There were multiple bugs and no test coverage for br_on_cast and br_on_cast_fail, specifically for the paths in the decoder where those
checks get optimized away.
Bug: v8:7748
Change-Id: I6e5d6449152df0456b43938174f57055a4c63fdd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723503
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81349}
This merges the separate opcode name definitions from wasm-opcodes-inl.h
into the main opcode-defining macros in wasm-opcodes.h. This is simpler
(avoids a bunch of fairly complex macros) and easier to update when we
add new opcodes in the future.
The tests become obsolete because they would simply repeat the implementation.
Change-Id: Ib6421da5670079e7725659c1f4008251f8ff7aed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714244
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81280}
CreateJob() is similar to PostJob() but doesn't schedule anything
until Join() or Notify*() is called.
This allows
- CreateJob().Join() without too many worker.
- Early 'empty' CreateJob() for initialization
without causing spurious calls to GetMaxConcurrency()
Bug: chromium:1287665
Change-Id: I8fd8b139392ad30218f0cf8f580b2d76f1078777
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3668842
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81166}
Already after enabling Liftoff, the name did not match the semantics any
more. The callback was called after top-tier finished, not after initial
compilation of the module finished.
With dynamic tiering, the name is even less fitting.
This CL renames the "OnModuleCompiled" callback in the API to
"MoreFunctionsCanBeSerialized", which makes it more obvious what the
API should be used for. It also internally renames all related typedefs
and methods accordingly.
One call of the callback in the streaming decoder was already wrong
before this CL and is being removed.
R=jkummerow@chromium.org, cbruni@chromium.org
Bug: v8:12899
Change-Id: I95c0fc9e32442383e47e4370e31277cc065bf0fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687689
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81093}
The module's "prefix hash" is based on a prefix of the module bytes that
starts at the beginning of the module and stops at the code section.
In the case of the streaming decoder, if the code section is empty,
`AsyncStreamingProcessor::ProcessCodeSectionHeader()` is never called,
and we keep accumulating bytes in the hash after the code section. Fix
this by always calling into the streaming processor even if the code
section is empty.
R=ahaas@chromium.orgCC=clemensb@chromium.org
Bug: chromium:1334651
Change-Id: Id2a03468b355867868e589523c994c268c7b4eaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695564
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81060}
Anyone using CopyablePersistentTraits should be using v8::Global, so
deprecate it and fix the uses in V8.
Bug: v8:12915
Change-Id: I25e6f2a03e070db9e9af9bbd9ea8cbc0f838c5ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3669254
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81001}
When a 8x16 shuffle matches a packed byte to dword zero extension,
1. input1 is S128Zero after canonicalization,
2. the indices {0,4,8,16} are consecutive value in the range [0-15] and
other indices are in the range [16-31],
the shuffle can be matched to packed byte to dword zero extend. These
shuffles are commonly used in image processing.
Change-Id: I14d1e35401dbc5ecd91f67c46ea9762628835d01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3547667
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Fanchen Kong <fanchen.kong@intel.com>
Cr-Commit-Position: refs/heads/main@{#80953}
Extend the effect of --freeze-flags-after-init to also protect updates
of individual flags instead of only the API.
For this, we wrap each flag in a {FlagValue} class which implicitly
converts to the value of the flag. Some cases still require the explicit
{value()} accessor though. That accessor is {constexpr}, in contrast to
the implicit conversion, because otherwise clang emits a lot of warnings
about dead code within "if (FLAG...)" scopes.
R=cbruni@chromium.org
Bug: v8:12887
Change-Id: I87d3457e49ceb317d34d6a21cf09c520d4171eb5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3683321
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80938}
This fully removes the kFinishedTopTierCompilation event, and any
handling of it. In a dynamic tiering world, that event has no meaning
any more.
R=ahaas@chromium.org
Bug: v8:12899
Change-Id: I36484e36f7c36f2ac4fcb111e67a14509c2eefef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3667081
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80930}
Prototype the instruction on the interpreter, and Arm64. Details of
instruction lowerings on all relevant architectures can be found at:
https://github.com/WebAssembly/relaxed-simd/issues/52
Bug: v8:12908
Change-Id: If8ffb82c38042191c67c9b5c23a231877d4f2159
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3679848
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Ilya Rezvov <irezvov@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80924}
We introduce a typing phase into the Turbofan compilation pipeline for
wasm-gc. It has two functionalities: (1) to type nodes that were not
typed during code generation (mainly phi nodes) and (2) to narrow types
as much as possible.
The following nodes are handled, which should be enough for our
purposes: TypeGuard, WasmTypeCast, AssertNotNull, Phi, LoadFromObject,
and LoadImmutableFromObject.
Loop phi types are computed by first assigning the type of the
non-recursive input, and updating once we have the type of the recursive
inputs, and repeating this process to a fixed point.
Drive-by: Remove the narrowing of function signatures during wasm
inlining, as it created some issues and should not be needed after this
series of changes.
Bug: v8:7748
Change-Id: I8a72488d5c221c4ae8257fc5abf6f0368cf10e96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3678208
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80912}
Remove code size and compilation time sampling for the "top tier
finished" event. With dynamic tiering, this event will never be reached.
R=ahaas@chromium.org
Bug: v8:12899
Change-Id: I1b0d053e31fe8cd1f8ba3b23bfff4c5879569b45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647691
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80867}
This CL fixes all spots where wasm Turbofan code did not satisfy the
invariant that all nodes with effect outputs are connected to another
node. Also, it enables the related verification for wasm code.
Drive-by:
- Simplify how stack checks are removed during loop unrolling.
- Fix a test declaration in test-gc.cc.
Change-Id: Id32af8584ba0ec281f4bf7757bd2915e6d8bf443
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3676862
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80854}
Some tests disabled dynamic tiering in order to actually serialize
TurboFan code. This makes the tests a bit simpler, but does not reflect
real-world usage.
This CL enables dynamic tiering in those tests and when needed executes
the code until tier-up was observed.
R=ahaas@chromium.org
Bug: v8:12899
Change-Id: I34cb8cedbc5908d9e6ca09d56c51609d0c8b2d6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3660262
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80849}
We introduce wasm types to Turbofan. They are represented by a new
subtype of {TypeBase}.
Types are attached to nodes during graph generation, as nodes are
assigned to wasm values. Therefore, phi nodes corresponding to merges
are not typed. Missing types will be computed, and assigned types will
be narrowed as much as possible, in a retyping phase that will be
introduced later.
Bug: v8:7748
Change-Id: I943559cf1d512edfab3bb2d22f8748c072cb1911
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3660248
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80778}
Bug: v8:12868
A slight modification to the existing DFA-based UTF-8 allocator to allow
decoding surrogates, for use in decoding WTF-8. We'll need to
additionally constrain the decoder to disallow surrogate pairs.
Change-Id: Ifddbf08d4eeeff8f270df52a68f01769ea790eec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652787
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80654}
Triggering tier-up can happen very often, so the runtime function should
be as slim as possible.
This CL adds two DisallowGarbageCollection scopes and removes a
HandleScope which was unnecessarily created.
R=jkummerow@chromium.org
Bug: v8:12281
Change-Id: I43e7f2b449630856ac8dfb36d294fbd29191d0eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652300
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80644}
If b is S128Zero, Shuffle(a,b,s) can be optimized to
Swizzle(a,s). By setting s[i] to 0x80, we can avoid access b.
If a is S128Zero, we can swap a and b first.
If one input of I8x16Shuffle is S128Zero, this patch can save
~60% instructions(7 of 12), and more than 30% improvement is
observed in local microbenchmarks.
Change-Id: I5953fa9064e01203cd4cf423c55dd5ed33cad57e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3544992
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Jie Pan <jie.pan@intel.com>
Cr-Commit-Position: refs/heads/main@{#80623}
Now that we require C++17 support, we can just use the standard
static_assert without message, instead of our STATIC_ASSERT macro.
R=leszeks@chromium.org
Bug: v8:12425
Change-Id: I1d4e39c310b533bcd3a4af33d027827e6c083afe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647353
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80524}
Prototype the instruction on the interpreter, and Arm64. Details of
instruction lowerings on all relevant architectures can be found at:
https://github.com/WebAssembly/relaxed-simd/issues/40
Bug: v8:12284
Change-Id: Id4cb3889d94cf0bb7169ea068efe5ca68cfcbad9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3636365
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80475}
This prevents ambiguity errors in C++20 due to ADL when casting types in
std::, which gains std::bit_cast<>().
Bug: chromium:1284275
Change-Id: I25046d1952a9304852e481ad8b84049c6769c289
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3625838
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80378}
This is a reland of commit 9d31f8663a
There were issues with --future flag implications on M1.
Original change's description:
> [rwx][mac] Support fast W^X permission switching on Apple Silicon (M1)
>
> ... for V8 code space. The feature is currently disabled.
>
> In order to use fast W^X permission switching we must allocate
> executable pages with readable writable executable permissions (RWX).
> However, MacOS on ARM64 ("Apple M1"/Apple Silicon) prohibits further
> permission changing of RWX memory pages. This means that the code page
> headers must be allocated with RWX permissions too because otherwise
> it wouldn't be possible to allocate a large code page over the freed
> regular code page and vice versa.
>
> When enabled, the new machinery works as follows:
>
> 1) when memory region is reserved for allocating executable pages, the
> whole region is committed with RWX permissions and then decommitted,
> 2) since reconfiguration of RWX page permissions is not allowed on
> MacOS on ARM64 ("Apple M1"/Apple Silicon), there must be no attempts
> to change them,
> 3) the request to set RWX permissions in the executable page region
> just recommits the pages without changing permissions (see (1), they
> were already allocated as RWX and then discarded),
> 4) in order to make executable pages inaccessible one must use
> OS::DiscardSystemPages() instead of OS::DecommitPages() or
> setting permissions to kNoAccess because the latter two are not
> allowed by the MacOS (see (2)).
> 5) since code space page headers are allocated as RWX pages it's also
> necessary to switch between W^X modes when updating the data in the
> page headers (i.e. when marking, updating stats, wiring pages in
> lists, etc.). The new CodePageHeaderModificationScope class is used
> in the respective places. On unrelated configurations it's a no-op.
>
> The fast permission switching can't be used for V8 configuration with
> enabled pointer compression and disabled external code space because
> a) the pointer compression cage has to be reserved with MAP_JIT flag
> which is too expensive,
> b) in case of shared pointer compression cage if the code range will
> be deleted while the cage is still alive then attempt to configure
> permissions of pages that were previously set to RWX will fail.
>
> This also CL extends the unmapper unit tests with permissions tracking
> for discarded pages.
>
> Bug: v8:12797
> Change-Id: Idb28cbc481306477589eee9962d2e75167d87c61
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579303
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80238}
Bug: v8:12797
Change-Id: I0fe86666f31bad37d7074e217555c95900d2afba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610433
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80259}
This reverts commit 9d31f8663a.
Reason for revert: crashes on Mac/arm64 bots:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20debug/5923/overview
Original change's description:
> [rwx][mac] Support fast W^X permission switching on Apple Silicon (M1)
>
> ... for V8 code space. The feature is currently disabled.
>
> In order to use fast W^X permission switching we must allocate
> executable pages with readable writable executable permissions (RWX).
> However, MacOS on ARM64 ("Apple M1"/Apple Silicon) prohibits further
> permission changing of RWX memory pages. This means that the code page
> headers must be allocated with RWX permissions too because otherwise
> it wouldn't be possible to allocate a large code page over the freed
> regular code page and vice versa.
>
> When enabled, the new machinery works as follows:
>
> 1) when memory region is reserved for allocating executable pages, the
> whole region is committed with RWX permissions and then decommitted,
> 2) since reconfiguration of RWX page permissions is not allowed on
> MacOS on ARM64 ("Apple M1"/Apple Silicon), there must be no attempts
> to change them,
> 3) the request to set RWX permissions in the executable page region
> just recommits the pages without changing permissions (see (1), they
> were already allocated as RWX and then discarded),
> 4) in order to make executable pages inaccessible one must use
> OS::DiscardSystemPages() instead of OS::DecommitPages() or
> setting permissions to kNoAccess because the latter two are not
> allowed by the MacOS (see (2)).
> 5) since code space page headers are allocated as RWX pages it's also
> necessary to switch between W^X modes when updating the data in the
> page headers (i.e. when marking, updating stats, wiring pages in
> lists, etc.). The new CodePageHeaderModificationScope class is used
> in the respective places. On unrelated configurations it's a no-op.
>
> The fast permission switching can't be used for V8 configuration with
> enabled pointer compression and disabled external code space because
> a) the pointer compression cage has to be reserved with MAP_JIT flag
> which is too expensive,
> b) in case of shared pointer compression cage if the code range will
> be deleted while the cage is still alive then attempt to configure
> permissions of pages that were previously set to RWX will fail.
>
> This also CL extends the unmapper unit tests with permissions tracking
> for discarded pages.
>
> Bug: v8:12797
> Change-Id: Idb28cbc481306477589eee9962d2e75167d87c61
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579303
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80238}
Bug: v8:12797
Change-Id: Ic07948e036db36326d464a2a901d052aa060a406
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3611665
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80239}
... for V8 code space. The feature is currently disabled.
In order to use fast W^X permission switching we must allocate
executable pages with readable writable executable permissions (RWX).
However, MacOS on ARM64 ("Apple M1"/Apple Silicon) prohibits further
permission changing of RWX memory pages. This means that the code page
headers must be allocated with RWX permissions too because otherwise
it wouldn't be possible to allocate a large code page over the freed
regular code page and vice versa.
When enabled, the new machinery works as follows:
1) when memory region is reserved for allocating executable pages, the
whole region is committed with RWX permissions and then decommitted,
2) since reconfiguration of RWX page permissions is not allowed on
MacOS on ARM64 ("Apple M1"/Apple Silicon), there must be no attempts
to change them,
3) the request to set RWX permissions in the executable page region
just recommits the pages without changing permissions (see (1), they
were already allocated as RWX and then discarded),
4) in order to make executable pages inaccessible one must use
OS::DiscardSystemPages() instead of OS::DecommitPages() or
setting permissions to kNoAccess because the latter two are not
allowed by the MacOS (see (2)).
5) since code space page headers are allocated as RWX pages it's also
necessary to switch between W^X modes when updating the data in the
page headers (i.e. when marking, updating stats, wiring pages in
lists, etc.). The new CodePageHeaderModificationScope class is used
in the respective places. On unrelated configurations it's a no-op.
The fast permission switching can't be used for V8 configuration with
enabled pointer compression and disabled external code space because
a) the pointer compression cage has to be reserved with MAP_JIT flag
which is too expensive,
b) in case of shared pointer compression cage if the code range will
be deleted while the cage is still alive then attempt to configure
permissions of pages that were previously set to RWX will fail.
This also CL extends the unmapper unit tests with permissions tracking
for discarded pages.
Bug: v8:12797
Change-Id: Idb28cbc481306477589eee9962d2e75167d87c61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579303
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80238}
This introduces an AssemblerBufferCache class which will (later) cache
the backing store of AssemblerBuffers. This is needed for PKU-protected
assembler buffers, which are expensive to allocate and deallocate.
For now, the AssemblerBufferCache does not do any caching, this will be
added in a follow-up CL.
R=thibaudm@chromium.org
Bug: v8:12809
Change-Id: I4a7ccff49c9930584a9fcda8899cfe38cfc61419
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3593136
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80145}
These were originally proposed as a part of the fixed-width SIMD
proposal, and were then migrated to the relaxed-simd proposal
which also deems these operations out of scope.
Github issue: https://github.com/WebAssembly/relaxed-simd/issues/4
Bug: v8:12284
Change-Id: I65ceb6dfd25c43cf49bd7ec5b5ecd6b32cc3516a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3595970
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80125}
{LiftoffOptions} already contains many (optional) parameters for Liftoff
compilation, but not all of them.
This CL moves the function index and the {for_debugging} field also into
that struct, to further reduce the number of parameters to
{ExecuteLiftoffCompilation} and to improve readability by having a
factory-like initialization of the {LiftoffOptions} struct.
That struct is now also passed down to the LiftoffCompiler directly
instead of unpacking the fields again.
R=thibaudm@chromium.org
Bug: v8:12809
Change-Id: I8824a1908f214cbf4c21f113934fef3ece1bf88b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513894
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80032}
Immediate version of the Bitclear instruction can be used for logical
And with some immediates. It can also be used to implement
And(x, Not(imm)) in a single instruction. This patch gives ~0.5% runtime
improvement in one benchmark on Neoverse N1.
Change-Id: Ia926c6746f0c252f81626c6fca21c4dfb41679d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160667
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/main@{#80015}
This is a reland of commit 4d8e1846a7
One of the Mac arm64 bots failed to link an exported thread_local
static variable (crbug/1316800).
Original change's description:
> [rwx][mac] Introduce RwxMemoryWriteScope
>
> ... as a single bottleneck that encapsulates the semantics and
> implementation of fast per-thread W^X permission switching supported
> by Apple Silicon (arm64 M1).
> On other architectures this class is a no-op.
>
> Bug: v8:12797
> Change-Id: Ica842ff9f843e20b7f61fd7e80591e7a1fd29771
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3586986
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79994}
Bug: v8:12797
Change-Id: Ifbd15c233bb343f11daa89b1328b5bf65c4806f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3591332
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80011}
This reverts commit 4d8e1846a7.
Reason for revert: Blocks V8 roll, crbug.com/1316800
Original change's description:
> [rwx][mac] Introduce RwxMemoryWriteScope
>
> ... as a single bottleneck that encapsulates the semantics and
> implementation of fast per-thread W^X permission switching supported
> by Apple Silicon (arm64 M1).
> On other architectures this class is a no-op.
>
> Bug: v8:12797
> Change-Id: Ica842ff9f843e20b7f61fd7e80591e7a1fd29771
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3586986
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79994}
Bug: v8:12797
Change-Id: I81792567839e72b4147d009c0845b0c0de003eb0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3590752
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Owners-Override: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80007}
... as a single bottleneck that encapsulates the semantics and
implementation of fast per-thread W^X permission switching supported
by Apple Silicon (arm64 M1).
On other architectures this class is a no-op.
Bug: v8:12797
Change-Id: Ica842ff9f843e20b7f61fd7e80591e7a1fd29771
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3586986
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79994}
This makes usages less verbose, and is consistent with other existing
enums.
Also, we can use brace initialization to avoid boilerplate when creating
a DynamicTiering value.
Drive-by: Rename a 'kIncludeLiftoff' variable to 'include_liftoff'
because it is not a static constant.
R=jkummerow@chromium.org
Bug: v8:12281
Change-Id: Ie45fdb550241a8b9ca4e2a31b7c27500939fa247
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3585566
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79993}
This is a reland of commit 54e360d141.
The two WasmGC cctests which require SSE4.1 support in Liftoff are now
skipped, so we can keep disallowing any bailout (even for missing CPU
features) in --liftoff-only.
Original change's description:
> [wasm] --liftoff-only should disable --wasm-dynamic-tiering
>
> A Liftoff only configuration should never tier up to TurboFan, hence add
> a proper implication to disable dynamic tiering if --liftoff-only is
> set.
> Also, add a DCHECK to ensure we never accidentally compile with TurboFan
> if --liftoff-only is set.
>
> R=jkummerow@chromium.org
>
> Bug: v8:12281
> Change-Id: Ia9b81add503cc939f59fde3f4d3bb67252facf2c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3569741
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79779}
Bug: v8:12281
Change-Id: I334bd81f75c3ef6d31b6117da5ef59a33fb46ae2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3572043
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79813}
Remove cctest's ability to run multiple tests (which has long been
deprecated and mostly broken). We can then make platform & V8
initialisation be part of running the test's Run method.
In particular, this allows us to inject custom logic into the platform
initialisation, like setting up a platform wrapper. Add a
TEST_WITH_PLATFORM which exercises this by registering a platform
factory on the test, and wrapping the default platform using this
factory. This allows these tests to guarantee that the lifetime of the
platform is longer than the lifetime of the isolate.
As a result of this, we can also remove the complexity around draining
platform state in the TestPlatform (since it will now have a longer
lifetime than the Isolate using it), and as a drive-by clean up the
TestPlaform to use a CcTest-global "default platform" instead of trying
to scope over the "current" platform.
As another drive-by, change the linked-list of CcTests and the linear
search through it into an std::map of tests.
Change-Id: I610f6312fe042f29f45cc4dfba311e4184bc7759
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3569223
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79772}
Add an array of canonical rtts on the isolate. Each wasm instance
copies its rtts from there, based on the type index -> canonical index
mapping in the module.
Bug: v8:7748
Change-Id: I0958686c51ecab15a3215a0da3bee1ad6d543cb3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3548821
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79712}
This is a reland of commit e76ad5c6d9
Changes compared to original:
- Move invocation of LAZY_INSTANCE_INITIALIZER to a static global
variable, as some builds were failing with a function-level static.
- Drive-by: Improve documentation a bit.
Original change's description:
> [wasm-gc] Implement isorecursive canonicalization
>
> This implements isorecursive canonicalization for static types.
>
> Not implemented in this CL:
> - Runtime type canonicalization.
> - Cross-module signature canonicalization for purposes of call_indirect.
>
> Bug: v8:7748
> Change-Id: I6214f947444eea8d7b15a29b35c94c3d07ddb525
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3541925
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79665}
Bug: v8:7748
Change-Id: I493fba1906491762f7d8bae50108e3e4a743391d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3560480
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79692}
This implements isorecursive canonicalization for static types.
Not implemented in this CL:
- Runtime type canonicalization.
- Cross-module signature canonicalization for purposes of call_indirect.
Bug: v8:7748
Change-Id: I6214f947444eea8d7b15a29b35c94c3d07ddb525
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3541925
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79665}
This fixes a general race with stack-scoped `TestPlatform` which
may go out of scope while tasks on workers are still running.
Add a barrier for workers, implemented through tasks, to synchronize
destruction of `TestPlatform`.
While this fixes general races, such short-lived platforms still
break if tasks cache the global platform pointer.
Bug: v8:12635
Change-Id: Ifc6ecc29f0e2b7297ca52051eae9bd81013b60ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3536651
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79587}
Prototype F32x4Relaxed(Min/Max) and F64x2Relaxed(Min/Max)
operations for ARM. F32x4 variants map directly to vmin/vmax
hardware instructions which are also used for F32x4(Min/Max)
operations. The F64x2 variants are mapped in this implementation
to Pmin/Pmax instructions as detailed in the github issue.
https://github.com/WebAssembly/relaxed-simd/issues/33
Bug: v8:12284
Change-Id: I5ea939385fa0ae97bbdf776fc0b763cabb1b293c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3501347
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79355}
With the previous change to using the mask as the first
input to the node, the lane select ARM codegen is equivalent
to V128Select. Also enable cctests to run on ARM.
Bug: v8:12284
Change-Id: I5572f4845307ff20cc2a0a58d3ccf162caa436b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3500655
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79352}
According to the latest changes in wasm-gc, externref will be renamed
to anyref, and will be assigned as the top of the reference type
hierarchy. Since in the current wasm type system funcref is not a
subtype of anyref, subtyping is now dependent on whether wasm-gc is
enabled.
Bug: v8:7748
Change-Id: I0c0ae3dd5523e624d4490ca33d1fba4c2ae59393
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468345
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79322}
After https://crrev.com/c/3484317, passing {nullptr} to the
{CodeSpaceWriteScope} won't work any more. Since the tests do not have a
{NativeModule} to pass instead, make them use
{pthread_jit_write_protect_np} directly.
The jump-table assembler tests have dedicated threads for writing and
executing the code, so we just switch once per thread. The icache test
switches between writing and executing, so we use a little struct for
switching.
R=jkummerow@chromium.org, tebbi@chromium.org
Bug: v8:12644, v8:11974
Change-Id: I116f3ad75454f749cdc4635802a4617ff91548b2
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487995
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79290}
Previously, V8_OS_MACOSX was, somewhat confusingly, also used for iOS.
With this CL, V8_OS_DARWIN will be set on both macOS and iOS,
V8_OS_MACOS only on macOS, and V8_OS_IOS only on iOS.
This CL also renames V8_TARGET_OS_MACOSX to V8_TARGET_OS_MACOS and
renames platform-xnu.cc to platform-darwin.cc.
Change-Id: I4bcafc7c337586662114144f6c7ccf47d978da1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468577
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79167}
We optimize trivial type checks in the function body decoder, i.e.,
ref.as_<type> and ref.is_<type> when invoked on a value that is
statically known to be of typeable as <type>.
Bug: v8:7748
Change-Id: Ieee608a965ba44c4cadd9c7171ed8bdc129fce8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3447375
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79061}
Since inheritance depth of every type is known in the isorecursive
hybrid type system, rtts with depth are removed. This enables
simplification of type checks in Liftoff and Turbofan, as well as
decoding of object allocation instructions.
Bug: v8:7748
Change-Id: I6b52579b584191d92644de1c6e805d9f054641d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422626
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78860}
With dynamic tiering, the total amount of code generated for a
WebAssembly module decreases significantly. However, the amount of
code space we reserved for generated code has not been adjusted yet.
This CL adds a parameter for dynamic tiering to
EstimateNativeModuleCodeSize. If dynamic tiering is used, then the code
space reserved for TurboFan gets reduced to a quarter of the code space
without dynamic tiering.
Reserving a quarter of the space seems to be still quite generous. Even
Google Earth, seems to use a lot of its code, only needs less than 20%.
R=clemensb@chromium.org
Bug: chromium:1285334
Change-Id: I7dce0821b5e46d7240dfb1523031de84b1fe1348
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3420307
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78826}
This CL replaces the equirecursive type system for wasm-gc with the
isorecursive hybrid type system presented here:
https://github.com/WebAssembly/gc/issues/257.
In broad strokes, this includes the following changes:
- In the module decoder, remove equirecursive types. Implement recursive
type groups, subtype definitions, and function/struct/array
definitions. Treat nominal modules as syntactic sugar of an
isorecursive module, where all types belong in the same recursive
group.
- Remove rtt.sub and all related infrastructure.
- Change subtyping to work with explicit supertypes only.
- Add ValidSubtypeDefinition in subtyping, to check that subtype
declarations are valid during decoding.
- Remove the subtyping cache.
- Add support for functions to have specific signature index in
WasmModuleBuilder and in test-gc.cc.
- Adapt tests.
Current restrictions:
- Recursive groups are not stored beyond decoding.
- Type canonicalization is not implemented. No tests relying on types
being considered identical post-canonicalization.
- No cross-module subtyping is possible. Tests relying on cross-module
subtyping have been commented out.
Bug: v8:7748
Change-Id: I69fd04ecc5611f6230c95d5c89d1c520163fffae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3416239
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78816}
Changes:
- Introduce {TypeDefinition} for wasm modules.
- Introduce an enum {TypeDefinition::Kind} to represent the three
different definition types.
- Collapse the {types}, {type_kinds} and {supertypes} vectors into a
single vector of {TypeDefinition}s.
- Use {TypeDefinition} in WasmModuleBuilder.
- Drive-by: Remove {kNullIndex} in WasmModuleBuilder.
- Drive-by: Tidy-up wasm-module.h.
Change-Id: I97c2c268bcad745176243c693cf169bfa5714f94
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3416233
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78813}
Changes:
- Fix a bug in objects-printer where array elements were not treated as
tagged pointers.
- Fix a few TODOs, mainly in the wasm interpreter.
- Improve documentation, small refactorings.
Change-Id: I1d70ad454b3a0693b9b784b17395434d81d01b61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383136
Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78656}
- Add suspend asm builtin stub, and call it from the suspending
wasm-to-js wrapper
- Rename frame type to match both builtins (prompt and suspend)
- Add suspend bool to the import cache key
R=ahaas@chromium.org
CC=fgm@chromium.org
Bug: v8:12191
Change-Id: Ie5a8ca7cbe4bcb91697e05b6470e3d632d608993
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3345004
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78628}
CDP has a "ExceptionDetails" structure that is attached to various
CDP commands, e.g. "Runtime#exceptionThrown" or "Runtime#evaluate".
The stack trace in the "ExceptionDetails" structure is used in
various places in DevTools. The information in the "ExceptionDetails"
structure is extracted from a v8::Message object. Message objects
are normally created at the exception throw site and may augment
the error with manually inspecting the stack (both to capture a fresh
stack trace in some cases, as well as to calculate location info).
The problem is that in some cases we want to get an "ExceptionDetails"
structure after the fact, e.g. when logging a JS "Error" object in
a catch block. This means we can't reuse Isolate::CreateMessage as
the JS stack at call time is unrelated to the time when an Error
object was thrown.
To re-use some of the code, this CL introduces a new
"CreateMessageFromException" method that is only available from the
debugging interface (not public V8 API!). The new method works
similar to Isolate::CreateMessage, but:
1) Does not look at the current JS stack, neither for a fresh
stack trace nor for location information.
2) Only uses the "detailed" stack trace for location info.
This is because the "simple" stack trace could have already
been serialized by accessing Error#stack.
Bug: chromium:1278650
Doc: https://bit.ly/runtime-get-exception-details
Change-Id: I0144516001c71786b9f76ae4dec4442fa1468c5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3337257
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78586}
We introduce {ConstantExpression}, which represents the most frequent
constant expression types directly, and falls back to a {WireBytesRef}
for the rest. During module decoding, we decode the most common
expressions separately and store them as {ConstantExpression}, so we do
not have to decode them again during module instantiation.
Bug: chromium:1284557
Change-Id: Ie411bbe9811d0d9f6e750ba202bb0ccff801dfee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3378347
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78576}
We introduce a type arrayref, which is a supertype of all array types
and a subtype of dataref. We change array.len to accept values of type
(ref null array).
Drive-by: Fix kEq/kData case in TypecheckJSObject.
Bug: v8:7748
Change-Id: I47c6a4487ddf5e7280c1427f43abe87a97c896bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3368105
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78565}
- Add Suspender.suspendOnReturnedPromise method
- Extend the WasmApiFunctionRef data with the suspender
- Detect wrapped WasmJSFunctions when we resolve the import
For now the generated wrapper is still a regular wasm-to-js wrapper, but
this sets the ground for generating specific wrappers for functions
wrapped by suspendOnReturnedPromise, and to access the suspender from
the wrapper code.
R=ahaas@chromium.org
CC=fgm@chromium.org
Bug: v8:12191
Change-Id: I81cbec6b023507e47e6e1463b5f9b912f807da6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3345000
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78560}
When creating a new JSError object (or using the non-standard API
`Error.captureStackTrace`) V8 would previously capture the "simple stack
trace" (as FixedArray of CallSiteInfo instances) to be used for the non-
standard `error.stack` property, and if the inspector was active also
capture the "detailed stack trace" (as FixedArray of StackFrameInfo
instances). This turns out to be quite a lot of overhead, both in terms
of execution time as well as memory pressure, especially since the
information needed for the inspector is a proper subset of the
information needed by `error.stack`.
So this CL addresses the above issue by capturing only the "simple stack
trace" (in the common case) and computing the "detailed stack trace"
from the "simple stack trace" when on demand. This is accomplished by
introducing a new ErrorStackData container that is used to store the
stack trace information on JSErrors when the inspector is active. When
capturing stack trace for a JSError object while the inspector is
active, we take the maximum of the program controlled stack trace limit
and the inspector requested stack trace limit, and memorize the program
controlled stack trace limit for later formatting (to ensure that the
presence of the inspector is not observable by the program).
On the `standalone.js` benchmark from crbug.com/1283162 (with the
default max call stack size of 200) we reduce execution time by around
16% compared to ToT. And compared to V8 9.9.4 (the version prior to the
regression in crbug.com/1280831), we are 6% faster now.
Doc: https://bit.ly/v8-cheaper-inspector-stack-traces
Bug: chromium:1280831, chromium:1278650, chromium:1258599
Bug: chromium:1280803, chromium:1280832, chromium:1280818
Fixed: chromium:1283162
Change-Id: I57dac73e0ecf7d50ea57c3eb4981067deb28133e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366660
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78542}
We unify the implementation of element segment expression entries with
other initializer expressions: we represent them with a {WireBytesRef}
and decode them with {InitExprInterface}. Except for reducing code
duplication, this also fixes a bug where {global.get} entries in element
segments could reference invalid globals.
Changes:
- Change {WasmElemSegment::Entry} to a union of a {WireBytesRef}
initializer expression and a {uint32_t} function index.
- In module-decoder, change parsing of expression entries to use
{consume_init_expr}. Add type checking to
{consume_element_func_index}, to complement type checking happening in
{consume_init_expr}.
- In module-instantiate.cc:
- Move instantiation of indirect tables before loading of element
segments. This way, when we call {UpdateDispatchTables} in
{SetTableEntry}, the indirect table for the current table will also
be updated.
- Consolidate table entry instantiation into {SetTableEntry}, which
handles lazily instantiated functions, or dispatches to
{WasmTableObject::Set}.
- Rename {InitializeIndirectFunctionTables} to
{InitializeNonDefaultableTables}.
- Change {InitializeNonDefaultableTables} and {LoadElemSegmentImpl}
to use {EvaluateInitExpression}.
- Add a test to exclude mutable/non-imported globals from the element
section.
- Update tests as needed.
- Update .js module emission in wasm-fuzzer-common.
Change-Id: I29c541bbca8531e8d0312ed95869c8e78a5a0c57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364082
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78476}
See related CL for context.
Changes:
- In InitExprInterface, add the ability to evaluate function references
as index only. Remove the global buffers and use the ones passed with
the instance object instead.
- In WasmElemSegment, add a field indicating if elements should be
parsed as expressions or indices. Change module-decoder.cc to reflect
this change.
- In module-instantiate, change the signatures of LoadElemSegment,
LoadElemSegmentImpl, and EvaluateInitExpr. Move the latter out of
InstanceBuilder.
Change-Id: I1df54393b2005fba49380654bdd40429bd4869dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364081
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78470}
Initialize the (thread-local) memory protection key permissions for any
isolate that joins the wasm engine. Otherwise it can happen that an
isolate gets Wasm code from the cache without ever compiling anything
(hence without ever changing memory protection key permissions), and
then it would not be allowed to access (read or execute) the code.
I tested this change manually on a PKU-enabled devices. The new test
crashed before the fix, and completes successfully afterwards.
R=ahaas@chromium.org
Bug: v8:11974, chromium:1280451
Change-Id: I90dded8b4fdaa8cf34b44107291d3f525ce16335
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3347563
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78413}
This is a non-functional refactoring to make naming of stack traces more
consistent, and thus easier to reason about whether the "simple stack
trace" (stack trace API) or the "detailed stack trace" (inspector API)
is meant. Granted, these names aren't great by themselves, but at least
we should be consistent.
This also adds a new `Isolate::GetSimpleStackTrace()` and uses that
directly to implement the Wasm C-API, avoiding the roundtrip via the
`JSMessageObject`, which actually carries a detailed stack trace (which
by chance worked out so far).
Doc: https://bit.ly/v8-stack-frame
Bug: chromium:1258599, chromium:1278647, chromium:1278650
Change-Id: I29e1a956ed156d6eeceb50150a28afaa2f11b9c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3334780
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78366}
This is the second step in the refactoring to make v8::StackFrame
more lightweight and usable for (long time storage) by the V8
inspector (see https://bit.ly/v8-stack-frame for an overview).
This is a purely mechanical change without any functional aspects.
The intention is to make the use case for the CallSiteInfo objects
clear, namely to serve as the backing store for the CallSite objects
exposed via the Error.prepareStackTrace() API and used under the
hood to implement the error.stack accessor.
Doc: https://bit.ly/v8-stack-frame
Bug: chromium:1258599, chromium:1278647, chromium:1278650
Change-Id: I39dffd1f1a8e5158ddc56f2a0a2b1b28321f487a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300138
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78361}
Since the reftypes proposal has shipped, we remove the respective flag
and the code that handled its absence. We maintain a WasmFeature for
reftypes for feature detection purposes. We remove the flag declaration
from tests, and adapt some tests that make no sense without the flag.
Bug: v8:7581
Change-Id: Icf2f8d0feae8f30ec68d5560f1e7ee5959481483
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3329781
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78351}
On the way to a cheaper and more scalable stack frame representation
for the inspector (crbug/1258599), this removes the need to expose
both what was called "function name" and what was called "function
debug name" on a v8::StackFrame instance.
The reason to having a distinction between that the V8 API exposes
and what the inspector exposes as frame function name is that after
the initial refactoring around v8::internal::StackFrameInfo, some
wasm cctests would still dig into the implementation details and
insist on seeing the "function name" rather than the "function
debug name". This CL now addresses that detail in the wasm cctests
and going forward unifies the function names used by the inspector
and the V8 API (which is not only needed for internal consistency
and reduced storage requirements in the future, but also because
Blink for example uses v8 API and v8_inspector API interchangeably
and assumes that they agree, even though at this point Blink
luckily wasn't paying attention to the function name):
- The so-called "detailed stack trace", which is produced for the
inspector and exposed by the v8 API, always yields the "function
debug name" (which for example in case of wasm will be a WAT
compatible name),
- while the so-called "simple stack trace", which is what is used
to implement the CallSite API and underlies Error.stack continues
to stick to the "function name" which in case of wasm is not
WAT compatible).
Bug: chromium:1258599
Change-Id: Ib15d038f3ec893703d0f7b03f6e7573a38e82b39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3312274
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78283}
This CL makes sure to forward the information that we are pausing
because of a debugger statement, and to encode it explicitly
as an 'other' reason when reporting the pause to the front-end.
Drive-by: refactoring the way break reasons are propagated by
introducing a new enum for break reasons
Bug: chromium:1229541, chromium:1133307
Change-Id: I9d2e8d8da54d96a231eff9d1f62b74507955b18f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306978
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78202}
We optimize away type upcasts for nominal types in WasmFullDecoder.
Upcasts trivially hold for nominal types, which is not the case for
structural types. Note that we already optimize away trivially-failing
checks (when types are unrelated) for both nominal and structural types.
Bug: v8:7748
Change-Id: I720c9803cb8b4071aa4bae112ce06d587b7a68fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306984
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78201}
memory[1] needs to be set in LE order even on BE platforms.
Change-Id: I44620c30a25719d0d61e0f14490342ee930dbbb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302852
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78136}
Previously, we would encode 'other' as a reason for pausing when
stepping too, however, it would not show as such in case it would
overlap with another reason. This CL makes sure that we always report
'other' as a reason if we are stepping.
Drive-by: only encode 'other' as a reason once
Bug: chromium:1229541
Change-Id: Id73822dff68d1d54a2f1fafdf2a097e1377ece75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295346
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78118}
Design doc: bit.ly/3jEVgzz
We separate the internal representation of function references in Wasm
from their JSFunction-based (external) representation. This improves
performance of call_ref by requiring less indirections to load the
context and call target from a function reference. In the boundary
between wasm and JS/the C API, we add transformations between the two
representations.
Detailed changes:
- Introduce WasmInternalFunction, containing fields required by
call_ref, as well as a reference to the corresponding
WasmExternalFunction. Add a reference to the WasmInternalFunction in
WasmFunctionData. The {WasmInternalFunction::FromExternal} helper
extracts the internal out of an external function.
- Change {WasmInstanceObject::external_functions()} to internal
functions.
- Change wasm function tables to contain internal functions.
- Change the following code to use internal functions:
- call_ref in liftoff and Turbofan
- function type checks in liftoff and Turbofan
- CallRefIC and GenericJSToWasmWrapper builtins
- {InitExprInterface::RefFunc}
- module-compiler.cc in {ProcessTypeFeedback}
- In module-instantiate.cc, in function-rtt creation.
- Add transformations between internal and external functions in:
- WasmWrapperGraphBuilder::{ToJS, BuildUnpackObjectWrapper, FromJS,
BuildJSToJSWrapper}.
- debug-wasm-objects.cc in {FunctionProxy::Get},
{WasmValueObject::New} and {AddWasmTableObjectInternalProperties}.
- runtime-wasm.cc in ReplaceWrapper
- the C and JS APIs
- module-instantiate.cc, in import and export processing, as well as
{InitializeIndirectFunctionTables}
- WasmTableObject::{IsValidElement, SetFunctionTableEntry}
- {WasmGlobalObject::SetFuncRef}
- Simplify body descriptors of WasmExternalFunction variants.
- Adjust tests.
Bug: v8:11510
Change-Id: I8377f46f55c3771391ae1c5c8201a83854ee7878
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277878
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78068}
No implementation needed, since relaxed swizzle is already handled in
wasm-compiler, and is visited by VisitI8x16Swizzle, and on arm64 we
generate the same code (TBL).
Bug: v8:12284
Change-Id: I446632101de26bb2f28c3f3ed60f209e81600dec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3272643
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78026}
We move the mask to be the first input of the node in wasm-compiler.cc,
this matches the order for S128Select, which makes code-gen for
arm/arm64 simpler (directly lower to BSL with no more shuffle of
inputs). This requires tweaking of input indices in the instruction
selector for ia32/x64, but no change in codegen.
Bug: v8:12284
Change-Id: I1f6f1a9fe0869509be77f77b6f54a0c636a0f92d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3272640
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77958}
NONE clashes with the PropertyAttributes::NONE, which is defined in
v8::internal namespace. PropertyAttributes have too many call sites
and depend on using the enums as masks, making it hard to convert
to an enum class. So we are changing the name instead.
Bug: v8:12244
Change-Id: Iec0be12c626549cca137aceeaee0e30fafab8b05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3284003
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77956}
Implement f32x4.qfma, f32x4.qfms, f64x2.qfma, f64x2.qfms.
These were already implement in macro-assembler-x64, so move the
implementation to shared-macro-assembler.
x64 has a macro list in fma-instr, copy this to ia32, and then use this
macro list to define existing vfma{ss,sd} instructions in
assembler-ia32.
Disassembly support is intentionally omitted in this patch, I will add
this in a follow-up. The currently disassembly in x64 is quite verbose
and I would like to make use of macro-list but it requires breaking up
the macro list into smaller parts, so I will do that refactoring for
both ia32 and x64 in the follow-up.
Bug: v8:12284
Change-Id: I3654ea108a123467506c5837072b6b63ecbc74da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3255664
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77932}
Due to a bug on AIX, some of the glibc FP functions do not
preserve the sign bit when a negative input is passed by
value and the output is rounded to 0:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97086
This CL continue the fixes previously added here:
https://crrev.com/c/2468618
Change-Id: I2afa1f67ac1d29ec0606de6d6ebcf05be0664b8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3282308
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77915}
FLAG_wasm_dynamic_tiering is still off by default. When enabled,
it now uses the technique previously behind --new-wasm-dynamic-tiering.
Bug: v8:12281
Change-Id: I365c2c066e62418cd6abc7830f95d1fe0f950e33
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275570
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77883}
