This adds support for union types to Torque.
There is a new type expression
A | B
to form the union of the type expressions A and B.
This is only possible if A and B have a common supertype, to prevent
nonsensical unions of types with different representations.
Union types are normalized:
A | B == B | A
A | (B | C) == (A | B) | C
A | A == A
The subtyping rules are defined recursively:
(A | B) <: C if A <: C and B <: C
A <: (B | C) if A <: B or A <: C
This allows to define Object as a union type:
type Tagged generates 'TNode<Object>';
type Smi extends Tagged generates 'TNode<Smi>';
type HeapObject extends Tagged generates 'TNode<HeapObject>';
type Object = Smi | HeapObject;
The type {Tagged} is introduced to have a common supertype of all
tagged values, but we should not use it directly, because {Object}
contains the additional information that there is nothing but {Smi}
and {HeapObject} values.
When mapping union types to CSA types, we select the most specific
common supertype. For Number and Numeric, we already use union types
on the CSA side. Since it is not possible to map to CSA union types
in general, we special-case these two union types to map them to
the CSA union types we already use.
Bug: v8:7793
Change-Id: I7a4e466436f55d04012f29ef17acfdb957653908
Reviewed-on: https://chromium-review.googlesource.com/1076132
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53411}
The code slot of internal frames seems to be basically unused.
As always, there are exceptions:
1. In elements.cc we check whether the current code object is the apply
builtin. We can use a heap lookup through the frame's pc instead.
2. In isolate.cc we store a reference to the frame's code object to try
and pack it into the minidump. This can safely be skipped.
Remaining use-sites in frames.cc all skip INTERNAL frames by using the
JavaScriptFrameIterator.
Bug: v8:6666
Change-Id: I93c5035812838bbae5109415450915db12497b9c
Reviewed-on: https://chromium-review.googlesource.com/1075047
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53409}
This removes the last embedded objects from {WasmCode} objects. We still
embedded the {undefined} value into Wasm-to-JS wrappers, those are now
loaded from the instance object similar to {null} values. The relocation
information for {WasmCode} now no longer contains {EMBEDDED_OBJECT} as
entries anywhere. Another step towards making code Isolate independent.
R=titzer@chromium.org
BUG=v8:7424
Change-Id: I720cd0230948f2063770595ceded373d9bb1e87d
Reviewed-on: https://chromium-review.googlesource.com/1075268
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53408}
This CL further optimizes the decoding fastpath by moving feature
checks off the critical path. For prototype opcodes that are enabled
by feature flags, they are handled in a switch case off the main
path.
R=mstarzinger@chromium.org
Change-Id: If40fedbaadb9c611c78bc2b7df035ced056cb39a
Reviewed-on: https://chromium-review.googlesource.com/1076187
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53406}
This makes the WasmCompileLazy builtin push a new WASM_COMPILE_LAZY
frame type. We can thereby remove the workaround to return a relocated
instance from the underlying runtime function. It also removes the last
remaining embedded code objects from {WasmCode} objects.
R=titzer@chromium.org
Change-Id: Ic9c3f59339e8d7bed53ea0ed70ef50dfe640f1c6
Reviewed-on: https://chromium-review.googlesource.com/1073455
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53405}
A previous CL (https://chromium-review.googlesource.com/c/v8/v8/+/1075056)
introduced an optimization the spill slot where the WASM instance
is stored using the "secondary parameter location" mechanism used for
JS functions and contexts. However the optimization checked the full
machine type of the parameter, which was too narrow. As a result,
the optimization never activated. This CL fixes that by only
checking the machine representation.
R=mstarzinger@chromium.org
Change-Id: I60813935c8d119d2ddf794c797dad314b99ea867
Reviewed-on: https://chromium-review.googlesource.com/1076008
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53403}
Calls from embedded builtins to stubs are expensive due to the
indirection through the builtins constants table. This moves
all remaining Array constructor stubs to builtins.
Bug: v8:6666
Change-Id: I5989a7480697a506a1bae1929ddd2e3f1d655048
Reviewed-on: https://chromium-review.googlesource.com/1074759
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53399}
This fixes the bug that cast<A>(...) could be interpreted as
cast<B>(...) if B is a subtype of A.
Bug: v8:7793
Change-Id: Ia03ce832f8c14ced09114d41c935be06d4629d99
Reviewed-on: https://chromium-review.googlesource.com/1075890
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53397}
This is the initial step towards moving all array constructor stubs to
builtins.
Bug: v8:6666
Change-Id: I49b86e43ab4ee3d0889853a2624e189ff7d2e705
Reviewed-on: https://chromium-review.googlesource.com/1073417
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53396}
This CL improves the parsing and validation speed of WASM bytecode by
eliminating a call to get the "simple opcode signature" on the fast
path. It introduces a byte-indexed array that points directly to a
FunctionSig*. By declaring the array in the wasm-opcodes.h header file
and initializing (constexpr) in the wasm-opcodes.cc file, the decoder
can use this array directly in its first test. (Note that constexpr
obviates the need for LazyInitialize in previous iterations of this
mechanism).
There are two more calls on this fast path that can be simplified,
WasmOpcodes::IsSignExtensionOpcode() and WasmOpcodes::IsAnyRefOpcode().
These calls are needed to check for a feature flag and can be
implemented differently in a followup CL.
R=mstarzinger@chromium.org
Change-Id: Ibb4adb1134932c7e0b6a35facec4d8dd8c998c56
Reviewed-on: https://chromium-review.googlesource.com/1075276
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53391}
Port 7d161e4d38
Original Commit Message:
Calls from embedded builtins to stubs are expensive due to the
indirection through the builtins constants table. This moves
the InternalArrayConstructorStub to a builtin.
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Id16d4a5dc49d6832d5976aace17c33807270e50f
Reviewed-on: https://chromium-review.googlesource.com/1074558
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#53390}
The result of SmiUntag is a sign-extended word-size value.
Bug: v8:7703
Change-Id: I85dc87b541cab78286e47e2147c16c6a0939f509
Reviewed-on: https://chromium-review.googlesource.com/1073232
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53389}
This CL adds support for "secondary parameter locations" for
the WASM instance parameter. Since this parameter is spilled onto
the stack by the function prologue, it is not necessary to allocate
additional spill slots for it. This saves both code space and
runtime.
R=mstarzinger@chromium.org
Change-Id: I440e2c58cd2a227be8a7f386df5193d8fb729fd1
Reviewed-on: https://chromium-review.googlesource.com/1075056
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53387}
WeakFixedArrays can also contain strong pointers.
(Separating this fix from
https://chromium-review.googlesource.com/c/v8/v8/+/1075053 ; after that CL tests
will fail without this fix.)
BUG=v8:7308
Change-Id: I0d47ab179625bcbf6149cf02ad696f8af250ae8d
Reviewed-on: https://chromium-review.googlesource.com/1075270
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53386}
This extends the validity checking of relocation information from only
non-anonymous {WasmCode} objects to all (even anonymous) such objects,
including code being copied in from the garbage-collected heap.
R=jgruber@chromium.org
Change-Id: Icbc842ad819f4471cc11d3d19bbde1d192731569
Reviewed-on: https://chromium-review.googlesource.com/1073284
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53383}
Introduce a new public API called CodeEventListener to allow embedders
to better support external profilers and other diagnostic tools without
relying on unsupported methods like --perf-basic-prof.
Bug: v8:7694
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I063cc965394d59401358757634c9ea84c11517e9
Co-authored-by: Daniel Beckert <daniel@sthima.com.br>
Reviewed-on: https://chromium-review.googlesource.com/1028770
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53382}
Port 111c5735ef
Original Commit Message:
Calls from embedded builtins to stubs are expensive due to the
indirection through the builtins constants table. This moves
the ArrayConstructorStub to a builtin.
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Icc6af15d80eb5c95a191832eb9636ebe97e61e07
Reviewed-on: https://chromium-review.googlesource.com/1074548
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#53377}
Port 0094defac4
Original Commit Message:
Calls from embedded builtins to stubs are expensive due to the
indirection through the builtins constants table. This moves
the ArrayNArgumentsConstructorStub to a builtin.
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ibf5e33cd14ef5baece9ddb660ab54b07233e8a20
Reviewed-on: https://chromium-review.googlesource.com/1073056
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#53372}
Port of commit 8ac37bc392.
RelocInfo::INTERNAL_REFERENCE_ENCODED is used only on mips, mips64
and ppc.
Original commit message:
`The RelocInfo::RUNTIME_ENTRY relocation mode is only used for deopt
points in JavaScript code and should never appear in WebAssembly code.`
Change-Id: Ic595103740dc3c349836114f9cbc815865c5b54c
Reviewed-on: https://chromium-review.googlesource.com/1073420
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#53370}
Port 70cede3916
Original Commit Message:
Calls from embedded builtins to stubs are expensive due to the
indirection through the builtins constants table. This moves
CallApiGetter and the 0/1 argument case of CallApiCallback to
builtins.
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I15677f91ad1f5cac05d4760f4cdd1561982a0621
Reviewed-on: https://chromium-review.googlesource.com/1073055
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#53369}
Port 5674812cfb
Original Commit Message:
At runtime, calls to embedded builtins do not need to take the
indirection through the off-heap trampoline. We can simply inline the
trampoline instead.
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I4b18f3a957a41af28da34b503015271573949888
Reviewed-on: https://chromium-review.googlesource.com/1073193
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#53366}
This was originally a flag for debugging the compilation of a module
by skipping compilation of the first N functions in a module. This
flag is not properly respected anymore, and is an unnecessary complication.
R=herhut@chromium.org
Change-Id: If9bf80245f6982a8383ca3865c599d58319feba9
Reviewed-on: https://chromium-review.googlesource.com/1061468
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53365}
Its contents are now inlined into the one remaining call site.
Bug: v8:6666
Change-Id: Icfcf89013506fec880ffd84eaa88b91e818e28c0
Reviewed-on: https://chromium-review.googlesource.com/1073311
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53363}