RTTs are internally represented as Maps. To store supertype information,
this patch introduces a WasmTypeInfo object, which is installed on Wasm
objects' Maps and points at both the off-heap type information and the
parent RTT.
In this patch, rtt.sub always creates a fresh RTT. The canonicalization
that the proposal requires will be implemented later.
Bug: v8:7748
Change-Id: I8286dd11f520966155cd95c2bd844ec34fccd131
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260566
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68564}
The `Debugger.getScriptSource()` and `Debugger.getWasmBytecode()`
methods in the CDP return Wasm wire bytes as protocol::Binary, which is
send as Base64-encoded JSON string in the communication to the DevTools
front-end, and hence leads to either crashing the renderer that is being
debugged or the renderer that's running the front-end if we allow
arbitrarily huge Wasm byte sequences here. This CL introduces a limit,
based on the maximum allowed string length, to avoid the crash and
instead signal a proper error to the DevTools front-end.
Bug: chromium:1099680
Change-Id: I356d617301d17a4012f7f845773cf14e6ad1e4a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270174
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68560}
Motivation:
The immediate-argument classes defined in function-body-decoder.h were
often adding an offset to the provided pc. This was inconsistent,
bug-prone, and counterintuitive. This CL imposes that all immediates
are passed as pc the start of the immediate argument they are parsing.
Some other smaller inconsistencies are fixed as well.
Changes:
src/wasm/:
- Enforce that all Immediates are passed the pc at the start of the
argument they are parsing. Adapt all call sites.
- Remove unneeded offset arguments from two SIMD related immediates.
- Add a pc argument to all Validate functions for immediates instead
of using the Decoder's current pc.
- Remove the (unused) pc argument from all Complete functions for
immediates.
- Introduce Validate() for BranchOnExceptionImmediate.
- In WasmDecoder::Decode(), make sure len is updated before breaking out
of the loop in case of a Validate() failure.
- Change the default prefix_len of DecodeLoadMem/DecodeStoreMem to 1.
wasm-interpreter.cc:
- Change the default prefix_len of ExecuteLoad/Store to 1.
- Adapt offsets in calls to Immediates.
- Remove redundant opcode_length argument from ExecuteSimdOp, use len
in its place.
function-body-decoder-unittest.cc
- Adapt offsets in calls to Immediates.
- Introduce and use EXPECT_OK, as is done in other tests.
Change-Id: I534606c0e238af309804d4a7c8cec75b1e49c6ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2267381
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68559}
It turns out that Liftoff often needs to know the size of a value in
bytes. Currently we are loading the size_log_2 from an array and then
performing a shift by that amount. We can slightly speed this up by just
loading the correct value directly.
Drive-by: Use {int8_t} for the internal array, since all values will
easily fit in that range.
R=thibaudm@chromium.org
Bug: v8:10576
Change-Id: I1b832ba404ff9913e2272d332f312b371b6ce3d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2267302
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68557}
We would like that to make sure every time we read map's prototype's map
we read the same one.
CL created after the discussion on
https://chromium-review.googlesource.com/c/v8/v8/+/2210233.
Bug: v8:7790
Change-Id: I4b6ffe733cf0b011b1bd1a3620ae8f1f35fa5c87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264101
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68555}
Each single branch in the switch was push a new value on the operand
stack, but the code for that was not shared.
This CL refactors this such that we only allocate once, and then modify
the new slot as needed.
This makes the generated code a lot smaller (771 bytes instead of 1052
bytes on x64), and hopefully also faster.
R=thibaudm@chromium.org
Bug: v8:10576
Change-Id: I65cd5b7d91f881b4c236414d39f1dfd54e200b97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2266533
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68554}
Prototype f64x2.ceil on ARM for both ARM v7 and ARM v8. ARM v8 has
support for vrintp, and for ARM v7 we fallback to runtime.
Since ARM v8 uses vrintp, which is the same instruction used for
Float64RoundUp (scalar), wasm-compiler reuses the Float64RoundUp check.
Bug: v8:10553
Change-Id: I5841c6a06f260debe8ae90d331bdcc2a0fa3278c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2258813
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68553}
This is a reland of f7a1932ef9
There was a wpt test in Chrome that expected the incorrect behavior.
I disable the test in https://crrev.com/c/2264418 so that we can land
the fix here.
Original change's description:
> [wasm] Re-exported globals preserve their identity
>
> V8 fails a recently added spec test that when an imported global get
> re-exported, it should preserve its identity. This CL fixes the behavior
> in V8.
>
> Drive-by change: fix the object printer of globals: a global which
> stores a reference type only has a tagged buffer, a global which stores
> a value type only has an untagged buffer.
>
> R=clemensb@chromium.org
>
> Bug: v8:10556
> Change-Id: I949d147fe4395610cfec6cf60082e1faecb23036
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235702
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68513}
Bug: v8:10556
Change-Id: I8e1b08fc9f72dde166cba167e6e320e714796769
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264097
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68552}
The current code for AssignRegisterOnReload starts the search at
the first interval instead of relying on the cached {current_interval_},
which seems to be a main cause for slow compile time in the linked
issue's test case. Moreover, it does not take into account live range
holes of the current range. This change uses FirstIntersection instead
which already handles both issues.
Since inactive ranges are sorted by their next start, we can also break
early from the loop.
R=sigurds@chromium.org
Bug: v8:10533
Change-Id: I454df95376011462ce22e850a1c143d523b68538
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2263152
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68551}
Bitmask requires wasm_simd_post_mvp because it was merged into SIMD
proposal after 84 cut, which Origin Trial starts.
For now, bitmask is the only instruction that requires this flag to be
set, and no other post mvp instructions are included in the fuzzer.
We should revert this change (and also move bitmask out of the flag)
after this OT is over.
Bug: chromium:1098666
Change-Id: I7d45c805aaa18bfc1a5180e70b912d5f17d4a31d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264628
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68549}
Similar tests are already skipped on tsan, using the same bug to also
skip this test. Note that it's a slightly different test, but based on
the same "worker-ping-test.js".
TBR=ahaas@chromium.org
Bug: v8:9506
Change-Id: Ie8d0aab5b1fd3ae6c77a65fa04ac4772b2836a1c
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2267301
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68548}
Add an experimental flag to allow modules up to a size slightly below
2GB, to make sure that we don't run into integer overflows.
Modules this large are not tested at all currently, hence the explicit
"experimental" in the flag name.
Drive-by: Fix one comparison to use ">" instead of ">=".
R=ahaas@chromium.org
CC=bmeurer@chromium.org
Bug: v8:10642
Change-Id: I91cfc290c262b9b81750e3c8af5358c1cd2572b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2266535
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68547}
It will be used in a Finch experiment to evaluate if icache flushing
helps with crashes on certain CPUs.
Bug: chromium:889460
Change-Id: I1218ce93db001833e29fdeca8fde3e863e26dfdd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2267297
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68545}
The immediate itself is just the index, and the local type can easily be
looked up in every environment where the immediate is used. Hence remove
that field.
R=thibaudm@chromium.org
Bug: v8:10576
Change-Id: If3176fa4880a75bdc475ec61dea60e08001220f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2266532
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68544}
This retrieves script name directly from StackFrameBase, bypassing
building of StackFrameInfo if one hasn't already been initialized,
thus avoiding computation of expensive properties that are not
required. This matches current behavior of GetScriptNameOrSourceURL()
and is a workaround until a dedicated API is available.
Bug: chromium:1098530
Change-Id: I181dc7feeebaf2f45758bbd29be24ab036e44b19
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2261736
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Alex Turner <alexmt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68543}
The BigInt proposal got to stage 4 and integrated into the main spec.
Therefore the proposal tests are unnecessary and will be outdated soon.
R=thibaudm@chromium.org
Change-Id: I149de015f098a89333dd907bf5a4d18a36086c2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264095
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68542}
Local type information was stored in the {WasmFullDecoder}, and a
pointer to that vector was handed to {WasmDecoder}. Since
{WasmFullDecoder} inherits from {WasmDecoder}, we can just move the
vector to the {WasmDecoder} class, and save an indirection and an
unnecessary nullptr check.
Drive-by: Rename {GetLocalType} to {local_type}, since it's a simple
accessor.
Drive-by 2: Move fields of {WasmDecoder} to the end of the class, as
mandated in the style guide.
Drive-by 3: Rename some locals in the 'let' decoding to make the meaning
more clear.
R=thibaudm@chromium.org
Bug: v8:10576
Change-Id: I6ab9831f0c1955e47562e84c5fbf15807439b024
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264360
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68541}
... and extend JS node wrapper functionality.
Node wrappers now have accessors for value inputs and
context/control/effect/frame-state inputs. Accessors are typed,
although types aren't very meaningful so far (in current examples we
only distinguish between Object/HeapObject).
The following node kinds now take an additional feedback vector input,
and use the new node wrapper functionality above:
- CloneObject
- CreateLiteralArray
- CreateLiteralObject
- CreateLiteralRegExp
- GetIterator
- GetTemplateObject
- HasProperty
- LoadProperty
- StoreProperty
Bug: v8:8888
Change-Id: I1eb33c078b11725a72ec983bbaa848b9a3c7b0d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2259936
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68538}
Rolling v8/build: 2dc7c7a..876a780
Rolling v8/third_party/aemu-linux-x64: UoYLOT0X6577j70eB9nPqYQs9Z3Nh5lA4I-pRtTchO0C..YFi4RbbToiNVSl0eKxjhhhAElSEXx2Y9i-5Q4eBGkUwC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/95c1f42..761dfad
Rolling v8/third_party/depot_tools: 35c6274..87c8b91
Rolling v8/third_party/zlib: 02daed1..93be846
Rolling v8/tools/clang: 42b285f..62d4c43TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: Ia948991c7735b13585cf12a7ccfb0e372ab86320
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2266393
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#68536}
- Add a separate function to load return slots, instead of encoding this
in the offset,
- Add fast path for single return.
Drive-by: Reuse helper function for stack slot loads on ia32 and x64.
R=clemensb@chromium.org
Bug: v8:10576
Change-Id: Iea5ad2f0982c443cf2297227e9a2367cbb14581f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264099
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68535}
This method was there to turn a trap into an exception. It's not used
any more, so can be removed.
R=ahaas@chromium.org
Bug: v8:10389
Change-Id: I39bb3141722ddf1e09271348016c1d6f6d72b928
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264103
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68534}
This removes several dead functions from the wasm-module-runner.cc.
R=ahaas@chromium.org
Change-Id: I35efbc6960a28f41d14ca5d8e828c4e6f2953409
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264100
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68533}
Currently the FeedbackVector uses arrays in slots that are polymorphic,
usually in a <map, handler> tuple pattern. Helper functions try to
re-use an existing array if it's already in place.
For Concurrent TurboFan, it would be far better if these FixedArrays
were immutable. We could then count on semantic correctness when
harvesting their information from a background thread without locking.
Additionally, the arrays should always be initialized fully before
being set in place.
Bug: v8:7790
Change-Id: I81eae3bda48c2d0d8eea41d1bc9c62afb7e619d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264364
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68532}
We can walk linear prototype chains using iteration instead of
recursion, reducing the likelihood (though not excluding the
possibility) that large prototype-relation graphs will run into
a stack overflow.
This partial mitigation should be performance neutral.
Bug: v8:10522
Change-Id: Ia266efe38a9cc52fe6ab2189066f45c4566f3596
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2245591
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68530}
This reverts commit f7a1932ef9.
Reason for revert: Breaking wasm wpt tests: https://ci.chromium.org/p/v8/builders/ci/V8%20Blink%20Linux/5408
Original change's description:
> [wasm] Re-exported globals preserve their identity
>
> V8 fails a recently added spec test that when an imported global get
> re-exported, it should preserve its identity. This CL fixes the behavior
> in V8.
>
> Drive-by change: fix the object printer of globals: a global which
> stores a reference type only has a tagged buffer, a global which stores
> a value type only has an untagged buffer.
>
> R=clemensb@chromium.org
>
> Bug: v8:10556
> Change-Id: I949d147fe4395610cfec6cf60082e1faecb23036
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235702
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68513}
TBR=ahaas@chromium.org,clemensb@chromium.org
Change-Id: I06eb1996cafe7d4e93a7e59d21679fea239cf961
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10556
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264956
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68528}
Prototype f32x4.nearest on ARM for both ARM v7 and ARM v8. ARM v8 has
support for vrintn, and for ARM v7 we fallback to runtime.
Since ARM v8 uses vrintn, which is the same instruction used for
F32RoundTiesEven (scalar), wasm-compiler reuses the Float32RoundTiesEven
check.
Bug: v8:10553
Change-Id: I066b8c5f10fd86294afe1c530c516493deeb7b53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2258037
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68526}
Some operations require an immediate argument that represents a heap
type. This CL introduces a class to represent it and uses it where
appropriate. Also, the redundant TypeIndexImmediate is removed.
Bug: v8:7748
Change-Id: Ib4b1d50764a79f5dd3240688f8165c39745eaad8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260874
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68522}
All error handling should be marked V8_UNLIKELY, because this is never
on the hot path.
R=thibaudm@chromium.org
Bug: v8:10576
Change-Id: I8bc996e96a2e90f21ec065fbce4656d311097f74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2263153
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68521}
Fix returning from TryAllocateLinearlyAligned without updating the
allocation stats if a preceding filler was required. Also makes
AllocateRaw take an int instead of size_t in line with other Spaces.
Bug: v8:8875, chromium:1097389
Change-Id: If0932caa94dce1cd45b41f44fa225a2007772ea1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264354
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68516}
Move more logic into the {TraceLine} class. In release builds, this
class will not do anything. Since there is no code after the switch in
{DecodeOp} any more after this CL, we can apply tail-call optimization
(via explicit returns in C++), which will save an additional call in
some cases.
R=thibaudm@chromium.org
Bug: v8:10576
Change-Id: Ie11ec550ab33d0c03a27375f34576e3a75dcf6ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2254021
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68515}
