This reverts commit 860fcb1bd2.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/13831/overview
Original change's description:
> Faster JS-to-Wasm calls
>
> This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/.
>
> Currently JS-to-Wasm calls go through a wrapper/trampoline, built on
> the basis of the signature of a Wasm function to call, and whose task
> is to:
> - set "thread_in_wasm_flag" to true
> - convert the arguments from tagged types into Wasm native types
> - calculate the address of the Wasm function to call and call it
> - convert back the result from Wasm native types into tagged types
> - reset "thread_in_wasm_flag" to false.
>
> This CL tries to improve the performance of JS-to-Wasm calls by
> inlining the code of the JS-to-Wasm wrappers in the call site.
>
> It introduces a new IR operand, JSWasmCall, which replaces JSCall for
> this kind of calls. A 'JSWasmCall' node is associated to
> WasmCallParameters, which contain information about the signature of
> the Wasm function to call.
>
> WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments
> of the Wasm function, when the conversion is not necessary.
> The actual inlining of the graph generated for this wrapper happens in
> the simplified-lowering phase.
>
> A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage
> lazy deoptimizations that can happen if the Wasm function callee calls
> back some JS code that invalidates the compiled JS caller function.
>
> Bug: v8:11092
> Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Paolo Severini <paolosev@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#71824}
TBR=neis@chromium.org,ahaas@chromium.org,jgruber@chromium.org,tebbi@chromium.org,ishell@chromium.org,mslekova@chromium.org,nicohartmann@chromium.org,paolosev@microsoft.com
Change-Id: I214cbdee74c1a2aaad907ffc84662ed25631983e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:11092
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595438
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71825}
This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/.
Currently JS-to-Wasm calls go through a wrapper/trampoline, built on
the basis of the signature of a Wasm function to call, and whose task
is to:
- set "thread_in_wasm_flag" to true
- convert the arguments from tagged types into Wasm native types
- calculate the address of the Wasm function to call and call it
- convert back the result from Wasm native types into tagged types
- reset "thread_in_wasm_flag" to false.
This CL tries to improve the performance of JS-to-Wasm calls by
inlining the code of the JS-to-Wasm wrappers in the call site.
It introduces a new IR operand, JSWasmCall, which replaces JSCall for
this kind of calls. A 'JSWasmCall' node is associated to
WasmCallParameters, which contain information about the signature of
the Wasm function to call.
WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid generating code to convert the types for the arguments
of the Wasm function, when the conversion is not necessary.
The actual inlining of the graph generated for this wrapper happens in
the simplified-lowering phase.
A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage
lazy deoptimizations that can happen if the Wasm function callee calls
back some JS code that invalidates the compiled JS caller function.
Bug: v8:11092
Change-Id: I3174c1c1f59b39107b333d1929ecc0584486b8ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557538
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Georg Neis (ooo until January 5) <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#71824}
First step towards the new exception handling proposal:
https://github.com/WebAssembly/exception-handling/issues/125
This is essentially a revert of:
"[wasm] Switch to new 'catch' and 'br_on_exn' proposal."
The changes are:
- "catch" instruction takes a tag immediate,
- "rethrow" instruction takes a label immediate,
- Add "catch_all" instruction,
- Remove "br_on_exn" instruction,
- Do not push exceptions on the stack, only the encoded values
R=clemensb@chromium.org
CC=aheejin@chromium.org
Bug: v8:8091
Change-Id: Iea4d8d5a5d3ad50693f645e93c13e8de117aa884
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484514
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71602}
read_heap_type did not have knowledge of the module for which the heap
type was being decoded. As a result, callers of read_heap_type (or
read_value_type, which in turn calls read_heap_type) had to check after
the fact that a decoded indexed type (ref, ref null, or rtt) references
a type index within the module's bounds. This was not done consistently,
and was missing (at least) in DecodeLocals.
To avoid such problems in the future, this CL refactors read_heap_type
to accept a module and check the decoded index against it.
Changes:
- Add WasmModule argument to read_heap_type. Do so accordingly to all
its transitive callers (read_value_type, immediate arguments,
DecodeLocalDecls, DecodeValue/HeapType in unittests).
- Add index check to read_heap_type and emit an error for an
out-of-bounds index.
- Remove all other now-redundant index validations. Replace them with
decoder->ok() if needed (since read_heap_type will now emit an error).
- Fix error message in Validate for BlockTypeImmediate.
- In DecodeLocalDecls in unittests, pass an empty module to
DecodeLocalDecls in the main code.
- Add a unit test with an invalid index in local type declarations.
Bug: v8:9495
Change-Id: I4ed1204847db80f78b6ae85fa40d300cd2456295
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2569757
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71572}
When a function returns multiple result, we check the only the first
result. We correctly get the first return value from the interpreter
results, but did not handle the compiled code correctly, which returns a
JSArray.
Bug: chromium:1153406
Change-Id: I32198cea131cab18094fac3e66a44e976907773d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2562816
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71488}
Scopes in V8 are used to guarantee one or more properties during its
lifetimes. If a scope is not named e.g MyClassScope(args) instead of
MyClassScope scope(args) it will get created and automatically destroyed
and therefore, being useless as a scope. This CL would produce a
compiling warning when that happens to ward off this developer error.
Follow-up to ccrev.com/2552415 in which it was introduced and
implemented for Guard classes.
Change-Id: Ifa0fb89cc3d9bdcdee0fd8150a2618af5ef45cbf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555001
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71425}
After preparing Liftoff, TurboFan, and the interpreter for this change,
we now store the memory offset as uint64_t. {LoadLane} and {StoreLane}
were added after the TurboFan refactoring, so those two are adapted
similar to the other memory operations.
TBR=manoskouk@chromium.org
Bug: v8:10949
Cq-Include-Trybots: luci.v8.try:v8_win64_msvc_rel_ng
Change-Id: I8f3084c21a7d99f72df1bc18c2b507c4e84570cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2560720
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71411}
This reverts commit 44efa00b04.
Reason for revert: Breaks MSVC with warning as error:
https://ci.chromium.org/p/v8/builders/ci/V8%20Win64%20-%20msvc/15903
Original change's description:
> [wasm][memory64] Decode memory offset as 64-bit LEB
>
> After preparing Liftoff, TurboFan, and the interpreter for this change,
> we now store the memory offset as uint64_t. {LoadLane} and {StoreLane}
> were added after the TurboFan refactoring, so those two are adapted
> similar to the other memory operations.
>
> R=manoskouk@chromium.org
>
> Bug: v8:10949
> Change-Id: Iba66ce448904e23b152fcb8612d171124e615473
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555006
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71382}
TBR=clemensb@chromium.org,manoskouk@chromium.org
Change-Id: Ia0f46a0b6fd2102a61c7664d7cdd86a2cf8ddb24
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10949
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2558752
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71383}
After preparing Liftoff, TurboFan, and the interpreter for this change,
we now store the memory offset as uint64_t. {LoadLane} and {StoreLane}
were added after the TurboFan refactoring, so those two are adapted
similar to the other memory operations.
R=manoskouk@chromium.org
Bug: v8:10949
Change-Id: Iba66ce448904e23b152fcb8612d171124e615473
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555006
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71382}
This CL prepares the interpreter for 64-bit addresses. The offset (in
the memory immediate) can now be 64-bit, and also the index (from the
stack) will be 64-bit if memory64 is enabled.
memory.size will return a 64-bit constant under memory64.
memory.grow is a bit more involved and requires more refactorings in the
called functions. I left a TODO in the interpreter for now.
R=manoskouk@chromium.org
Bug: v8:10949
Change-Id: I47ab7e38a7356239c827619325f4583069e46669
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555000
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71376}
The top-level functions are already in an anonymous namespace, hence
'inline' is redundant.
Similar for the methods defined within the class declaration.
R=manoskouk@chromium.org
Bug: v8:11074
Change-Id: I84f790aa2826e4f9e9efcea7cabe75d6ea05f070
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554605
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71369}
Prototype 2 prefetch instructions (temporal and non-temporal) on arm64
and interpreter.
Add prfm to assembler, and use MiscField to encode the two versions.
Small tweak to simulator to handle these new instructions (no-op).
The implementation in the interpreter just pops the memory index and
does nothing.
Simple test cases added for these 2 new instructions, as well as a
prefetch with OOB index, which should not trap.
Bug: v8:11168
Change-Id: Ieced8081615d07f950d6d4c1128d1bc6a75839fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2543167
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71353}
Prototype i32x4.extadd_pairwise_i16x8_{s,u} and
i16x8.extadd_pairwise_i8x16{s,u} (names not confirmed) on ARM64 and
interpreter. With a simple test case.
Bug: v8:11086
Change-Id: If1ffc04e179e86ca5cc209bf9ef9d337298e3cc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2513872
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71068}
Clean up src/wasm and test/
Bug: v8:11074
Change-Id: I1b3d3475a0fbfafe75bb49acfd851f8bd5af5182
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2519183
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71025}
For atomic.wait we have to check in generated code if the memory is
shared. If not, the code has to trap. In compiled code, this is done in
the runtime function. In the interpreter, however, this check was
missing. This CL adds the check to the interpreter.
R=thibaudm@chromium.org
Bug: chromium:1144603
Change-Id: If897e3f10b404ff677341ee14ad9eda7f5e64d16
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2512922
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70948}
The immediate might not be 2 bytes from start of instruction, because
the opcode is leb encoded.
Bug: chromium:1143053
Change-Id: I3c514e771419470ce34e02d4faa24e9e59676aa6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504852
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70828}
Change-Id: I8a9322ef3c7ebaa4f8827a65dca3215f16d70454
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2488024
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70670}
There is a typo getting the values of the lanes, only on big-endian
systems. (On little-endian systems, the use of LANE macro hides the
error).
Bug: v8:11008
Change-Id: I99efde506dab443efd336346ec920fcd957daae2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2486614
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70666}
First CL with initial changes:
https://crrev.com/c/2468618
This CL adds the same set to the wasm interpreter.
We also need to make sure "negation" as well as
"std::abs" are excluded from this fix as they can reverse
the sign bit intentionally.
Change-Id: I115649f55b5290d2529dda3d5592feaff3363b76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485246
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70632}
Not sure why I originally chose to name it LoadMem32Zero instead of
Load32Zero like the proposal. This fixes it.
Bug: v8:10713
Change-Id: If05603f743213bc6b7aea0ce22c80ae4b3023ccf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2481824
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70630}
Also known as multiply long, this multiplies the top or bottom half of
the input operands, the result is twice as wide as the input.
This implements arm64 and interpreter.
Bug: v8:11008
Change-Id: Iad693007066dd1a9bc529b282e88812a081c3a01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2469156
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70624}
Store lane loads a value from memory and replaces a single lane of a
simd value.
This implements store lane for x64 and interpreter.
Bug: v8:10975
Change-Id: Ida79a03e0fd2bc18f2c06687311936b3cb550ed5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2473383
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70586}
read_prefixed_byte is used mostly to read an entire prefixed opcode, it
writes the number of bytes of the opcode index (without prefix byte) to
the out param length. Change it so it writes the total number of bytes
(including the prefix byte), as that is what most callers want (they add
1 after calling read_prefixed_byte).
Bug: v8:10810
Change-Id: I914190ecae62e3547652accdc05d1cef3686fff4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476678
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70551}
Rename AddSaturate and SubSaturate to the shorter version, AddSat and
SubSat, following the spec.
Bug: v8:10946,v8:10933
Change-Id: Idf74b3a1eb2e2f6d4e37d2b8e5fa6d96ea090db4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436615
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70549}
We now remember whether the memory was 64 bit, in in this case force the
index value to be an i64 instead of an i32.
This is only the decoding part of this change. TurboFan and Liftoff will
have to be fixed separately to handle the i64 values correctly.
R=manoskouk@chromium.org
Bug: v8:10949
Change-Id: Ia504e7eb5a2a55caf8dfdbd0833481ef590c55bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461239
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70473}
This implements i8x16.popcnt on arm64 and interpreter.
Bug: v8:11002
Change-Id: Ia94a053d7e0a0c800057ac80865ba6f86ac7caf8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461058
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70461}
Load lane loads a value from memory and replaces a single lane of a
simd value.
This implements the load (no stores yet) for x64 and interpreter.
Bug: v8:10975
Change-Id: I95d1b5e781ee9adaec23dda749e514f2485eda10
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2444578
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70456}
These instructions are not in the proposal, and will be unlikely to be
requested (poor performance, insufficient use cases). As we get more
instruction suggestions, these are sitting around on useful opcodes and
we have to play musical chairs every time we prototype a new
instruction.
Bug: v8:10933
Change-Id: Ic7ce4e514c343d821f76b8c071e41f9bddfbd1ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2457669
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70455}
Only implemented and tested on arm64 and interpreter.
Moved a helper function (Clamp, renamed to Saturate) into src/utils to
be able to reuse this in interpreter and tests.
Bug: v8:10971
Change-Id: Iaffcd36d27e0e8ab11e167befa96eef8e59f1c81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438990
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70360}
We used not to emit canonical indexes for arrays and structs into
WasmModule::signature_ids, which resulted in signature_ids not referring
to the correct type indices in a WasmModule.
Changes:
- Rename signature_ids to canonical_type_ids.
- Emit trivial canonical type ids for structs and arrays.
- Add a test to catch the existing bug.
- Improve DCHECKs for module type accessors.
Bug: v8:7748
Change-Id: I67ad58865e35b459b21db12557564b652035db75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2444989
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70318}
This was not happening when there was no need to typecheck the entry.
Additional changes:
- Add tests with null table entries for typed and untyped function
tables.
- Allow AddIndirectFunctionTable in wasm-run-utils to specify table
type.
- Add possibility to define tables in test-gc.cc.
- Merge trapTableOutOfBounds with trapInvalidFunc.
- Use trapTableOutOfBounds in call_indirect as appropriate.
- Fix emission of table types in wasm-module-builder.cc.
Bug: v8:9495
Change-Id: I4a857ff4378e5a87dc0646d94b4c75635a43c55b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442622
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70311}
As a preparation to add a "boolean validation" mode, rename the existing
flags. This removes many unrelated changes from the follow-up change and
makes it easier to review.
R=thibaudm@chromium.org
Bug: v8:10969
Change-Id: I5f71405b525a7caa91be46c035e31d4d960e4e4c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440036
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70224}
These instructions were changed from "s8x16" to "i8x16" prefixes in
https://github.com/WebAssembly/simd/pull/321.
This CL updates all V8 code, including arch-specific code, to match.
Bug: v8:10946, v8:10933
Change-Id: I26ef9ad77571f94501d42c1d65f57380fd507f3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2432068
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70143}
This is a first small step for implementing the memory64 proposal:
1. Add a feature flag.
2. Add the 0x04 and 0x05 limits flag for memory64.
3. Read memory limits as LEB-encoded u64 (instead of u32) if a memory64
limit flag was read.
4. Unify {MaximumFlag} and {MemoryFlag}, which was used inconsistently
before.
5. Add test for memory limits encoded with >5 bytes.
6. Move some macros from module-decoder-unittest.cc to wasm-macro-gen.h.
Note that still the same limits for the maximum number of pages applies
as before, i.e. you cannot specify a memory >4GB yet. But you can encode
that small number in >5 bytes.
R=manoskouk@chromium.org
Bug: v8:10949
Change-Id: I90a4f08426ae714a67440281785eb00cfc24a349
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2423712
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70110}
Instantiating a module that contains a function (exported) with a v128
in its signature is fine, but then later calling it will trap.
So v128 values are technically not callable from JS, but we can give it
a default argument of 0, and will later trap anyway. This is useful when
fuzzers generate functions with v128 in the signature of the main
function that we then later try to call.
Bug: chromium:1129068
Change-Id: I93f239a0355b8059e25b8bd5f1274d151d71ee11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2419657
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70038}
For "else" and "catch" statements, the Ref to the end label should only
be added if the current block is unreachable, not the parent block.
In the added regression test, the "true" block ends in an unreachable
state with a stack height less than the target height of the end label.
This is valid due to the semantics of unreachable code, but we should
not add the Ref in this case because its stack height is invalid.
R=clemensb@chromium.org
Fixed: chromium:1092130
Change-Id: Iebaf5e7d6516278ccd3c8268ac331069e109d882
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2412181
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69934}
Those functions will return a BigInt, which we need to convert to int to
match the value returned by the interpreter.
R=ahaas@chromium.org
Bug: chromium:1127717
Change-Id: I328660ab73776de2bd90b19d18e46663efe6b6cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2412177
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69922}
Fix lowering of functions that returns the result of an
i8x16 or i16x8 operation.
Bug: v8:10507
Change-Id: Ia3b29e69cff7771f85dc5160937cbaf2bbc12b55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2399049
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69832}
The wasm interpreter is slow on an arm simulator build with asan when
it comes to return calls. An infinite return-call recursion therefore
caused a timeout on ClusterFuzz. With this CL we increase the costs of
return calls, and thereby avoid the timeout.
R=clemensb@chromium.org
Bug: chromium:1124899
Change-Id: If88e060779fbe2569e289e60170cf487dd31d7db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2397615
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69740}
Functions with v128 in their signatures are always lowered to 4 word32.
So if a return happens to be have an input that is a f32x4 operation, we
get a register allocator error because it tries to fit a float into a
general register. To fix that we need to do some checks when lowering
kReturn, and for each input node, if we are returning a v128, and it is
to be lowered into 4 f32 nodes, we bitcast the floats to ints.
Bug: v8:10507
Change-Id: Iea2fdfc4057304ebf0898e6f7091124629c589f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2391331
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69705}
The fuzzers were calling the compiled function without passing explicit
arguments. Thus all arguments were converted from the "undefined" value,
which typically results in a zero value, as expected.
For BigInt though, it's not allowed to pass "undefined". We have to pass
a proper BigInt.
This CL implements this by passing explicit parameter values for all
parameters.
This effectively unlocks testing BigInt parameters in all fuzzers, thus
may increase coverage and find new bugs.
R=ahaas@chromium.org
Bug: chromium:1120355
Change-Id: I4e451d2418eb73d460fa937d1cf95a1ab6c99cf5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2377945
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69570}
This is a reland of 899cb34868.
The new fuzzer regression test is skipped in jitless.
Original change's description:
> [wasm][fuzzer] Fix exception detection
>
> Exceptions were detected by checking for a pending exception on the
> isolate, but {CallWasmFunctionForTesting} was clearing any pending
> exception before returning.
> This CL fixes that by explicitly passing back a boolean which is set if
> an exception occurred during execution.
>
> R=ahaas@chromium.org
>
> Bug: chromium:1115280
> Change-Id: Ife71ceef0751d18e0870335b9520c2bf77e351cc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352787
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69404}
Bug: chromium:1115280
Change-Id: I9bb7300d423c53214e51e61233b0a6b09a21fd97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2361464
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69446}
This reverts commit 899cb34868.
Reason for revert: Added regression test fails on Arm Sim:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/11584
Original change's description:
> [wasm][fuzzer] Fix exception detection
>
> Exceptions were detected by checking for a pending exception on the
> isolate, but {CallWasmFunctionForTesting} was clearing any pending
> exception before returning.
> This CL fixes that by explicitly passing back a boolean which is set if
> an exception occurred during execution.
>
> R=ahaas@chromium.org
>
> Bug: chromium:1115280
> Change-Id: Ife71ceef0751d18e0870335b9520c2bf77e351cc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352787
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69404}
TBR=ahaas@chromium.org,clemensb@chromium.org
Change-Id: I1d3c0e57df7ec25b09f2037c31c9b30eb0866548
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1115280
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2357189
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69405}
Exceptions were detected by checking for a pending exception on the
isolate, but {CallWasmFunctionForTesting} was clearing any pending
exception before returning.
This CL fixes that by explicitly passing back a boolean which is set if
an exception occurred during execution.
R=ahaas@chromium.org
Bug: chromium:1115280
Change-Id: Ife71ceef0751d18e0870335b9520c2bf77e351cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352787
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69404}
Bring the return value of {InterpretWasmModule} in sync with
{CallWasmFunctionForTesting}, because the fuzzers now compare the two.
R=ahaas@chromium.org
Bug: chromium:1115431
Change-Id: I0abf79c4418a4e6cc7365a78148e5e71cf32231b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2351678
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69374}
Since it will be patched in later in the cases where it will be used,
there is no need to have it as a parameter.
Bug: v8:7790
Change-Id: I93b27f3baf8c3841a60f5ac5ed09993d1caf19bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2351667
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69366}
This removes the {InterpretWasmModuleForTesting} function in favor of
{InterpretWasmModule}, and uses that in {InterpretAndExecuteModule}.
The latter again is reused in {WasmExecutionFuzzer::FuzzWasmModule},
such that all fuzzers execute the same checks now.
R=ahaas@chromium.org
Bug: chromium:1112099, chromium:1113681
Change-Id: Ia8818b93e9274266a81573edd6852e4e4734b150
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346283
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69331}
Remove the {ErrorThrower} parameter to {CallWasmFunctionForTesting} (it
was only populated in a subset of failures anyway), and merge it with
{RunWasmModuleForTesting}.
R=ahaas@chromium.org
Bug: chromium:1113681
Change-Id: I5391e2f911928641a907bc5dad5a54677c90acb6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346279
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69327}
The interpreter is used for testing (including fuzzing) only, and in
these cases it's often important to see the exact value of a float. Both
decimal and scientific notation does not show the full value though, and
decimal representation can also be really long for large values, making
it hard to compare values.
This CL switches this debug output to hexadecimal float values, which
always shows the float value in full precision and is also much shorter
than decimal notation in many cases.
R=ahaas@chromium.org
Bug: chromium:1112099
Change-Id: Ia84824227fcd2f1e763ab89280a202ed44930a71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346646
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69323}
The plain "wasm fuzzer" (which takes the fuzzer input as the wasm wire
bytes) was already running both the interpreter and compiled code, but
it did not compare the results of both.
This CL fixes this by reusing some logic that was already present in the
fuzzers based on the {WasmCompileFuzzer} class.
R=ahaas@chromium.org
Bug: chromium:1113681, chromium:1112099
Change-Id: I9d407f66dfcba0eec90f050630b028edd5fae1d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339624
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69310}
The {name} parameter was unused, we always picked the exported "main"
function.
R=ahaas@chromium.org
Bug: chromium:1113681
Change-Id: Iee4b8f72e1137a7e366c3c31b4fa4e4ef81863b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2345964
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69307}
The interpreter is not an execution tier in production any more. It's
only used in tests.
Thus, remove {ExecutionTier::kInterpreter} and instead add a
{TestExecutionTier} that still has {kInterpreter}.
If needed (in {TestingModuleBuilder::execution_tier()}), we translate
back from {TestExecutionTier} to {ExecutionTier} (for {kLiftoff} and
{kTurboFan} only).
The {TraceMemoryOperation} method, which is shared between interpreter
and production code, now receives a {base::Optional<ExecutionTier>}, and
we will just pass en empty optional if called from the interpreter.
R=thibaudm@chromium.org
Bug: v8:10389
Change-Id: Ibe133b91e8dca6d6edbfaee5ffa0d7fe72ed6d64
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335186
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69260}
The load splat, load extend, load zero macros are essentially the same,
consolidate them into a single macro.
Change-Id: Ic812043b37524deb3a9e6ddc223bb95ae77e1d4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2304715
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68978}
Prototype in TurboFan x64 and interpreter, bailout in Liftoff.
Suggested in https://github.com/WebAssembly/simd/pull/237.
Bug: v8:10713
Change-Id: I5346c351fb2ec5240b74013e62aef07c46d5d9b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2300924
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68973}
They have been replaced with {array,struct}.new_with_rtt.
Also, rework tests that used those instructions.
Bug: v8:7748
Change-Id: I2aaccb1958bf2b8d6cad4969abc612216856393d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2307318
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68961}
This CL adds functionality to read the source positions directly
from the JS heap rather than from serialized data.
In order to do this, we create a PersistentHandles container in the
OptimizedCompilationInfo which gets passed onto the JSHeapBroker. This
allows us to create the handles in the main thread and pass them safely
to the background thread.
In order to read safely from the background thread, we need a LocalHeap
which blocks the GC from running and potentially moving the handles.
This LocalHeap is created only when the JSHeapBroker has finalized
serializing and destroyed when retiring it.
Bug: v8:7790
Change-Id: I19f8b08d12e5be0a3df34d6af2043310c0c7b6fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2277802
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68836}
... by migrating old-style code
MyObject* obj = new (zone) MyObject(...)
to the new style
MyObject* obj = zone->New<MyObject>(...)
Bug: v8:10689
Change-Id: I2fc4a44ea05e4d087565811f343893f0e97dc660
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2288857
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68789}
Motivation:
We used to approximate s33/i33 value parsing by first checking for
specific negative codes, and then parsing an u32 value if that failed.
This is not correct in all cases.
Changes:
- Implement i33 parsing in Decoder.
- Factor out parsing of heap types into read_heap_type.
- Introduce HeapType::kBottom.
- Introduce helper functions in WasmFeatures and value_type_reader.
- Remove macros from the parsing of value types.
- HeapType::code now returns an i32 for compatibility with the i33
requirement.
- Introduce HeapType::Repr.
- Renamings: HeapType::type() -> representation(),
ValueType::heap() -> heap_representation()
Bug: v8:7748
Change-Id: I04deabce8837a48af2226411cd706a397f9e5725
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2274118
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68633}
This patch does not include support for RTTs for i31ref yet.
Bug: v8:7748
Change-Id: Ifbeb8e305c2d0a57e4d5d6be761d046e330e0da1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273135
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68613}
Relanding without changes, revert reason was fixed by:
https://chromium-review.googlesource.com/c/v8/v8/+/2272564
Originally reviewed at:
https://chromium-review.googlesource.com/c/v8/v8/+/2260566
Original description:
RTTs are internally represented as Maps. To store supertype information,
this patch introduces a WasmTypeInfo object, which is installed on Wasm
objects' Maps and points at both the off-heap type information and the
parent RTT.
In this patch, rtt.sub always creates a fresh RTT. The canonicalization
that the proposal requires will be implemented later.
Bug: v8:7748
Change-Id: I7fd4986efa3153ac68037ec418ea617f3f7636e8
Tbr: ulan@chromium.org
Tbr: tebbi@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273123
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68581}
This reverts commit 04ce88eae5.
Reason for revert: TSAN failure: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/32135
Original change's description:
> [wasm-gc] Implement rtt.sub
>
> RTTs are internally represented as Maps. To store supertype information,
> this patch introduces a WasmTypeInfo object, which is installed on Wasm
> objects' Maps and points at both the off-heap type information and the
> parent RTT.
> In this patch, rtt.sub always creates a fresh RTT. The canonicalization
> that the proposal requires will be implemented later.
>
> Bug: v8:7748
> Change-Id: I8286dd11f520966155cd95c2bd844ec34fccd131
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260566
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68564}
TBR=ulan@chromium.org,jkummerow@chromium.org,tebbi@chromium.org
Change-Id: I311732e1ced4de7a58b87d4a9b6056e0d62aa986
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7748
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270734
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68567}
RTTs are internally represented as Maps. To store supertype information,
this patch introduces a WasmTypeInfo object, which is installed on Wasm
objects' Maps and points at both the off-heap type information and the
parent RTT.
In this patch, rtt.sub always creates a fresh RTT. The canonicalization
that the proposal requires will be implemented later.
Bug: v8:7748
Change-Id: I8286dd11f520966155cd95c2bd844ec34fccd131
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260566
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68564}
Motivation:
The immediate-argument classes defined in function-body-decoder.h were
often adding an offset to the provided pc. This was inconsistent,
bug-prone, and counterintuitive. This CL imposes that all immediates
are passed as pc the start of the immediate argument they are parsing.
Some other smaller inconsistencies are fixed as well.
Changes:
src/wasm/:
- Enforce that all Immediates are passed the pc at the start of the
argument they are parsing. Adapt all call sites.
- Remove unneeded offset arguments from two SIMD related immediates.
- Add a pc argument to all Validate functions for immediates instead
of using the Decoder's current pc.
- Remove the (unused) pc argument from all Complete functions for
immediates.
- Introduce Validate() for BranchOnExceptionImmediate.
- In WasmDecoder::Decode(), make sure len is updated before breaking out
of the loop in case of a Validate() failure.
- Change the default prefix_len of DecodeLoadMem/DecodeStoreMem to 1.
wasm-interpreter.cc:
- Change the default prefix_len of ExecuteLoad/Store to 1.
- Adapt offsets in calls to Immediates.
- Remove redundant opcode_length argument from ExecuteSimdOp, use len
in its place.
function-body-decoder-unittest.cc
- Adapt offsets in calls to Immediates.
- Introduce and use EXPECT_OK, as is done in other tests.
Change-Id: I534606c0e238af309804d4a7c8cec75b1e49c6ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2267381
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68559}
This method was there to turn a trap into an exception. It's not used
any more, so can be removed.
R=ahaas@chromium.org
Bug: v8:10389
Change-Id: I39bb3141722ddf1e09271348016c1d6f6d72b928
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264103
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68534}
This removes several dead functions from the wasm-module-runner.cc.
R=ahaas@chromium.org
Change-Id: I35efbc6960a28f41d14ca5d8e828c4e6f2953409
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264100
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68533}
Some operations require an immediate argument that represents a heap
type. This CL introduces a class to represent it and uses it where
appropriate. Also, the redundant TypeIndexImmediate is removed.
Bug: v8:7748
Change-Id: Ib4b1d50764a79f5dd3240688f8165c39745eaad8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260874
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68522}
Since the interpreter is not used in production any more, it does not
need to support lazy compilation. Since the code is still (accidentally)
triggered by indirect calls, we need to refactor that code. It only
allows calls within the same instance anyway.
R=ahaas@chromium.org
Bug: v8:10389
Change-Id: Ied1c8effd4c9fbb857a068db587de3463867ac80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2259942
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68512}
This allows the compiler to eliminate more unneeded branches. Since all
functions just do a lookup in a static table (either directly, or via
compiling a switch to such a lookup), they are also good candidates for
inlining, which is made possible by this change.
One DCHECK is removed instead of pulling in the inl header, which would
require more refactoring since the check is in a non-inl header.
R=thibaudm@chromium.orgTBR=jkummerow@chromium.org
Bug: v8:10576
Change-Id: If0fd25fd62c5f30b896fc67a5458a5ae475a6351
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2259944
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68508}
The IsInBounds function is used in a few different places, when used for
bounds checks on 32-bit platforms, size_t for max_memory_size leads to
incorrect out of bounds accesses as size_t is not guaranteed to be
64-bit on all platforms. Use specific uint32_t, uint64_t methods for
Wasm bounds checking instead of size_t.
Bug: chromium:1080902
Change-Id: I0e21f0a310382c8ed0703c8302200d3352495c13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2256858
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68500}
along with a very basic test case.
Bug: v8:7748
Change-Id: I93d4b280922dd9eba8defc1a83ca08a2a957376a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2254023
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68485}
Due to recent spec changes, this CL removes the type immediate of
ref.is_null again. Instead we check if the type of the input parameter
is nullable.
R=jkummerow@chromium.org
Bug: v8:10556
Change-Id: If07d30fe4dd27664be7774422573b2ab2b0dfa20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247654
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68484}
The interpreter is not used in production code any more, hence move it
from src/wasm to test/common/wasm.
It's still used in unit tests, cctests, and in fuzzers.
Because of this move, a few more methods had to be exported via
V8_EXPORT_PRIVATE.
R=ahaas@chromium.org, yangguo@chromium.org
Bug: v8:10389
Change-Id: If626b940a721146c596fd7df4faaea633e710272
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2257226
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68480}
This CL introduces one-letter shorthands to HeapTypes, and fixes
signatures to be in sync with the ValueType and HeapType shorthands.
Bug: v8:7748
Change-Id: I4cc8e26d6523074bc36bf2d29289e63a23e80ddc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249672
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68425}
Motivation:
Changes to the typed function references and gc proposals solidified
the notion of heap type, clarified nullable vs. non-nullable reference
types, and introduced rtts, which contain an integer depth field in
addition to a heap type. This required us to overhaul our ValueType
representation, which results in extensive changes.
To keep this CL "small", we do not try to implement the binary encoding
as described in the proposals, but rather devise a simpler one of our
own (see below). Also, we do not try to implement additional
functionality for the new types.
Changes:
- Introduce HeapType. Move heap types from ValueType to HeapType.
- Introduce Nullability for reference types.
- Rework ValueType helper methods.
- Introduce rtts in ValueType with an integer depth field. Include depth
in the ValueType encoding.
- Make the constructor of ValueType private, instead expose static
functions which explicitly state what they create.
- Change every switch statement on ValueType::Kind. Sometimes, we need
nested switches.
- Introduce temporary constants in ValueTypeCode for nullable types,
use them for decoding.
- In WasmGlobalObject, split 'flags' into 'raw_type' and 'is_mutable'.
- Change IsSubtypeOfRef to IsSubtypeOfHeap and implement changes in
subtyping.
- kWasmFuncRef initializers are now non-nullable. Initializers are
only required to be subtypes of the declared global type.
- Change tests and fuzzers as needed.
Bug: v8:7748
Change-Id: If41f783bd4128443b07e94188cea7dd53ab0bfa5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247657
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68408}
