This method will be used for a test with multiple code spaces, to
encode large function indexes. The current implementation in
{wasmI32Const} just always uses 5 bytes for encoding the LEB value.
This CL adds a {wasmSignedLeb} function which properly encodes the
value, and adds tests for that.
Drive-by: Clean up the rest of {test-wasm-module-builder.js}.
R=mstarzinger@chromium.org
Bug: v8:9477
Change-Id: Ide2d90eed9d40aa28df680fbb413275346d9c0b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1725623
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62990}
This makes function objects constructed via the {WebAssembly.Function}
constructor callable directly from JavaScript (not just from within
WebAssembly modules). Semantics are as if the function performed the
transition JS-to-Wasm and then Wasm-to-JS in sequence.
R=clemensh@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: Ic7dcf36ccfda1b473f2541e49419f4d2ee38bc2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1720809
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62953}
This reverts commit 306cf40344.
Reason for revert: performance regressions / too near branch point
TBR=mslekova@chromium.org
BUG=v8:9380
Change-Id: If77630b73eafbf1190c823199fe2a34361da303f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1714867
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62867}
This is a reland of bc33f5aeba
Original change's description:
> Reland "[arraybuffer] Rearchitect backing store ownership"
>
> This is a reland of 31cd5d83d3
>
> Original change's description:
> > [arraybuffer] Rearchitect backing store ownership
> >
> > This CL completely rearchitects the ownership of array buffer backing stores,
> > consolidating ownership into a {BackingStore} C++ object that is tracked
> > throughout V8 using unique_ptr and shared_ptr where appropriate.
> >
> > Overall, lifetime management is simpler and more explicit. The numerous
> > ways that array buffers were initialized have been streamlined to one
> > Attach() method on JSArrayBuffer. The array buffer tracker in the
> > GC implementation now manages std::shared_ptr<BackingStore> pointers,
> > and the construction and destruction of the BackingStore object itself
> > handles the underlying page or embedder-allocated memory.
> >
> > The embedder API remains unchanged for now. We use the
> > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> > keep the backing store alive properly, even in the case of aliases
> > from live heap objects. Thus the embedder has a lower chance of making
> > a mistake. Long-term, we should move the embedder to a model where they
> > manage backing stores using shared_ptr to an opaque backing store object.
> >
> > R=mlippautz@chromium.org
> > BUG=v8:9380,v8:9221
> >
> > Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
> > Commit-Queue: Ben Titzer <titzer@chromium.org>
> > Reviewed-by: Ben Titzer <titzer@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Reviewed-by: Yang Guo <yangguo@chromium.org>
> > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#62572}
>
> Bug: v8:9380, v8:9221
> Change-Id: If3f72967a8ebeb067c0edcfc16ed631e36829dbc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691906
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62809}
Bug: v8:9380, v8:9221
Change-Id: I9a2525753ae2424108d074fa81df5f25d945c824
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1709409
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62847}
This reverts commit bc33f5aeba.
Reason for revert: Still failing (OOM on win32): https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/22210
Original change's description:
> Reland "[arraybuffer] Rearchitect backing store ownership"
>
> This is a reland of 31cd5d83d3
>
> Original change's description:
> > [arraybuffer] Rearchitect backing store ownership
> >
> > This CL completely rearchitects the ownership of array buffer backing stores,
> > consolidating ownership into a {BackingStore} C++ object that is tracked
> > throughout V8 using unique_ptr and shared_ptr where appropriate.
> >
> > Overall, lifetime management is simpler and more explicit. The numerous
> > ways that array buffers were initialized have been streamlined to one
> > Attach() method on JSArrayBuffer. The array buffer tracker in the
> > GC implementation now manages std::shared_ptr<BackingStore> pointers,
> > and the construction and destruction of the BackingStore object itself
> > handles the underlying page or embedder-allocated memory.
> >
> > The embedder API remains unchanged for now. We use the
> > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> > keep the backing store alive properly, even in the case of aliases
> > from live heap objects. Thus the embedder has a lower chance of making
> > a mistake. Long-term, we should move the embedder to a model where they
> > manage backing stores using shared_ptr to an opaque backing store object.
> >
> > R=mlippautz@chromium.org
> > BUG=v8:9380,v8:9221
> >
> > Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
> > Commit-Queue: Ben Titzer <titzer@chromium.org>
> > Reviewed-by: Ben Titzer <titzer@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Reviewed-by: Yang Guo <yangguo@chromium.org>
> > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#62572}
>
> Bug: v8:9380, v8:9221
> Change-Id: If3f72967a8ebeb067c0edcfc16ed631e36829dbc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691906
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62809}
TBR=ulan@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,titzer@chromium.org,gdeepti@chromium.org,mlippautz@chromium.org
Change-Id: Iea755df9aaa1e95d284135bd0a6681b1340b6832
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9380, v8:9221
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708487
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62811}
This is a reland of 31cd5d83d3
Original change's description:
> [arraybuffer] Rearchitect backing store ownership
>
> This CL completely rearchitects the ownership of array buffer backing stores,
> consolidating ownership into a {BackingStore} C++ object that is tracked
> throughout V8 using unique_ptr and shared_ptr where appropriate.
>
> Overall, lifetime management is simpler and more explicit. The numerous
> ways that array buffers were initialized have been streamlined to one
> Attach() method on JSArrayBuffer. The array buffer tracker in the
> GC implementation now manages std::shared_ptr<BackingStore> pointers,
> and the construction and destruction of the BackingStore object itself
> handles the underlying page or embedder-allocated memory.
>
> The embedder API remains unchanged for now. We use the
> v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> keep the backing store alive properly, even in the case of aliases
> from live heap objects. Thus the embedder has a lower chance of making
> a mistake. Long-term, we should move the embedder to a model where they
> manage backing stores using shared_ptr to an opaque backing store object.
>
> R=mlippautz@chromium.org
> BUG=v8:9380,v8:9221
>
> Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62572}
Bug: v8:9380, v8:9221
Change-Id: If3f72967a8ebeb067c0edcfc16ed631e36829dbc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691906
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62809}
This test fails in --stress-opt mode because backing stores of
memories/arraybuffers that are postMessage()'d leak in d8. In normal
mode, only ~16 memories are allocated, which is not enough to OOM,
but in stress mode, it can be 5x that number. Should be fixed
by upcoming ownership changes.
BUG=v8:9380
R=clemensh@chromium.org
Change-Id: Iecec07d15339cf43b23f128f13d570dfe3b32130
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708475
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62802}
With recent spec changes, table.copy of length 0 does not trap anymore,
and we copy backwards whenever src < dst.
R=binji@chromium.org
Change-Id: I48e2b65083565631abc41bf4fdf4971f80fdf440
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706471
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62797}
By having the proposal tests now as part of the wasm-spec-tests, we do
not need them here anymore.
R=clemensh@chromium.orgCC=binji@chromium.org
Change-Id: I2530a4d2e2e8caa6fe8ef4d7e7b8b6da550a5134
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706475
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62778}
This CL adds more stress-tests for both shared array buffers and
WebAssembly memories. Because of an existing memory leak that will
be fixed in upcoming CLs, some new tests are disabled.
R=mstarzinger@chromium.org
BUG=v8:9380
Change-Id: I2662e3d0a764a032a0c267b2d99e3ccd1a4951d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1697252
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62770}
In the atomics stress, the search for sequential sequences creates
lots of new WebAssembly.Memory objects. This memory pressure is not
central to this test, so reuse the same memory to make them less
flaky.
R=mstarzinger@chromium.org
Change-Id: I8d135e7b82d572cb1df38f37a4e2f6393f6b2e05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1697247
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62644}
This adds support for properly importing {WebAssembly.Function} objects
that were constructed in JavaScript and just wrap a JavaScript callable.
R=ahaas@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: I00e01db0d85b83d405eb28517d00fba62c253985
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690949
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62641}
This fixes a corner-case where a {WasmExportedFunction} that represents
a re-export of a JavaScript callable from another module was identified
correctly, but not all corner-cases were correctly covered. Concretely
we failed to check for function signatures incompatible with JavaScript.
R=ahaas@chromium.org
TEST=mjsunit/regress/wasm/regress-9447
BUG=v8:9447
Change-Id: Ia6c73c82f4c1b9c357c08cde039be6af100727d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690941
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62632}
This adds test coverage for calling "table.set" with a constructed
{WebAssembly.Function} object that uses a signature incompatible with
JavaScript.
R=ahaas@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: I939d63db85b4eb9cffe5a901efe477397f20f925
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691917
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62616}
This reverts commit 31cd5d83d3.
Reason for revert: It breaks my heart to revert this, but it fails differently on several bots, e.g. https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/26671.
Original change's description:
> [arraybuffer] Rearchitect backing store ownership
>
> This CL completely rearchitects the ownership of array buffer backing stores,
> consolidating ownership into a {BackingStore} C++ object that is tracked
> throughout V8 using unique_ptr and shared_ptr where appropriate.
>
> Overall, lifetime management is simpler and more explicit. The numerous
> ways that array buffers were initialized have been streamlined to one
> Attach() method on JSArrayBuffer. The array buffer tracker in the
> GC implementation now manages std::shared_ptr<BackingStore> pointers,
> and the construction and destruction of the BackingStore object itself
> handles the underlying page or embedder-allocated memory.
>
> The embedder API remains unchanged for now. We use the
> v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> keep the backing store alive properly, even in the case of aliases
> from live heap objects. Thus the embedder has a lower chance of making
> a mistake. Long-term, we should move the embedder to a model where they
> manage backing stores using shared_ptr to an opaque backing store object.
>
> R=mlippautz@chromium.org
> BUG=v8:9380,v8:9221
>
> Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62572}
TBR=ulan@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,titzer@chromium.org,gdeepti@chromium.org,mlippautz@chromium.org
Change-Id: Ib35788ba8c31192d90cbc72df3dbc41030f109de
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9380, v8:9221
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691034
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62578}
This CL completely rearchitects the ownership of array buffer backing stores,
consolidating ownership into a {BackingStore} C++ object that is tracked
throughout V8 using unique_ptr and shared_ptr where appropriate.
Overall, lifetime management is simpler and more explicit. The numerous
ways that array buffers were initialized have been streamlined to one
Attach() method on JSArrayBuffer. The array buffer tracker in the
GC implementation now manages std::shared_ptr<BackingStore> pointers,
and the construction and destruction of the BackingStore object itself
handles the underlying page or embedder-allocated memory.
The embedder API remains unchanged for now. We use the
v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
keep the backing store alive properly, even in the case of aliases
from live heap objects. Thus the embedder has a lower chance of making
a mistake. Long-term, we should move the embedder to a model where they
manage backing stores using shared_ptr to an opaque backing store object.
R=mlippautz@chromium.org
BUG=v8:9380,v8:9221
Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62572}
When I implemented these instructions, I copied the naming scheme of
{GetGlobal}. That's not appropriate for the table.get instruction
though, and I decided I suffered enough from that bad name now.
R=clemensh@chromium.org
Bug: v8:7581, v8:9396
Change-Id: Id1796425458f3d06a2da774374f02c49d665d2c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690835
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62563}
This adds a test case for using constructed {WebAssembly.Function}
objects in non-zero tables. Due to a recent refactoring that unifies
handling of dispatch tables, this works out of the box. The test
coverage however is still useful, since code paths are slightly
different for non-zero tables.
R=ahaas@chromium.org
TEST=mjsunit/wasm/type-reflection-with-anyref
BUG=v8:7742
Change-Id: I0cf4b0a8039bbef0422b06ee23744a949be8f1b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690821
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62555}
This adds a test checking whether function identity is preserved upon
re-export of various function kinds. The tests are expected to all pass
and just increase code coverage.
R=ahaas@chromium.org
TEST=mjsunit/wasm/export-identity
Change-Id: I4fbb7db2d78c7ffeb6278d6b6d87a7c029326387
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687893
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62516}
This add signature checking when a constructed {WebAssembly.Function} is
being imported into a module. Signatures must match exactly. Note that
importing itself is not yet implemented and will be done as a follow-up.
R=ahaas@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: Iaa3fee574f8edafdddfc9e7aafe2bbd1ae597ff2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1683729
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62502}
The table.copy instruction used the indirect_function_table_size field
of the instance for bounds-checks. However, when Table 0 is of type
anyref, this field is not set. Now we use the actual size of the table
instead.
R=clemensh@chromium.org
Bug: chromium:977101
Change-Id: Idda9cfe228141877747ed9a824936a1232f58cf8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669695
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62315}
This adds preliminary support for storing constructed WebAssembly
functions in tables. Note that for now only tables at index #0 are
supported, extending it to other tables indexes will be done as a
follow-up.
R=ahaas@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: I9aa07813e07f0ceb4eafe37af412b45c7d235722
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1640209
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62210}
Currently, in wasm-function stack traces, v8 displays the decimal offset
from the start of the function. However, the WebAssembly WebAPI
specification says that it should be a hex offset into the module.
This change makes the stack trace display with hex module offsets, as
well as fixing all the unit tests that depended on the old behaviour.
R=fgm@chromium.org, titzer@chromium.org, yangguo@chromium.org
Bug: v8:9172
Change-Id: I73737a319a42dd665521ab8a4b825199ae11c87f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1646846
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Guanzhong Chen <gzchen@google.com>
Cr-Commit-Position: refs/heads/master@{#62103}
This is a reland of 8092acbe41
Original change's description:
> [wasm] Store signature with {WebAssembly.Function} objects.
>
> This adds simple serialization and deserialization of the signature
> provided when a {WebAssembly.Function} object is constructed. For now
> this signature is only used by the {WebAssembly.Function.type} method,
> but will soon be used when importing such functions as well.
>
> R=jkummerow@chromium.org
> TEST=mjsunit/wasm/type-reflection
> BUG=v8:7742
>
> Change-Id: If4a687ea537d8c12f4f01a7d3ac5a795ceb999c6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632211
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61898}
Bug: v8:7742
Change-Id: I5d784165c460abd9d7b07f5cdafc746d5380ccd6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632159
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61910}
This reverts commit 8092acbe41.
Reason for revert: Causes UBSan warnings:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/6436
Original change's description:
> [wasm] Store signature with {WebAssembly.Function} objects.
>
> This adds simple serialization and deserialization of the signature
> provided when a {WebAssembly.Function} object is constructed. For now
> this signature is only used by the {WebAssembly.Function.type} method,
> but will soon be used when importing such functions as well.
>
> R=jkummerow@chromium.org
> TEST=mjsunit/wasm/type-reflection
> BUG=v8:7742
>
> Change-Id: If4a687ea537d8c12f4f01a7d3ac5a795ceb999c6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632211
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61898}
TBR=jkummerow@chromium.org,mstarzinger@chromium.org
Change-Id: I56ea9df5db3f95c05068186097e298cb73a3675d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7742
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632218
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61899}
This adds simple serialization and deserialization of the signature
provided when a {WebAssembly.Function} object is constructed. For now
this signature is only used by the {WebAssembly.Function.type} method,
but will soon be used when importing such functions as well.
R=jkummerow@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: If4a687ea537d8c12f4f01a7d3ac5a795ceb999c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1632211
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61898}
This adds a reflective function to retrieve the function type of an
exported or constructed WebAssembly function object. Note that this
first implementation only supports exported functions for now, the
support for constructed functions will be done as a follow-up.
R=jkummerow@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: I38a16972d8437521993992ca20887c47c7c6b99b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627989
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61851}
New spec changes allow anyref tables to be initialized with function
references.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I59596e1e383408114b974fa10529ae15b8cf7a15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627348
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61823}
This makes the WebAssembly function constructor return a proper function
object. Note that the returned object is not yet callable, only the
prototype structure is in place.
R=jkummerow@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: If6a3d0ae7078b5526606eef1b8fd4815353b850b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1627343
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61792}
These instructions were renamed in the October 2, WebAssembly CG meeting. The
issue describing the change is here:
https://github.com/WebAssembly/spec/issues/884
Change-Id: Ia9e8733156b5ed5db7fc9ab1681c1a51b874dd71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1620681
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61711}
This was supposed to be only a clean-up, but the original code even
invalidated a test and thereby covered a test. I fixed the bug here as
well.
Without testing it I think this fixes https://crbug.com/964607.
Bug: v8:9183
Change-Id: I076f40a2302bfd5b7cecd2ae35d4e05a465e054b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621935
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61691}
This CL fixes an issue where V8 does not satisfy the WebAssembly spec of
the anyref proposal.
The table.fill instruction has 3 parameters, {start_index}, {length},
and {value}. V8 trapped with table-out-of-bounds when
{start_index >= table_size}. However, the spec requires that
{start_index == table_size} is valid when {length == 0}.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I5f83a03fb8e349b48c887535f6f065492feb9ac2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609537
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61689}
This is just for convenience, and actually surprising behavior.
R=clemensh@chromium.org
Bug: v8:9183
Change-Id: I3316856e63b97bfb06da897c6f8b716bc988aa36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621932
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61684}
This parameter was just for convenience but did not end up in the
generated bytes.
R=clemensh@chromium.org
Bug: v8:9183
Change-Id: Id4faf5b9ad20a357c069c3189db6ed14945dea8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621929
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61681}
This adds proper loading and parsing of the arguments that are being
passed to the {WebAssembly.Function} constructor function, including
tests covering most of the negative cases.
R=jkummerow@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: Id4d67789604ee72aec5ad831004a01434c1c6d6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619748
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61659}
This adds a constructor function to be used as the base class for all
exported functions. With type reflection enabled exported functions are
instances of this new constructor. Using the constructor directly as
well as the 'type' property is still missing.
R=jkummerow@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: Id58359cf7866d24be0745abf36a839d3d86e5922
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617253
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61614}
I did the implementation with a runtime function. I extracted some code
from the implementation of table.get.
By accident I formatted anyfunc.js. However, since it's an improvement,
I don't want to undo it. I didn't change anything in the older tests
though, I only added new tests at the end.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I31832ccc817e1e7989f486d6487108c14d21bbea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1602701
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61442}
These are added as mjsunit tests for now since they haven't been merged
to the spec repo. When that happens, the wasm-spec-tests testsuite can
be updated to include these tests, and the tests in this directory can
be removed.
This CL also adds the test/mjsunit/wasm/bulk-memory-spec directory to a
list of directories that aren't checked for copyright (since these files
are auto-generated).
Bug: v8:7747
Change-Id: I906f2ca45f497a6728f94afb9b3330971e1d3fd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1600363
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61395}
The implementation is done with a runtime function.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I5f27b1fdc7cc2baf6919b4db3bf053a350b91a74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1596738
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61274}
The interpreter accesses code directly from the code manager. With lazy
validation, however, this code is not guaranteed to exist. The
interpreter now checks for this and compiles it lazily if needed. It
also handles exceptions that may arise from lazy validation.
Bug: v8:9003
Change-Id: I37c365f0a4d755ed55630d01c8526f2a3efa9a9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1594567
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Frederik Gossen <frgossen@google.com>
Cr-Commit-Position: refs/heads/master@{#61240}
Fix function name in error messages thrown by the streaming API. The API
functions {WebAssembly.compileStreaming} and
{WebAssembly.instantiateStreaming} are now mentioned where needed.
Bug: v8:9184
Change-Id: I70b27efe1c027d119fa7b5b9be27988a92304682
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588468
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Frederik Gossen <frgossen@google.com>
Cr-Commit-Position: refs/heads/master@{#61202}
This CL adds decoding and code generation for the table.size
instruction.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I0e689a993d25db72281ebba0854454be12f4d350
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593302
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61195}
This CL add decoding and code generation for the table.grow
instruction. For code generation we just generate a runtime
call. The implementation is quite straight-forward. However,
I did several small cleanups along the way. I hope it's still
acceptable. I could also split out some cleanups into separate
CLs.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: Id885b7e70eb4f5bccfe779eb216f7cc9302ea3a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1593078
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61192}
This CL refactors WasmTableObject::Grow to make it usable for the
table.grow instruction of WebAssembly.
The refactored version of WasmTableObject::Grow does additionally:
* Check if growing is possible
* Grow the FixedArray backing store of the table and initialize the new
fields.
* Calculate the return value of WasmTableObject::Grow.
R=jkummerow@chromium.org
Bug: v8:7581
Change-Id: Ic6c867b96c30bd987ea281d5b3515a04bc5a3900
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588136
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61112}
Allow for a third compilation strategy that compiles baseline code
lazily but initiates top tier compilation immediately. The strategy aims
at reducing startup time.
Bug: v8:9003
Change-Id: Ifd2060b25386c5221a45f6038c3849afeb956e69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571620
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Frederik Gossen <frgossen@google.com>
Cr-Commit-Position: refs/heads/master@{#61077}
This extends the existing test coverage of interactions between the
exception handling and the reference type proposal. Now "any-func" and
"except-ref" can both be encoded as an exception value. Missing switch
cases have been added.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-anyref[-interpreter]
BUG=v8:8091,v8:7581
Change-Id: Ie2e9819fe66b4daab623390f27bb19007131f619
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581600
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60977}
Add lazy validation for lazily compiled functions. The code is validated
only on first use. This applies to functions that are lazily compiled by
compilation hint as well as to entirely lazy modules.
Bug: v8:9003
Change-Id: If6a640db4bf4b846ac5e3805c138b8ac0a493cf9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1569427
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60921}
Add tests for tiering and lazy compilation with compilation hints. The
tests build modules and verify the {WasmCode}'s tier internally. The
module builder now supports compilation hints in CCTests.
Bug: v8:9003
Change-Id: I18d926c3b1ef3508835a51a9d1d86bfadcb5216e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566522
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Frederik Gossen <frgossen@google.com>
Cr-Commit-Position: refs/heads/master@{#60916}
The trap handler fallback is flaky, and was never enabled since it
never worked reliably. This CL removes
a) the --wasm-trap-handler-fallback flag,
b) the distinction between soft and hard address space limit,
c) methods to check whether memory has guard regions (it will always
have them on 64 bit architectures),
d) associated runtime functions,
e) the trap handler fallback tests,
f) recompilation logic for the fallback.
R=titzer@chromium.org
Bug: v8:8746
Change-Id: I7f4682b8cd5470906dd8579ff1fdc9b1a3c0f0e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1570023
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60904}
The bulk memory proposal changed behavior of segment initialization
during instantiation. Previously, all segments would be bounds-checked,
after which the segments would be initialized.
The bulk memory proposal removes the up-front check, and always
initializes active segments in order, starting with element segments and
then continuing with data segments. Each active segment is initialized
as-if they were being initialized with the `memory.init` and
`table.init` instructions, so an out-of-bounds initialization may still
modify the memory or table partially.
Bug: v8:8892
Change-Id: I472fca2401e07d60b288f0cc745629a451b31088
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565033
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60885}
Extend test coverage for Wasm compilation with compilation hints. Tests
cover, in particular, error handling in streaming compilation and
asynchronous compilation.
Bug: v8:9003
Change-Id: Id46e02904a3a5df60c2617b11445bdc04c8b3b1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566520
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60876}
This is a reland of 656f57bd78, which
was reverted due to Blink test failures. Those failures have been
temporarily suppressed.
Original change's description:
> [wasm] Add off-by-default runtime flag for growing shared memory
>
> Grow memory isn't ready to ship in M75.
>
> Bug: v8:8564, chromium:951795
> Change-Id: I75602bce833653b7943f5606236a97ca6dbad5c9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566239
> Reviewed-by: Ben Smith <binji@chromium.org>
> Commit-Queue: Adam Klein <adamk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60836}
Bug: v8:8564, chromium:951795
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Change-Id: If096f76b4d5d1f5cbcb98e9c11a525a540e21f14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1568125
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60855}
Added test cases for entirely lazily compiled modules. They are treated
just like empty modules are.
Bug: v8:9003
Change-Id: Ic0fcae7de32e50a0aac271567c18159bf8154028
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1562130
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60846}
Grow memory isn't ready to ship in M75.
Bug: v8:8564, chromium:951795
Change-Id: I75602bce833653b7943f5606236a97ca6dbad5c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566239
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60836}
See intent to ship here: https://groups.google.com/forum/#!topic/v8-users/zM05lYEBVog
wasm-module-builder.js is also changed to use the new syntax for specifying a table
index in an element segment. In the MVP, the table index was always zero. The
reference types proposal adds support for multiple tables, and originally used this
value to specify a non-zero table index. The bulk memory proposal needed a way to
specify a passive element segment, so it re-purposed the table index as a flags field
and uses a different field for the table index.
Bug: v8:7747
Change-Id: If24f2d04e88a29b714f1a78ed417803bae702c76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1560215
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60796}
This adds support for passing/returning reference type parameter/return
values when the interpreter is calling extern functions. It expands the
existing test coverage to the interpreter.
R=clemensh@chromium.org
TEST=mjsunit/wasm/anyref-interpreter,mjsunit/wasm/anyfunc-interpreter
BUG=v8:8091,v8:7581
Change-Id: I377e9d28aa36866c0441683ffd6a48160b721ec1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559853
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60715}
This adds support for loading and storing mutable imported globals
having a reference type in the interpreter. It expands existing test
coverage to the interpreter.
R=clemensh@chromium.org
TEST=mjsunit/wasm/anyref-globals-interpreter
BUG=v8:8091,v8:7581
Change-Id: I78e0c5c73664a183e1d92ec91eadf8b9a93e4787
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559743
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60701}
When compilation hints are disabled (they are by default) the decoder
failed on custom sections with the name 'compilationHints'. This is
fixed and a test is added.
Bug: v8:9003
Change-Id: I5d25c019a702a722d8baf497d1bcd3a578a2d4bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557150
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60696}
This adds support for handling reference types when loading/storing
globals. Support for imported mutable globals is still missing and will
be done in a follow-up change.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-global-interpreter
BUG=v8:8091,v8:7581
Change-Id: I0d14919b1ce7f49c4a0541e3d6a99ee203cfb311
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1558086
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60695}
This adds preliminary support for references types as argument or return
values to functions that are redirected to the interpreter. The current
interpreter entry stub remains unchanged, using one buffer area that is
hidden from the GC. The corresponding {Runtime_WasmRunInterpreter} now
correctly boxes/un-boxes reference types into handles. This switch to a
handlified representation happens before any method that potentially
triggers a GC is called.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-anyref-interpreter
BUG=v8:8091,v8:7581
Change-Id: I41c766ed5ac877042d5964e72f3fd7df390c4e98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557147
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60684}
This is a reland of 63608968b6
The previous CL failed on Windows, but it was a general bug. The
dropped_elem_segments was not being set on the instance properly in
cctests, so`table.init` instructions would fail by reading uninitialized
data.
I took this opportunity to also add an implementation of
`elem.drop` in the interpreter, and ported the JS tests for those too.
Original change's description:
> [wasm] Implement table.init for interpreter
>
> This also fixes CheckCallViaJS when a trap occurs. In that case, the
> trap callback is called instead of an exception being thrown, so if it
> isn't handled, a bogus result will be returned instead.
>
> Bug: v8:8965
> Change-Id: I560e89f353756df23c062fb8c9484d9971c19253
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539078
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Ben Smith <binji@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60473}
Bug: v8:8965
Change-Id: Ia547d9530b7ca67fde5bd94539f49153b796e82d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547142
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60664}
This makes sure that the implicit operand stack slot used for passing an
exception from the throw-site to the catch-site is counted against the
maximum stack height.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-rethrow-interpreter
BUG=v8:8091
Change-Id: I7e8f47ba4662eb273792e7508207f67588264a2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554683
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60658}
This ensures the lifetime of reference values on the simulated operand
stack of the interpreter is coupled to a lifetime of the {ThreadImpl}.
We no longer directly store reference values on the stack, but maintain
a separate "reference stack" on the GC'ed heap. This will ensure the GC
traces such references properly.
The new {StackValue} safety wrapper makes sure all use-sites that access
the operand stack properly convert to/from handles when dealing with
reference values.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-interpreter
BUG=v8:8091,v8:7581
Change-Id: I8c05f2d945a6def943b89be0cfca538a73df8855
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552791
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60650}
The tiers are now consistently referred to as baselin and top tier.
Bug: v8:9003
Change-Id: I74ad1867aca63bee9eb83b7f0f9fbaf2b1523dcb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547667
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60591}
This fixes initialization of reference type global variables (i.e.
anyref and except_ref) based on an index of another global. It extends
the existing support to exception types, fixes the logic, and also fixes
a missing write barrier.
R=ahaas@chromium.org
TEST=mjsunit/wasm/exceptions-global
BUG=v8:8091
Change-Id: Ia91f1ea03be24fadf3023a5acdd073badb8dcd93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539581
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60525}
This CL splits a specific test out the bigint.js test suite in order to
be, eventually, ignored by the wasm-bigint proposal 32-bit support CL.
Change-Id: I8ab673abfb53bac95952b11716fe4f29a4a7feaa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543352
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60510}
This reverts commit 63608968b6.
Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/19535
Original change's description:
> [wasm] Implement table.init for interpreter
>
> This also fixes CheckCallViaJS when a trap occurs. In that case, the
> trap callback is called instead of an exception being thrown, so if it
> isn't handled, a bogus result will be returned instead.
>
> Bug: v8:8965
> Change-Id: I560e89f353756df23c062fb8c9484d9971c19253
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539078
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Ben Smith <binji@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60473}
TBR=binji@chromium.org,mstarzinger@chromium.org
Change-Id: Iee528ac2f16988b25579af3555e6f17974cb0b05
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8965
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539498
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60474}
This also fixes CheckCallViaJS when a trap occurs. In that case, the
trap callback is called instead of an exception being thrown, so if it
isn't handled, a bogus result will be returned instead.
Bug: v8:8965
Change-Id: I560e89f353756df23c062fb8c9484d9971c19253
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539078
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60473}
In the implementation of WebAssembly.compileStreaming and
WebAssembly.instantiateStreaming, we did not handle the case where the
input, which is a Promise, gets rejected. When this Promise got
rejected, the Promise returned by compileStreaming remained pending
forever.
With this CL, the rejection object of the input Promise gets forwarded
to the result Promise.
I also extended the --wasm-test-streaming flag to provide
WebAssembly.compileStreaming and WebAssembly.instantiateStreaming
in d8. The difference to the Chrome versions of these function is
that d8 does not know about Response objects. That's why in d8
compileStreaming and instantiateStreaming expect a Promise to an
ArrayBuffer or a TypedArray and not to a Response object.
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Bug: chromium:943487
Change-Id: I77f789e9ae5d50ae9c9bc92bf27dbfe338fe0f13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1535817
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60427}
Most of the mjsunit/wasm/table-copy.js tests have been ported to
cctests, so they can be tested with all execution tiers.
Bug: v8:8965
Change-Id: I448719be30a4b2bddb9e2cffb4c74d3134db2f50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1529548
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60396}
The reason for the revert was that Liftoff did not bail out on indirect
calls to tables other than table 0. Whenever the Liftoff code got
executed, the test would fail.
Original message:
With this CL it is possible to use any anyfunc table in call-indirect,
not just the first table.
The current implementation is based on runtime calls. This is just an
initial implementation which should be replaced by a
dispatch-table-based eventually. However, this implementation allows
us to move forward with the anyref proposal implementation.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: Iedd56ee7acb281441bca32ffd3dc7157203ee1ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532072
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60382}
This reverts commit 9d167f57e0.
Reason for revert: There is a crash on https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/20026
Original change's description:
> [wasm][anyref] Add support of call-indirect for multiple tables
>
> With this CL it is possible to use any anyfunc table in call-indirect,
> not just the first table.
>
> The current implementation is based on runtime calls. This is just an
> initial implementation which should be replaced by a
> dispatch-table-based eventually. However, this implementation allows
> us to move forward with the anyref proposal implementation.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:7581
> Change-Id: I57d09b18add7f525555bf7c949aef17a64b0e7c5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530801
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60360}
TBR=mstarzinger@chromium.org,ahaas@chromium.org
Change-Id: Iba4b84078aa070498be7e79212970b94595f5757
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7581
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532069
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60362}
With this CL it is possible to use any anyfunc table in call-indirect,
not just the first table.
The current implementation is based on runtime calls. This is just an
initial implementation which should be replaced by a
dispatch-table-based eventually. However, this implementation allows
us to move forward with the anyref proposal implementation.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I57d09b18add7f525555bf7c949aef17a64b0e7c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530801
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60360}
This extends the support for the "except_ref" type on global variables
to support mutable globals, as well as importing and exporting such
globals. Test coverage is also increased.
R=ahaas@chromium.org
TEST=mjsunit/wasm/exceptions-global
BUG=v8:8091
Change-Id: I816406e322ffb574a4f054947682491e7b40335f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530802
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60327}
This adds basic support and tests for having global variables of type
"except_ref" that are default initialized to "null". The functionality
is part of the exception handling proposal and solely enabled by the
corresponding feature flag.
R=ahaas@chromium.org
TEST=mjsunit/wasm/exceptions-global
BUG=v8:8091
Change-Id: I581bc942fbe6688a5c58790a842fb024de22d924
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1528439
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60317}
According to WebAssembly's thread proposal, the memory type is decided
at the Object's creation and don't change over time.
When growing a shared memory and the old buffer was marked as shared;
setup the new buffer as shared as well.
Bug: v8:8564
Change-Id: I7e59071d11b41315429232ae0c90436c6810bd0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526012
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Auto-Submit: Sven Sauleau <ssauleau@igalia.com>
Cr-Commit-Position: refs/heads/master@{#60312}
Implements decoding of compilation hints section in
{ModuleDecoderImpl}. The {wasm-module-builder.js} supports
the creation of that section. The feature can be enabled
with {--experimental-wasm-compilation-hints}.
Bug: v8:9003
Change-Id: Ic87e19d916f2ce316de453ea8c7c48c236a6d673
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1521115
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Frederik Gossen <frgossen@google.com>
Cr-Commit-Position: refs/heads/master@{#60299}
Anyfunc globals are very similar to anyref globals. This CL is mostly
about extending the conditions which guard the anyref globals code.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: Ia92ac4560102cc3ed0060342f92758db28f415ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526004
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60281}
This CL allows for either of 'minimum' or 'initial' for MemoryDescriptor
and TableDescriptor. It also adds a flag for the reflection features.
R=binji@chromium.org,adamk@chromium.org
Bug=v8:7742
Change-Id: Icfd4825f63e1eb784a39d10f740d55e81489eba7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1485243
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60256}
This CL only provides the implementation of memory.{init,copy,fill} and
data.drop.
Bug: v8:8965
Change-Id: I439f2520bfee8f147e4b0d1d31f954aaad2e14ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1510575
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60253}
R=binji@chromium.org,adamk@chromium.org
Bug=v8:7742
Change-Id: I5b9a614dd0c8b028d756cbd401c803de4cb9437f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1513159
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60252}
This CL also changes the constructor for WasmTableObject so that the
maximum_length is set to undefined instead of a default value if there's
no maximum provided.
R=binji@chromium.org,adamk@chromium.org
Bug=v8:7742
Change-Id: I6310224e9997464bf69c198e2694a6cd76e01e8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1513156
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60250}
Compilation only stores whether an error has been found, but not the
exact error or it's location. This is generated by running a validation
pass once all wire bytes have been received.
This unifies error messages by removing one more location where we
generate compilation error messages, and makes it deterministic because
a) we always report the error in the first failing function, and
b) if names are present, the error message will always contain the
function name.
R=titzer@chromium.org
Bug: chromium:926311, v8:8814
Change-Id: I79551b8bb73dcee503484de343a3ada60a6add4f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1521112
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60242}
This CL just adds a parameter to addElementSegment and adjusts all
existing tests.
Note that addElementSegment contains some convenience code to construct
one initial table if it does not exist yet. I did not extend that code
to multiple tables. If you want to use multiple tables, you have to
create them first before calling addElementSegment.
R=clemensh@chromium.org
Bug: v8:7581
Change-Id: Ie131fd5dc19856703ab5cfb2fa8f7d576f70a18b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1520709
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60211}
This Cl adds a type to {WasmTableObject}, and extends
{WasmTableObject::Set} and {WasmTableObject::Get} to support anyref
tables. I did it in one CL so that I can write tests.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I6c6d78f84715a7805f7bb881a63d3c1174f6a6ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511332
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60206}
