Commit Graph

4090 Commits

Author SHA1 Message Date
Matthias Liedtke
20327d1599 [wasm-gc] Ref types: Convert dataref to structref
This change changes the type hierarchy in a non-backwards compatible
way: dataref is replaced with structref meaning that arrayref is
no longer a subtype of it.

Bug: v8:7748
Change-Id: I965267d9ed11ea7c7d7df133cc39ee63e6b5abc3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3929041
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83515}
2022-10-04 12:51:17 +00:00
Igor Sheludko
82d8d41e85 [builtins] Ensure IteratorClose is executed
... when iteration over fast array is aborted. This change affects
JSCollection constructors.
According to the iteration protocol the iterator must be properly
closed in case the element can't be added to the collection.

Bug: chromium:1357318
Change-Id: I30cff249449dbb5ac0f48111a681caedcf37e326
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3928743
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83486}
2022-09-29 11:55:05 +00:00
Matthias Liedtke
e4828a364e [wasm-gc] Add new ref.test taking any reference
The new ref.test (opcode 0xfb40) takes an any reference (vs. data on
the old instruction) and expects a HeapType immediate.
The HeapType can be a concrete or an abstract type.

Bug: v8:7748
Change-Id: Iaa2010af21d3fee76e27a5f4476ae00f5ca837a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913028
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83475}
2022-09-28 13:43:36 +00:00
Leszek Swirski
5bf491cfeb [runtime] Revert template cache work
This reverts the following commits:

  * [runtime] Clean up dead entries in the template cache"
    8436c0059c.
  * [runtime] Don't update template map for existing templates
    e7b9604040.
  * [runtime] Fix hash used in template cache
    caa087bb18.
  * [runtime] Hold cached template objects weakly
    5d19e724d2.
  * [runtime] Key template object cache on Script
    f3a0e8bccf.

There are gerrit UI issues which appear to be template object caching
related.

For dashboard:
This reverts commit 8436c0059c.
This reverts commit e7b9604040.
This reverts commit caa087bb18.
This reverts commit 5d19e724d2.
This reverts commit f3a0e8bccf.

Bug: v8:13190
Bug: chromium:1366900
Change-Id: I9759771441a4dece2a5dbb47e462ce0c0c01b182
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3925696
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83471}
2022-09-28 11:38:01 +00:00
Igor Sheludko
cd505b3258 Revert "[runtime] Invalidate XxxIteratorLookupChain protectors"
This reverts commit 178148045f.

Reason for revert: regresses JetStream2 a lot.

Original change's description:
> [runtime] Invalidate XxxIteratorLookupChain protectors
>
> ... when "return" property is added to respective iterator or might be
> added somewhere up the prototype chain.
>
> According to the iterator protocol the "return" callback must be
> called when iteration is aborted in the middle.
>
> Bug: chromium:1357318
> Change-Id: I36d81b90cfd40e417136ab97ec53ad7054f4df77
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3916630
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83427}

Bug: chromium:1357318, chromium:1368400, v8:13335
Change-Id: I8b14a2c47819a89d9b2c869a7bcb52e2c2457427
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3925199
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83466}
2022-09-28 09:20:44 +00:00
Igor Sheludko
178148045f [runtime] Invalidate XxxIteratorLookupChain protectors
... when "return" property is added to respective iterator or might be
added somewhere up the prototype chain.

According to the iterator protocol the "return" callback must be
called when iteration is aborted in the middle.

Bug: chromium:1357318
Change-Id: I36d81b90cfd40e417136ab97ec53ad7054f4df77
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3916630
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83427}
2022-09-26 13:50:28 +00:00
Qifan Pan
98c6c367b5 Reland "[turbofan] Rematerialize BigInt64 in deopt"
This is a reland of commit 80fb281561

This CL fixes the signedness of rematerialized Numbers from immediates, which was introduced by the original change. Besides, BigInt truncation to zero bits is lowered to Int64Constant instead of NumberConstant of zero, which will flow into the state values directly.

Original change's description:
> [turbofan] Rematerialize BigInt64 in deopt
>
> This CL introduces two MachineTypes - SignedBigInt64 and UnsignedBigInt64, which are represented as Word64 but will be rematerialized to BigInt in deoptimization. This will avoid unnecessary conversions for BigInt64s when they are passed to StateValues.
>
> Bug: v8:9407
> Change-Id: I65fdee3e028ed8f9920b1c20ff78993c7784de48
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858238
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Qifan Pan <panq@google.com>
> Cr-Commit-Position: refs/heads/main@{#83230}

Bug: v8:9407, chromium:1364319, chromium:1364400
Change-Id: I0b4e077b52f64af46018b6c045893bbd56153f32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899258
Commit-Queue: Qifan Pan <panq@google.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83384}
2022-09-22 10:32:44 +00:00
Matthias Liedtke
1017e8e2f8 [x64][codegen] Fix bug reducing right shifts to 32 bit
If a shift right is performed with a negative value <= -32,
it may not be reduced to a 32 bit shift.
The reduction optimization was introduced by commit
2298b35f7c.

Fixed: v8:13290
Change-Id: Ifb16ed85560ab54d211ebb407690abe2c156e3a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905143
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83324}
2022-09-20 11:52:22 +00:00
Camillo
014cadc948 [deserializer] ReadVarint and ReadVarintLoop should behave the same
Make sure both the fast and slow version return the same value in case
of wrong follow-bit values in the input.

Bug: chromium:1359230, chromium:1360735
Change-Id: Ic65f81109e5bbc288fa41a5540ec7e6cece10ffc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890998
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83307}
2022-09-19 15:51:52 +00:00
Manos Koukoutos
1135c0fca4 [wasm-gc][liftoff] Check for null before calling CallRefIC
Bug: v8:7748, chromium:1364036
Change-Id: I0263a21671fc602127aaae3b3ce022190be91407
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899295
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83274}
2022-09-16 14:33:13 +00:00
Leszek Swirski
e7b9604040 [runtime] Don't update template map for existing templates
The cached template object weakmap shouldn't be updated when we update
an existing cached template object, because this update can truncate the
linked list of cached template objects.

Bug: v8:13190
Change-Id: Icea61fcbd5c05d4293a884d1872523ddcdfc3323
Fixed: chromium:1364429, chromium:1364471
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899256
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83248}
2022-09-16 08:55:23 +00:00
Marja Hölttä
ebc9556108 [rab/gsab] TypedArray.p.slice fix in Torque: Destination can be resizable
Bug: v8:11111,chromium:1362487
Change-Id: Ifc7649ec945a0cb13e02c52a47f8ab68fa8ab848
Fixed: chromium:1362487
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890915
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83242}
2022-09-16 07:09:39 +00:00
Leszek Swirski
f3a0e8bccf [runtime] Key template object cache on Script
Use Script as the key for the template object cache, instead of the
SharedFunctionInfo. This is because SharedFunctionInfos can be garbage
collected and then later recompiled, which would mean that we break the
spec's expectation that the template object stays constant.

Now the association of cached template object with SharedFunctionInfo is
via the function_literal_id of the SharedFunctionInfo, stored on the
CachedTemplateObject. These are linearly searched, similar to the linear
search over slot ids.

Bug: v8:13190
Change-Id: I3f67811c16ea4cd39c99b2fa034aa7e1f03c171e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892787
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83195}
2022-09-14 14:34:09 +00:00
Matthias Liedtke
b568d4dcd0 [wasm][test] Replace busy loops with explicit wasm tierup
Fixed: v8:12463

Change-Id: I7ca2d3db803ca6ac50c1340d747f98d03c3985a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890982
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83162}
2022-09-13 12:02:18 +00:00
Marja Hölttä
62635a7270 [rab/gsab] Fix leftover IsTypedArrayElementsKind checks in map transitions
With everything related to map transitions, RAB/GSAB typed array
elements kinds should behave exactly like non-RAB/GSAB typed array
elements kinds.

Bug: chromium:1360736, v8:11111
Change-Id: Ie5cef928a25856f0c476653275066b49dfee6e41
Fixed: chromium:1360736
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879497
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83119}
2022-09-09 23:55:45 +00:00
Camillo
9459c27b68 [deserializer] Reduce DCHECK noise for fuzzing
Skip over DCHECK in fuzzing that is always checked later by getting the
value from a Maybe object.

Bug: chromium:1359230, chromium:1360735
Change-Id: I9512e27fdeb1d6919e24bd631ae2caece7aed466
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3874934
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83075}
2022-09-08 13:17:28 +00:00
Clemens Backes
943de45545 [wasm][pgo] Introduce flags for PGO via local files
This adds two flags to dump "type feedback" (call targets and
frequencies) to a local file, or load it from there. This is meant for
experimentation only.

Some implications are removed, as (speculative) inlining now does not
require Liftoff any more, but can also use information from PGO.

R=jkummerow@chromium.org

Bug: v8:13209
Change-Id: I2d34233ce4077db61f5c237b1941136ac61d3b73
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870470
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82979}
2022-09-05 13:48:45 +00:00
Jakob Linke
6904a8120b [cleanup] Remove --stress-opt remnants
.. mostly mentions in mjsunit `Flags:` lines and in comments.

Bug: v8:10386
Change-Id: If79dfdc448d0a3f19883ef1f816e77e750cb4061
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865964
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82852}
2022-08-31 08:37:44 +00:00
Matthias Liedtke
ad52bf8a4e [wasm-gc] Cleanup: Rename remaining '_static' op codes
Bug: v8:7748
Change-Id: Ie94e8f7f5afdaea7b4406bf8c57b294bf8f5733c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865959
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82851}
2022-08-31 08:35:38 +00:00
Jakob Kummerow
6168782925 [wasm-gc] call_ref: consume a type immediate
Per https://github.com/WebAssembly/function-references/pull/76,
call_ref and return_call_ref should consume type immediates specifying
the signature of the funcref. This is a breaking change.

To ease the migration, this patch introduces a temporary alternative
binary encoding for call_ref:
- 0x14 continues to *not* take a type immediate for now.
- 0x17 (formerly "let") is the new call_ref *with* type immediate. Module
  producers are encouraged to emit this encoding ASAP.
- After a few weeks of transitionary period, we'll update 0x14 to
  take a type immediate as well. At this point, module producers will be
  encouraged to switch back to 0x14.
- After a few more weeks of transitionary period, we'll drop 0x17 again.

We're not doing the same dance for return_call_ref because it currently
has no uses that we know of.

Bug: v8:7748,v8:9495
Change-Id: Id8d468be3949f84571efff713c937ffd1addff70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863280
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82839}
2022-08-30 17:51:49 +00:00
Matthias Liedtke
75391be247 [wasm-gc] array.len: Add new opcode without type immediate
Bug: v8:7748
Change-Id: Ib5df6996583435275e9f9c8929763cb19d467d09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865157
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82824}
2022-08-30 14:23:51 +00:00
Jakob Kummerow
8e069d6294 [wasm][simd] Fix SpillAdjacentFpRegisters...
...to honor the {pinned} list under all circumstances.

Drive-by: DEBUG-mode helpers to print FunctionSig and LiftoffRegList
objects to stdout.

Fixed: chromium:1356718
Change-Id: I487db12294f687790cec1d658d7a7d754f3c2f99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859752
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82815}
2022-08-30 11:24:28 +00:00
Camillo
d15537cf1f [runtime] Fix relaxed memmove in TypedArray.prototype.set
If either target or source are shared buffers, use relaxed memmove.

Bug: chromium:1353555
Change-Id: Ieaad826c610b0f2f808b4061947372d851f95978
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862209
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82812}
2022-08-30 09:57:50 +00:00
Jakob Kummerow
9c445c7c51 [wasm-gc] Fix TF scheduling of inlined call_ref sequence
For the branching control flow structure we set up for feedback-directed
inlining-capable `call_ref` sequences, we have to manually take care of
the "instance cache nodes" in the SSA environment.

Drive-by: improve Runtime_WasmTierUpFunction to process type feedback,
making it usable for the included regression test.

Fixed: v8:13230
Change-Id: I06a449ad73af90b96d0cc15c3cb9a0e4bed87be6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859326
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82749}
2022-08-26 13:56:36 +00:00
Jakob Kummerow
8463f36bb1 [wasm][liftoff][arm] Fix SIMD parameter args
On arm, SIMD registers alias with pairs of double registers. When
deciding where to allocate the parameter values, we expect to see
all register-passed parameters before all stack-passed parameters;
but due to s128 and f64 params being arbitrarily interleaved this
doesn't always hold.
This patch fixes that by first finding all registers used for
parameters, and then blocking these when allocating registers
for other parameters.

Fixed: chromium:1355070
Change-Id: I20deace58b960a9d1a5e3b794c46011f8f31b333
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854497
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82702}
2022-08-24 16:41:22 +00:00
Iain Ireland
074e015acb [regexp] Add RegExpMacroAssembler::kMaxCaptures
Post-early-errors, syntax errors can't be caught, so the testcase has
to be modified so that we parse successfully (then overflow the stack).

Bug: v8:13163
Change-Id: I894c65bb4712f557d697b028b220444ccf6bb09c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3818602
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82676}
2022-08-24 06:26:29 +00:00
jameslahm
05b83dccba [snapshot] Clear pending_optimize_for_test_bytecode table
...to clear the recompilable code.

Bug: v8:13181
Change-Id: I6b78bbd2f08242fdd4659113ce1b4fa81174f8a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829243
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82610}
2022-08-22 09:06:05 +00:00
Matthias Liedtke
63261c2608 [wasm-gc] Disallow anyref in JS interop
Also fix eqref/i31ref fromJS() handling to accept unwrapped Smis.
This does not convert HeapNumbers to Smis if they fit.

Bug: v8:7748
Change-Id: Ida70a826f9541b7f3fbe9eecbb2b4fe362b5ef70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829477
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82558}
2022-08-18 10:47:58 +00:00
Jakob Kummerow
89567f1cf7 [test][wasm] Add regression test for crbug-1320614
Bug: chromium:1320614
Change-Id: I3cd76a105c0cd5e7d0cf089dc60cb79b07863243
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825882
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82390}
2022-08-11 10:07:19 +00:00
Jakob Kummerow
606e7022b8 Harden Isolate::InstallConditionalFeatures
This function should properly forward any exceptions it encounters,
instead of silently swallowing them. Being an API function, that
means moving them from "pending" to "scheduled" state.

Fixed: v8:13123
Change-Id: I20b0782fd806e456f14dda84100000c857481d09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825880
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82386}
2022-08-11 09:36:02 +00:00
jameslahm
15aa8c589c [runtime] Invalidate TypedArraySpeciesLookupChain protector
... when setting the prototype of TypedArray constructor.

Setting the __proto__ of TypedArray constructor could change TypedArray's
@@species, thus we need to invalidate the @@species protector.

Bug: v8:13110
Change-Id: Ib3b2c88d1136965c221492ff81a26ae69533b356
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3813063
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82282}
2022-08-09 05:56:41 +00:00
Matthias Liedtke
18105c72d1 [wasm-gc] Introduce function null type nofunc
nofunc is the abstract null type, the equivalent of none but for the
function type hierarchy.
none and nofunc (and later on noextern) all can only represent a null
value, however their nulls are distinct (as there isn't any subtype
relationship between them).

Bug: v8:7748
Change-Id: Ic5ae502cc21a581ca2e0f5abc46139435d950af9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3805884
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82274}
2022-08-08 16:18:22 +00:00
Joyee Cheung
90a39679fd [string] handle strings sliced from externalized one-byte strings
...in Runtime_StringToArray.

When a string is sliced from an externalized two-byte string that has
only one-byte chars, String::IsFlat() and
should not call ToOneByteVector() on it and instead we should use

String: :IsOneByteRepresentation() can both be true, while
FlatContent: :IsOneByte() returns false. In this case we
String: :Get() to get the individual characters.
Bug: chromium:1350270
Change-Id: I735408602072279f09b32e1997c97b2900942bdd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3813070
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#82268}
2022-08-08 14:28:18 +00:00
jameslahm
752872d0c9 [runtime] Check if proxy has been revoked in ObjectToString
We could throw proxy revoked error before calling
Array.IsArray to make error message clearer.

Bug: v8:13037
Change-Id: I85055d24c833acd25791ef7a8a394955805ff3f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3813065
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#82251}
2022-08-08 09:37:02 +00:00
Andreas Haas
fe53fbfca0 [wasm] Delay error messages for lazy compilation
With streaming compilation we delay the generation of errors until after
all bytes are received, so that potentially better error messages get
generated. With this CL we also delay the generation of errors in the
combination of lazy compilation and streaming compilation.

In particular, this CL does the following:
* It avoids the creation of a `DecodeFail` task in
`FinishAsyncCompileJobWithError`, which would create an error immediately before a potential name section arrived.
* It calls `CompilationStateImpl::SetError()` so that an error is
created once the stream finishes.
* It removes the return value of `ProcessFunctionBody` so that wire
bytes continue to be received even after a validation error.
* It adds an early exit to `ProcessFunctionBody` if
`CompilationStateImpl::failed()` is true, so that we don't continue
validation after the first detected error.

R=clemensb@chromium.org

Bug: v8:12852
Change-Id: Ie8c6be243a257ef62cbb29fea6b8e0c205060680
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3802691
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82181}
2022-08-03 15:43:04 +00:00
Andreas Haas
8d0c71d7c7 [wasm][lazy] Fix error message of async compilation
Async compilation with lazy compilation generated an error message that
did not include the function name. With this CL the function name now
gets included.

R=clemensb@chromium.org

Bug: v8:12852
Change-Id: Ia8aed83a2114a2c9da1367045404b20fa8554c8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3804863
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82172}
2022-08-03 13:46:34 +00:00
Andreas Haas
4852286284 [wasm] Add --no-wasm-lazy-compilation for tests that need it
Some tests assume that liftoff code is available immediately after
compilation. Add the `--no-wasm-lazy-compilation` flag to these tests
so that they work even after shipping lazy compilation.

R=clemensb@chromium.org

Bug: v8:12926
Change-Id: I839610221390822b90b25e1bef3ae727fa33d1ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3804862
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82162}
2022-08-03 11:05:45 +00:00
Matthias Liedtke
7961bd20df [wasm-gc] Remove br_on_func & br_on_non_func op
Preparation step to remove the subtype relationship between funcref and anyref.

Bug: v8:7748
Change-Id: Ie4b29bfc4b874aaca668082018f5359d1b6e3a2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3803226
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82125}
2022-08-02 07:41:23 +00:00
Jakob Kummerow
32217caa20 [wasm-gc][arm] Fix call_direct feedback collection
...for very large feedback vector indices.

Fixed: v8:13118
Change-Id: I38f1507ffe29e63ae58fd6436dffec7d0d610f95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791247
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82110}
2022-08-01 15:14:22 +00:00
Jakob Linke
440a0829f7 [regexp] Properly consider negated character classes for desugaring
.. instead of their non-negated form.

Fixed: v8:13097
Change-Id: I6426f5bbce2dfec2bbc64346d04f3b833d17c2b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3802690
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82100}
2022-08-01 13:47:35 +00:00
Manos Koukoutos
387dfe27eb [wasm-gc] All type shorthands should be nullable
arrayref, dataref and i31ref get changed to (ref null t).

Bug: v8:7748
Change-Id: Iae0e6969a1f71ccf1f193c267d761b7a1796f67b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3788093
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82048}
2022-07-28 17:11:45 +00:00
Marja Hölttä
0d0e73e61c [rab/gsab] Fix error handling in GetDerivedRabGsabMap
It was delegating to GetDerivedMap but not handling the possible
error coming from it.

Bug: v8:11111,chromium:1347722
Change-Id: I348ed721281d8edd324f0e364d8ed45602cb9f54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791063
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Marja Hölttä <marja@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82046}
2022-07-28 17:04:01 +00:00
Marja Hölttä
602960f8ea Reland [rab/gsab] Fix accessing raw byte length
Now with smaller repro

Bug: v8:11111,chromium:1347721
Change-Id: I637d85e91249aa8eb433f6e00e4fd385d5b950ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3789519
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82022}
2022-07-28 10:45:22 +00:00
Leszek Swirski
d0a0d1bce5 Revert "[rab/gsab] Fix accessing raw byte length"
This reverts commit fb19bc369b.

Reason for revert: Test is flaky (see https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket/8807487788813571761/+/u/Check_-_isolates__flakes_/regress-crbug-1347721)

Original change's description:
> [rab/gsab] Fix accessing raw byte length
>
> Bug: v8:11111,chromium:1347721
> Change-Id: Idff4256f6720841ca4dee8f691babe7245277046
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3782812
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Auto-Submit: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81995}

Bug: v8:11111,chromium:1347721
Change-Id: Ib29bd8fad1227acb21c79378c71ed081ba8b4914
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3789505
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82007}
2022-07-27 14:36:08 +00:00
Marja Hölttä
fb19bc369b [rab/gsab] Fix accessing raw byte length
Bug: v8:11111,chromium:1347721
Change-Id: Idff4256f6720841ca4dee8f691babe7245277046
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3782812
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81995}
2022-07-27 10:36:28 +00:00
Thibaud Michaud
2623097138 [wasm][eh] Handle exceptions during value encoding
Handle the case where getting a value in the iterable object that
encodes the values throws an exception.

R=ahaas@chromium.org

Bug: chromium:1347073
Change-Id: Ie660ab04148d5fd3508397ae6e08130496f61b74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3788097
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81974}
2022-07-26 15:47:37 +00:00
Manos Koukoutos
af39b32154 [wasm-gc] Remove nominal types
Some tests and testing infrastructure had to be changed because it
relied on nominal types.
Drive-by: Support function supertypes in wasm-module-builder.js.

Bug: v8:7748
Change-Id: Ife92431d1842ff9de91e296a50421aa48f02c0de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3776197
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81862}
2022-07-21 09:13:12 +00:00
Matthias Liedtke
e43a5f0ee2 [test][wasm-gc] Replace (array|struct).new_[default_]with_rtt
Bug: v8:7748
Change-Id: Ib8fadc272178fb0d49f7d5fab7d1953e2328a1ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3770107
Auto-Submit: Matthias Liedtke <mliedtke@google.com>
Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81787}
2022-07-18 16:35:53 +00:00
Shu-yu Guo
88e538179e [turbofan] Don't inline DataView#byte{Length,Offset} without detach protector
Currently the same reduction is used for both TypedArray's and
DataView's byte{Length,Offset} accessors. But their behavior differ on
detached buffers: TypedArray returns 0 while DataView throw.

Do not do the optimization for DataViews if we can't depend on the
detach protector.

Bug: chromium:1344549
Change-Id: I38b533a62f756869380cb5c19fe254e03979e81a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763785
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81754}
2022-07-15 14:55:16 +00:00
Jakob Kummerow
1609ffa8b3 [wasm-gc] Fix endless loop in WasmGCOperatorReducer
When the control-flow aware type of a Node doesn't actually change,
then we shouldn't claim that it did (which causes later re-visiting
of the node).

Fixed: v8:13061
Change-Id: I064cedf3721a79844bfc36ad3142428bdfbaf891
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3760675
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81700}
2022-07-13 16:46:14 +00:00