Bug: v8:12868
Also adds wtf8.cc, wtf8.h to src/wasm, to implement WTF-8 validation and
possibly other utilities. Also fixes a bug when parsing the string
literals section; I had misunderstood the way the unordered/ordered
sections mechanism worked.
Change-Id: I3c4205e0872379a69575f84ba33e0090a9d8d656
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652789
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80674}
Bug: v8:12868
This wires up the parser and the decoder interface for stringref. All
of the interfaces throw UNIMPLEMENTED, however.
Change-Id: If8cb131032e425a5672f793c6e4c24ddd188aebc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3645115
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#80545}
The IsValidSectionCode function shouldn't include internally-used
numeric identifiers of well-known optional sections.
Fixed: v8:12867
Change-Id: I9d894ee57157455e92a17ddcde94f32f05fb038d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644612
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80494}
This adds a non-standard, unsafe instruction for performance
experiments: ref.cast_nop_static behaves like ref.cast_static
as far as static types are concerned, but emits no code.
Bug: v8:7748
Change-Id: Ic5797a941146a06d7c6ff249d8e29919145d8ea1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3639206
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80471}
This proposal adds i32 and i64 addition, subtraction, and multiplication
to the list of constant expressions.
See https://github.com/WebAssembly/extended-const.
Bug: v8:12089
Change-Id: I23a27a54a15fd37ee1d553992ab3b355eb9d317c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497665
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79362}
According to the latest changes in wasm-gc, externref will be renamed
to anyref, and will be assigned as the top of the reference type
hierarchy. Since in the current wasm type system funcref is not a
subtype of anyref, subtyping is now dependent on whether wasm-gc is
enabled.
Bug: v8:7748
Change-Id: I0c0ae3dd5523e624d4490ca33d1fba4c2ae59393
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468345
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79322}
The module builder was outputting the address as an unsigned LEB value
instead of a signed value, leading to wrong results.
R=manoskouk@chromium.org
Bug: v8:11863
Change-Id: I547ca98defcae0ba15b4004a506b65387534b08a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3463715
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79090}
Since inheritance depth of every type is known in the isorecursive
hybrid type system, rtts with depth are removed. This enables
simplification of type checks in Liftoff and Turbofan, as well as
decoding of object allocation instructions.
Bug: v8:7748
Change-Id: I6b52579b584191d92644de1c6e805d9f054641d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422626
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78860}
This CL replaces the equirecursive type system for wasm-gc with the
isorecursive hybrid type system presented here:
https://github.com/WebAssembly/gc/issues/257.
In broad strokes, this includes the following changes:
- In the module decoder, remove equirecursive types. Implement recursive
type groups, subtype definitions, and function/struct/array
definitions. Treat nominal modules as syntactic sugar of an
isorecursive module, where all types belong in the same recursive
group.
- Remove rtt.sub and all related infrastructure.
- Change subtyping to work with explicit supertypes only.
- Add ValidSubtypeDefinition in subtyping, to check that subtype
declarations are valid during decoding.
- Remove the subtyping cache.
- Add support for functions to have specific signature index in
WasmModuleBuilder and in test-gc.cc.
- Adapt tests.
Current restrictions:
- Recursive groups are not stored beyond decoding.
- Type canonicalization is not implemented. No tests relying on types
being considered identical post-canonicalization.
- No cross-module subtyping is possible. Tests relying on cross-module
subtyping have been commented out.
Bug: v8:7748
Change-Id: I69fd04ecc5611f6230c95d5c89d1c520163fffae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3416239
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78816}
Changes:
- Rename kWasmTrapDataSegmentDropped to the more accurate ~OutOfBounds.
- Drop unused argument from {WasmCompiler::ArrayInit}.
- Rename {Factory::NewWasmArray} -> NewWasmArrayFromElements.
- Add error handling to {InitExprInterface}.
- Allow the data count section to appear anywhere in the module under
--experimental-wasm-gc. Add the same capability in
wasm-module-builder.js.
- Add {WasmArray::MaxLength(uint32_t element_size_log2)}.
- Add kTrapArrayTooLarge in wasm-module-builder.js.
- Small test improvements in gc-nominal.js.
Bug: v8:7748
Change-Id: I68ca0e8b08f906503f0d82e5866395018d216382
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401593
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78730}
We introduce a type arrayref, which is a supertype of all array types
and a subtype of dataref. We change array.len to accept values of type
(ref null array).
Drive-by: Fix kEq/kData case in TypecheckJSObject.
Bug: v8:7748
Change-Id: I47c6a4487ddf5e7280c1427f43abe87a97c896bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3368105
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78565}
Since we introduced `array.init` as a way to create fully initialized
arrays, immutable arrays are no longer useless, and they enable certain
static optimizations, so this patch allows them.
Bug: v8:7748
Change-Id: I404aab60099826f4bd83cf54e5e1acbc38a3ca9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3221151
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77397}
Per https://github.com/WebAssembly/gc/issues/234, this implements
"nominal" type definitions with explicit supertypes, and statically
typed RTT-less instructions for allocation and testing/casting.
This should be fully backwards compatible with existing Wasm modules.
Spec: https://bit.ly/3cWcm6Q ("version 4")
Bug: v8:7748
Change-Id: Id5a1399b368fdfad22036cfd66f1bef593e640f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3144916
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76844}
We currently print reference type indices as unsigned LEB. This will not
work properly for large indices (>=64), as they will be interpreted as
negative indices when read back. They may also alias with builtin types.
In this CL, we fix this by defining builtin types as negative numbers.
We add positive byte constants that can be used in function bodies.
We adapt wasm-module-builder and tests to the above changes.
Bug: v8:7748
Change-Id: I4dfaa65d4cbf77a6731ca2283148bd842ea5c56b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080569
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76176}
Design doc: https://bit.ly/36MfD6Y, section "Improving Computational
Complexity of CSALoadElimination".
We optimize CsaLoadElimination::AbstractState::KillField() by
fine-graining AbstractState. We now represent it with 6 maps
corresponding to (object kind, offset kind) pairs. This makes it
possible for KillField() to manipulate the state faster. For more
information consult the above design doc.
Bug: v8:11510
Change-Id: I7d991cd47f946edb20e746bc7e6792ae3c70004f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038521
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76165}
This patch makes V8 accept the binary format produced by Binaryen
after https://github.com/WebAssembly/binaryen/pull/3933 when the
--experimental-wasm-gc-experiments flag is present. The explicit
inheritance information is not used for anything. Validation is
performed only insofar as explicit supertypes must be valid types.
Bug: v8:7748
Change-Id: Id5b5050aa03591281632e3a2a161aa93422e10bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071406
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76135}
The JS API constructor was renamed to "WebAssembly.Tag" to match the
spec:
https://github.com/WebAssembly/exception-handling/issues/159
Rename "exception" to "tag" throughout the codebase for consistency with
the JS API, and to match the spec terminology (e.g. "tag section").
R=clemensb@chromium.org,nicohartmann@chromium.org
Bug: v8:11992
Change-Id: I63f9f3101abfeefd49117461bd59c594ca5dab70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053583
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75994}
Changes:
- Add struct.new_with_rtt as a new WasmInitExpr. Parse it in
consume_init_expr(). Add it to
InstanceBuilder::EvaluateInitExpression().
- Change WasmInitExpr::operand_ to vector operands_.
- In consume_init_expr(), use parsed over hard-coded opcode length.
- Improve WasmStruct::WasmStructPrint slightly.
- Add Factory::NewWasmStruct().
- Add WasmValue::CopyToWithSystemEndianness.
- In wasm-module-builder.js, generalize emit_init_expr for expressions
with operands. Add missing init. expression types.
- Add tests.
Bug: v8:7748
Change-Id: Ica12378d202730aff1b57c7d4240aa00ef124f8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2940893
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75006}
This instruction is a non-standard V8-only experiment for now,
hidden behind the --experimental-wasm-gc-experiments flag.
The motivation is to provide a way to set up non-canonicalized
RTT hierarchies, to enable expressing the type system of Java-like
languages in terms of WasmGC constructs.
Bug: v8:7748
Change-Id: Idf1c18e9944c983f40f1e01b2032ee5fdc2fd81b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2930478
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74920}
There are two different limits for the maximum memory size in
WebAssembly:
1) A 4GB limit which is the same on all platforms, and is observable for
JS programs. It is used to limit the allowed declared maximum size of a
wasm memory.
2) A potentially lower limit (2GB on 32-bit systems, 4GB otherwise)
which can be further limited using a command-line flag. This limit is
used whenever actually allocating or growing a wasm memory. This limit
is not directly observable, but we make sure that no wasm memory will
ever be bigger than this limit.
The second limit is the one we should check against when allocating or
growing memory, while the first limit should be used when validating
a module (or the parameters for WebAssembly.Memory). The compiler can
rely on no memory being bigger than the second limit, which again is
never bigger than the first limit.
This CL adds some more documentation to the two limits, and cleans up
all usages.
This also makes {kPlatformMaxPages} and {kMaxMemoryPagesAtRuntime}
obsolete.
R=jkummerow@chromium.org
Bug: chromium:1207263
Change-Id: I43541aafd3f497d1c368bd9400e9bc667bdfd3d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2910787
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74742}
This is a reland of 8f39a58586
Changes compared to original:
Change the type of arguments of WASM_I32V from byte to int for MSVC
compatibility.
Original change's description:
> [wasm-gc] Implement br_on_cast_fail
>
> Bug: v8:7748
> Change-Id: I7894ad51ccf8ac41a5081c272a583a4ff25c1835
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2900225
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74652}
Bug: v8:7748
Change-Id: I39f39ff6979382f5618683a8e7754f56df4ec9e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905599
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74689}
Element segments and tables in tests used an ad-hoc mechanism to
describe the different types of initializer expressions, e.g. an number
which could denote either the value of a constant or the index of a
global. This CL tidies up and generalizes the test infrastructure by
directly using WasmInitExpr in those cases.
Additional changes:
- Introduce WasmElemSegment class.
- Remove obsolete --experimental-wasm-bulk-memory flag from tests.
- Rename WasmInitExpr.type -> kind.
- Remove dependency of wasm-module-builder from mjsunit.js (except in
assertTraps).
Change-Id: I716254a04ceea9ceb8ac6b848e12e1637f618f0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857638
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74368}
Changes:
- Add WasmInitExpr class which knows how to create initializer
expressions as pairs of {type, value}. Also define a default for every
type. Emit such pairs to a byte array with emit_init_expr().
- Add an initializer expression to every global (addGlobal() uses the
default if the argument is absent).
- Introduce wasmI64Const();
- Update tests as needed.
Change-Id: I75ffe96604891506ad78bd3677ce1efe5e0cee07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2851892
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74231}
Changes:
- Implement function subtyping in wasm-subtyping.cc.
- Add Signature::Build(), which takes initializer lists for the return
and parameter types.
- Only throw kTrapFuncSigMismatch in call_indirect, change that trap's
message.
- Add a missing "return 0" in function-body-decoder-impl.h
- Fix a faulty check in wasm-objects.cc.
- Improve some comments.
- Write tests. Improve readability of subtyping-unittest.
Bug: v8:7748
Change-Id: I1caba09d5bd01cfd4d6125f300cd9c16af7aba99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2822633
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73972}
This is a more canonical type name, and is in line with {kVoidCode}.
Change-Id: Iaae9524b6fb6ecaafd63ce81cf30e3d01ca3e525
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2775565
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73557}
This brings the WasmModuleBuilder in the mjsunit test suite
up to date wrt. the latest changes of the GC proposal.
Bug: v8:7748
Change-Id: I4e1a3d34a1e83626ab89d2fa0e10ca4aa61d75ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2690590
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73496}
This is done with a script that does something like:
files=$(ag 'v\d\d?x\d\d?[._]?all_?true' -l)
sed -i 's/V\(8x16\|16x8\|32x4\|64x2\)\([._]\?\)\([aA]ll_\?[tT]rue\)/I\1\2\3/g' $(files)
sed -i 's/v\(8x16\|16x8\|32x4\|64x2\)\([._]\?\)\([aA]ll_\?[tT]rue\)/i\1\2\3/g' $(files)
And manual fixups in test-run-wasm-simd.cc and wasm-opcodes-inl.h.
Bug: v8:10946
Change-Id: Ib5dad388dd6dd9cd0fb575ad961dffc189a2e6ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2740488
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73309}
They were using a fixed offset of pc+2, but since the instructions can
be multiple bytes long (leb128 encoded), it should be using *len.
Drive-by fix to add missing instructions to wasm-module-builder.js.
Bug: chromium:1185323,chromium:1185492
Change-Id: I12f396cc2969ecc284aba35b94b1bc5640f12277
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2745977
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73308}
Bump wasm-spec-tests version since the opcodes have also changed.
Also add missing opcodes to wasm-module-builder.js.
Bug: v8:6020
Change-Id: I60dcf1b300a5278aab5e1814c9ebf4ee85c60053
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2728432
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73233}
This adds the possibility to define non-nullable function tables of heap
types kFunc and user-defined functions. When such table is defined, it
is obligatory to provide an initializer expression after its limits.
Currently, this can only be a function reference.
Changes:
- Change WasmTableObject::raw_type to encode the whole entry type.
- Restructure call_indirect to load the signature only if needed, and
do null checks only if needed.
- Add the requirement to provide an initializer expression for
non-nullable tables in module-decoder.
- Rename "global initializer" -> "initializer expression" everywhere.
- Add table initialization in module-instantiate.
- Edit both the C++ and JS WasmModuleBuilder.
- Add and slightly improve tests.
- Format wasm-module-builder.js.
Bug: v8:9495
Change-Id: I7453ee7d567afd5b5fe48a4f1653513787cfe99a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732673
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73215}
In the latest spec, catch_all is encoded as 0x05. This is the same
opcode as "else", but they do not conflict because "else" is not valid
in the context of a try block.
The 0x0a opcode now corresponds to the "unwind" instruction, which
currently has the same semantics as "catch_all".
R=clemensb@chromium.org
Bug: v8:11392
Change-Id: Ie9cd06c9a2001a02d8bea5be7a3c016e3a58ee3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2674007
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72531}
This is a reland of commit 9c09c227b0.
The fix for gc stress failure is merged: https://crrev.com/c/2656857.
Original change's description:
> Bug: v8:11331
> Change-Id: Ie394ec841a1a1c4030c4f589eac2cee8a6a2a1f9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2639033
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72304}
Bug: v8:11331
Change-Id: I82f57b3fe5f0c456472aa7ce404703f34b73d17e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2659511
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72465}
