titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2624713002
Cr-Commit-Position: refs/heads/master@{#42162}
- Perform lane checks using FP compare instead of reinterpret casts. 0 and -0
will be different under I32 compare.
- Some arithmetic operations can generate NaN results, such as adding -Inf
and +Inf. Skip these tests until we have a way to do more sophisticated
FP comparisons in the SIMD tests.
- Eliminate a redundant F32x4 parameter for FP SIMD vector checking. We will only have this one FP type.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2594043002
Cr-Commit-Position: refs/heads/master@{#42154}
This CL simplifies the relation between the wasm graph builder, the
wasm decoder, and the wasm module they work on.
BUG=
Review-Url: https://codereview.chromium.org/2612643002
Cr-Commit-Position: refs/heads/master@{#42056}
On ARM Neon at least, denormals flush to zero, which may not match
regular FP behavior.
LOG=N
BUG=v8:4124
Review-Url: https://codereview.chromium.org/2598583002
Cr-Commit-Position: refs/heads/master@{#41895}
This is more renaming work to comply with the naming in the public
design repository. E.g. types are called "value types" and we no longer
refer to ASTs.
R=clemensh@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2594993002
Cr-Commit-Position: refs/heads/master@{#41891}
The new object will hold information which is shared by all clones of a
WasmCompiledModule, e.g. the decoded asm.js offset table, and in the
future also breakpoints. From there, we can set them on each new
instantiation of any clone.
While already changing lots of the code base, I also renamed all
getters from "get_foo" to "foo", to conform to the style guide.
R=titzer@chromium.org, yangguo@chromium.org
BUG=v8:5732
Review-Url: https://codereview.chromium.org/2591653002
Cr-Commit-Position: refs/heads/master@{#41862}
This CL implements GetPossibleBreakpoints for wasm, by iterating over
all functions in the requested range and returning the location of all
instructions within that range.
The connection to the inspector will be added later, when setting
breakpoint also works for wasm: http://crrev.com/2536763002
BUG=chromium:613110
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2588763002
Cr-Commit-Position: refs/heads/master@{#41818}
When executing wasm code for testing, we did not create a
WasmInstanceObject and link it to the generated code. This required
some special handling at runtime (mainly for stack trace generation).
This CL always provides the WasmInstanceObject, such that e.g. function
names can be resolved the usual way.
The module bytes referenced by the WasmCompiledModule linked with the
WasmInstanceObject do not hold a valid wasm module yet. Instead, we
just add the bytes we need, and make the objects in WasmModule point to
those bytes (currently only used for function names). Those bytes will
not be parsed at runtime anyway.
R=titzer@chromium.orgCC=jgruber@chromium.org
BUG=v8:5620
Review-Url: https://codereview.chromium.org/2551053002
Cr-Commit-Position: refs/heads/master@{#41809}
The WasmRunner now always holds a TestingModule, and allows to add
several functions to it. The prepares a change to always run wasm code
with a full module behind it, removing the special handling for "no wasm
instance" at runtime (http://crrev.com/2551053002).
This CL here also templatizes the WasmRunner such that the Call method must
be called with the same signature specified for the WasmRunner. This
already catched several mismatches there.
R=titzer@chromium.org, ahaas@chromium.org
BUG=v8:5620
Review-Url: https://codereview.chromium.org/2551043002
Cr-Original-Commit-Position: refs/heads/master@{#41728}
Committed: 2ff5906231
Review-Url: https://codereview.chromium.org/2551043002
Cr-Commit-Position: refs/heads/master@{#41747}
Reason for revert:
Win64 dbg failures
Original issue's description:
> [wasm] Make WasmRunner the central test structure
>
> The WasmRunner now always holds a TestingModule, and allows to add
> several functions to it. The prepares a change to always run wasm code
> with a full module behind it, removing the special handling for "no wasm
> instance" at runtime (http://crrev.com/2551053002).
> This CL here also templatizes the WasmRunner such that the Call method must
> be called with the same signature specified for the WasmRunner. This
> already catched several mismatches there.
>
> R=titzer@chromium.org, ahaas@chromium.org
> BUG=v8:5620
>
> Review-Url: https://codereview.chromium.org/2551043002
> Cr-Commit-Position: refs/heads/master@{#41728}
> Committed: 2ff5906231TBR=ahaas@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:5620
Review-Url: https://codereview.chromium.org/2583543002
Cr-Commit-Position: refs/heads/master@{#41732}
The WasmRunner now always holds a TestingModule, and allows to add
several functions to it. The prepares a change to always run wasm code
with a full module behind it, removing the special handling for "no wasm
instance" at runtime (http://crrev.com/2551053002).
This CL here also templatizes the WasmRunner such that the Call method must
be called with the same signature specified for the WasmRunner. This
already catched several mismatches there.
R=titzer@chromium.org, ahaas@chromium.org
BUG=v8:5620
Review-Url: https://codereview.chromium.org/2551043002
Cr-Commit-Position: refs/heads/master@{#41728}
Some instructions in WebAssembly trap for some inputs, which means that the
execution is terminated and (at least at the moment) a JavaScript exception is
thrown. Examples for traps are out-of-bounds memory accesses, or integer
divisions by zero.
Without the TrapIf and TrapUnless operators trap check in WebAssembly introduces 5
TurboFan nodes (branch, if_true, if_false, trap-reason constant, trap-position
constant), in addition to the trap condition itself. Additionally, each
WebAssembly function has four TurboFan nodes (merge, effect_phi, 2 phis) whose
number of inputs is linear to the number of trap checks in the function.
Especially for functions with high numbers of trap checks we observe a
significant slowdown in compilation time, down to 0.22 MiB/s in the sqlite
benchmark instead of the average of 3 MiB/s in other benchmarks. By introducing
a TrapIf common operator only a single node is necessary per trap check, in
addition to the trap condition. Also the nodes which are shared between trap
checks (merge, effect_phi, 2 phis) would disappear. First measurements suggest a
speedup of 30-50% on average.
This CL only implements TrapIf and TrapUnless on x64. The implementation is also
hidden behind the --wasm-trap-if flag.
Please take a special look at how the source position is transfered from the
instruction selector to the code generator, and at the context that is used for
the runtime call.
R=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2562393002
Cr-Commit-Position: refs/heads/master@{#41720}
In the asm.js code translated to wasm, we call imported functions via a
WASM_TO_JS stub, which first calls the function and then calls ToNumber
on the return value. Exceptions can happen in both calls.
We were only ever reporting the location of the function call, whereas
asm.js code executed via turbofan reported the location of the type
coercion operator ("+" on "+foo()" or "|" on "foo()|0").
This CL implements the same behaviour for asm.js code translated to
wasm. The following is changed:
- the AsmWasmBuilder records the parent node when descending on a binary
operator (also "+foo()" is represented by a binary operation).
- it stores not one location per call in the source position side
table, but two (one for the call, one for the parent which does the
type coercion).
- the wasm compiler annotates the source positions "0" and "1" to the
two calls in the WASM_TO_JS wrapper (only if the module origin is
asm.js).
- the StackFrame::State struct now also holds the callee_pc_address,
which is set in ComputeCallerState. The WASM frame uses this
information to determine whether the callee frame is WASM_TO_JS, and
whether that frame is at the ToNumber conversion call.
- the same information is also stored in the FrameArray which is used
to reconstruct the stack trace later.
R=titzer@chromium.org, bradnelson@chromium.orgCC=jgruber@chromium.org
BUG=v8:4203,v8:5724
Committed: https://crrev.com/94cd46b55e24fa2bb7b06b3da4d5ba7f029bc262
Review-Url: https://codereview.chromium.org/2555243002
Cr-Original-Commit-Position: refs/heads/master@{#41599}
Cr-Commit-Position: refs/heads/master@{#41613}
Reason for revert:
gc-stress failures
Original issue's description:
> [wasm] Fix location for error in asm.js ToNumber conversion
>
> In the asm.js code translated to wasm, we call imported functions via a
> WASM_TO_JS stub, which first calls the function and then calls ToNumber
> on the return value. Exceptions can happen in both calls.
> We were only ever reporting the location of the function call, whereas
> asm.js code executed via turbofan reported the location of the type
> coercion operator ("+" on "+foo()" or "|" on "foo()|0").
>
> This CL implements the same behaviour for asm.js code translated to
> wasm. The following is changed:
> - the AsmWasmBuilder records the parent node when descending on a binary
> operator (also "+foo()" is represented by a binary operation).
> - it stores not one location per call in the source position side
> table, but two (one for the call, one for the parent which does the
> type coercion).
> - the wasm compiler annotates the source positions "0" and "1" to the
> two calls in the WASM_TO_JS wrapper (only if the module origin is
> asm.js).
> - during stack trace generation (in the StackTraceIterator), when we
> move from the WASM_TO_JS frame to the WASM frame, we remember at which
> call inside the WASM_TO_JS wrapper we are, and encode this information
> in the generated caller state, used for the WASM frame.
> - the same information is also stored in the FrameArray which is used
> to reconstruct the stack trace later.
>
> R=titzer@chromium.org, bradnelson@chromium.org
> CC=jgruber@chromium.org
> BUG=v8:4203,v8:5724
>
> Committed: https://crrev.com/94cd46b55e24fa2bb7b06b3da4d5ba7f029bc262
> Cr-Commit-Position: refs/heads/master@{#41599}
TBR=bradnelson@chromium.org,mstarzinger@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4203,v8:5724
Review-Url: https://codereview.chromium.org/2563613003
Cr-Commit-Position: refs/heads/master@{#41601}
In the asm.js code translated to wasm, we call imported functions via a
WASM_TO_JS stub, which first calls the function and then calls ToNumber
on the return value. Exceptions can happen in both calls.
We were only ever reporting the location of the function call, whereas
asm.js code executed via turbofan reported the location of the type
coercion operator ("+" on "+foo()" or "|" on "foo()|0").
This CL implements the same behaviour for asm.js code translated to
wasm. The following is changed:
- the AsmWasmBuilder records the parent node when descending on a binary
operator (also "+foo()" is represented by a binary operation).
- it stores not one location per call in the source position side
table, but two (one for the call, one for the parent which does the
type coercion).
- the wasm compiler annotates the source positions "0" and "1" to the
two calls in the WASM_TO_JS wrapper (only if the module origin is
asm.js).
- during stack trace generation (in the StackTraceIterator), when we
move from the WASM_TO_JS frame to the WASM frame, we remember at which
call inside the WASM_TO_JS wrapper we are, and encode this information
in the generated caller state, used for the WASM frame.
- the same information is also stored in the FrameArray which is used
to reconstruct the stack trace later.
R=titzer@chromium.org, bradnelson@chromium.orgCC=jgruber@chromium.org
BUG=v8:4203,v8:5724
Review-Url: https://codereview.chromium.org/2555243002
Cr-Commit-Position: refs/heads/master@{#41599}
These byte pointers (module_start and module_end) were only valid
during decoding. During instantiation or execution, they can get
invalidated by garbage collection.
This CL removes them from the WasmModule struct, and introduces a new
ModuleStorage struct as interface to the wasm wire bytes.
Since the storage is often needed together with the ModuleEnv, a new
ModuleStorageEnv struct holds both a ModuleEnv and a ModuleStorage.
The pointers in the ModuleStorage should never escape the live range of
this struct, as they might point into a SeqOneByteString or ArrayBuffer.
Therefore, the WasmInterpreter needs to create its own copy of the
whole module.
Runtime functions that previously used the raw pointers in WasmModule
(leading to memory errors) now have to use the SeqOneByteString in the
WasmCompiledModule.
R=titzer@chromium.org
BUG=chromium:669518
Review-Url: https://codereview.chromium.org/2540133002
Cr-Commit-Position: refs/heads/master@{#41388}
SourcePosition::InliningId() refers to a the new table DeoptimizationInputData::InliningPositions(), which provides the following data for every inlining id:
- The inlined SharedFunctionInfo as an offset into DeoptimizationInfo::LiteralArray
- The SourcePosition of the inlining. Recursively, this yields the full inlining stack.
Before the Code object is created, the same information can be found in CompilationInfo::inlined_functions().
If SourcePosition::InliningId() is SourcePosition::kNotInlined, it refers to the outer (non-inlined) function.
So every SourcePosition has full information about its inlining stack, as long as the corresponding Code object is known. The internal represenation of a source position is a positive 64bit integer.
All compilers create now appropriate source positions for inlined functions. In the case of Turbofan, this required using AstGraphBuilderWithPositions for inlined functions too. So this class is now moved to a header file.
At the moment, the additional information in source positions is only used in --trace-deopt and --code-comments. The profiler needs to be updated, at the moment it gets the correct script offsets from the deopt info, but the wrong script id from the reconstructed deopt stack, which can lead to wrong outputs. This should be resolved by making the profiler use the new inlining information for deopts.
I activated the inlined deoptimization tests in test-cpu-profiler.cc for Turbofan, changing them to a case where the deopt stack and the inlining position agree. It is currently still broken for other cases.
The following additional changes were necessary:
- The source position table (internal::SourcePositionTableBuilder etc.) supports now 64bit source positions. Encoding source positions in a single 64bit int together with the difference encoding in the source position table results in very little overhead for the inlining id, since only 12% of the source positions in Octane have a changed inlining id.
- The class HPositionInfo was effectively dead code and is now removed.
- SourcePosition has new printing and information facilities, including computing a full inlining stack.
- I had to rename compiler/source-position.{h,cc} to compiler/compiler-source-position-table.{h,cc} to avoid clashes with the new src/source-position.cc file.
- I wrote the new wrapper PodArray for ByteArray. It is a template working with any POD-type. This is used in DeoptimizationInputData::InliningPositions().
- I removed HInlinedFunctionInfo and HGraph::inlined_function_infos, because they were only used for the now obsolete Crankshaft inlining ids.
- Crankshaft managed a list of inlined functions in Lithium: LChunk::inlined_functions. This is an analog structure to CompilationInfo::inlined_functions. So I removed LChunk::inlined_functions and made Crankshaft use CompilationInfo::inlined_functions instead, because this was necessary to register the offsets into the literal array in a uniform way. This is a safe change because LChunk::inlined_functions has no other uses and the functions in CompilationInfo::inlined_functions have a strictly longer lifespan, being created earlier (in Hydrogen already).
BUG=v8:5432
Review-Url: https://codereview.chromium.org/2451853002
Cr-Commit-Position: refs/heads/master@{#40975}
In captured stack traces, all lines and columns must be 1-based.
Even though this makes things a bit ugly, we have to comply also for
wasm locations, where line and column encode function index and byte
offset (both are originally 0-based).
If we don't comply, the frontend might complain, as e.g. DevTools does.
BUG=chromium:659715
R=yangguo@chromium.org, kozyatinskiy@chromium.orgCC=titzer@chromium.org
Review-Url: https://codereview.chromium.org/2493943002
Cr-Commit-Position: refs/heads/master@{#40971}
According to the spec data segments are allowed even if the memory size
is zero. However, if one of the data segments has a length greater than
0, then module instantiation should fail.
I also changed the exception type in LoadDataSegments to TypeError,
because that's the exception type for all exceptions which can happen
during instantiation.
R=titzer@chromium.org, rossberg@chromium.org
TEST=cctest/test-run-wasm-module/EmptyMemoryEmptyDataSegment, cctest/test-run-wasm-module/EmptyMemoryNonEmptyDataSegment
Review-Url: https://codereview.chromium.org/2483053005
Cr-Commit-Position: refs/heads/master@{#40922}
This CL moves all heap-allocated WASM data structures, both ones
that are bonafide JSObjects and ones that are FixedArrays only, into a
consistent place with consistent layout. Note that not all accessors are complete, and I haven't fully spread the new static typing goodness
to all places in the code.
R=ahaas@chromium.org,rossberg@chromium.org
CC=gdeepti@chromium.org,mtrofin@chromium.org,clemensh@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2490663002
Cr-Commit-Position: refs/heads/master@{#40913}
