Issue 9495 in v8: [wasm] Implement typed function references

71 views
Skip to first unread message

mstarzin… via monorail

unread,
Jul 16, 2019, 5:08:00 AM7/16/19
to v8-re...@googlegroups.com
Status: Available
Owner: ----
CC: ah...@chromium.org, mstar...@chromium.org
Components: WebAssembly
Priority: 2
Type: FeatureRequest

New issue 9495 by mstar...@chromium.org: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495

The typed function references proposal adds function references that can be called directly (without storing them into a table). These references as subtypes of the existing "funcref" type. An overview of the proposal is here:

https://github.com/WebAssembly/function-references/blob/master/proposals/function-references/Overview.md

--
You received this message because:
1. The project was configured to send all issue notifications to this address

You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings

mstarzin… via monorail

unread,
Aug 12, 2019, 4:50:56 AM8/12/19
to v8-re...@googlegroups.com
Updates:
Cc: -ah...@chromium.org
Owner: ah...@chromium.org

Comment #1 on issue 9495 by mstar...@chromium.org: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c1

(No comment was entered for this change.)

bugdroid via monorail

unread,
May 19, 2020, 10:11:52 AM5/19/20
to v8-re...@googlegroups.com

Comment #3 on issue 9495 by bugdroid: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c3

The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8.git/+/4372a9b58afc22840476f64df48b2345ab492294

commit 4372a9b58afc22840476f64df48b2345ab492294
Author: Emanuel Ziegler <ecmzi...@chromium.org>
Date: Tue May 19 14:09:30 2020

[wasm] Implement optional init parameter for Table.grow

The typed function references proposal allows an optional second
parameter to Table.grow containing the initialization value for the
newly added entries for tables that do not support null defaults.

This CL adds this functionality but hides it behind a newly added
experimental flag --experimental-wasm-typed-funcref.

R=ah...@chromium.org
CC=jkum...@chromium.org
CC=mano...@chromium.org

Bug: v8:9495
Change-Id: Ia156aeacf95bc36a9fc182990f315c42075cbb7b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2207184
Commit-Queue: Emanuel Ziegler <ecmzi...@chromium.org>
Reviewed-by: Andreas Haas <ah...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67900}

[modify] https://crrev.com/4372a9b58afc22840476f64df48b2345ab492294/src/wasm/wasm-feature-flags.h
[modify] https://crrev.com/4372a9b58afc22840476f64df48b2345ab492294/src/wasm/wasm-js.cc
[add] https://crrev.com/4372a9b58afc22840476f64df48b2345ab492294/test/mjsunit/wasm/typed-funcref.js

bugdroid via monorail

unread,
Aug 13, 2020, 5:21:27 AM8/13/20
to v8-re...@googlegroups.com

Comment #4 on issue 9495 by bugdroid: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c4


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8.git/+/b8a769ca570143312d71c4deef37582866345808

commit b8a769ca570143312d71c4deef37582866345808
Author: Manos Koukoutos <mano...@chromium.org>
Date: Thu Aug 13 09:20:33 2020

[wasm-gc] Preparation for call_ref

Changes:
- Move some helper functions into WasmGraphBuilder.
- Introduce call_mode and null_check as additional arguments to
WasmGraphBuilderInterface::DoCall/DoReturnCall.
- Introduce ValueType::is_strict_reference_type.
- Improve usage of ValueType API.

Bug: v8:9495
Change-Id: Id3fb9f0d7a4770475ac895b03b38bfa7f2fec252
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2343083
Commit-Queue: Manos Koukoutos <mano...@chromium.org>
Reviewed-by: Jakob Kummerow <jkum...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69372}

[modify] https://crrev.com/b8a769ca570143312d71c4deef37582866345808/src/compiler/wasm-compiler.cc
[modify] https://crrev.com/b8a769ca570143312d71c4deef37582866345808/src/compiler/wasm-compiler.h
[modify] https://crrev.com/b8a769ca570143312d71c4deef37582866345808/src/wasm/function-body-decoder-impl.h
[modify] https://crrev.com/b8a769ca570143312d71c4deef37582866345808/src/wasm/graph-builder-interface.cc
[modify] https://crrev.com/b8a769ca570143312d71c4deef37582866345808/src/wasm/module-decoder.cc
[modify] https://crrev.com/b8a769ca570143312d71c4deef37582866345808/src/wasm/module-instantiate.cc
[modify] https://crrev.com/b8a769ca570143312d71c4deef37582866345808/src/wasm/value-type.h
[modify] https://crrev.com/b8a769ca570143312d71c4deef37582866345808/src/wasm/wasm-module.h
[modify] https://crrev.com/b8a769ca570143312d71c4deef37582866345808/src/wasm/wasm-opcodes.cc

bugdroid via monorail

unread,
Aug 14, 2020, 1:59:19 PM8/14/20
to v8-re...@googlegroups.com

Comment #5 on issue 9495 by bugdroid: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c5


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8.git/+/dd152527d639e494d1b1046e5f88251b27aeedd0

commit dd152527d639e494d1b1046e5f88251b27aeedd0
Author: Manos Koukoutos <mano...@chromium.org>
Date: Fri Aug 14 17:58:27 2020

[wasm-gc] Implement call_ref, return_call_ref, add some basic tests

Drive-by: Add flag implications for wasm experimental features:
gc -> typed_funcref, typed_funcref -> reftypes.

Bug: v8:9495
Change-Id: Ia6054886935d68e79b8f463289aa9e1e9d6484f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352777
Reviewed-by: Jakob Kummerow <jkum...@chromium.org>
Commit-Queue: Manos Koukoutos <mano...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69403}

[modify] https://crrev.com/dd152527d639e494d1b1046e5f88251b27aeedd0/src/compiler/wasm-compiler.cc
[modify] https://crrev.com/dd152527d639e494d1b1046e5f88251b27aeedd0/src/compiler/wasm-compiler.h
[modify] https://crrev.com/dd152527d639e494d1b1046e5f88251b27aeedd0/src/diagnostics/objects-printer.cc
[modify] https://crrev.com/dd152527d639e494d1b1046e5f88251b27aeedd0/src/flags/flag-definitions.h
[modify] https://crrev.com/dd152527d639e494d1b1046e5f88251b27aeedd0/src/wasm/baseline/liftoff-compiler.cc
[modify] https://crrev.com/dd152527d639e494d1b1046e5f88251b27aeedd0/src/wasm/function-body-decoder-impl.h
[modify] https://crrev.com/dd152527d639e494d1b1046e5f88251b27aeedd0/src/wasm/graph-builder-interface.cc
[modify] https://crrev.com/dd152527d639e494d1b1046e5f88251b27aeedd0/src/wasm/module-instantiate.cc
[modify] https://crrev.com/dd152527d639e494d1b1046e5f88251b27aeedd0/src/wasm/wasm-objects.cc
[modify] https://crrev.com/dd152527d639e494d1b1046e5f88251b27aeedd0/src/wasm/wasm-opcodes-inl.h
[modify] https://crrev.com/dd152527d639e494d1b1046e5f88251b27aeedd0/src/wasm/wasm-opcodes.h
[modify] https://crrev.com/dd152527d639e494d1b1046e5f88251b27aeedd0/test/cctest/wasm/test-gc.cc
[modify] https://crrev.com/dd152527d639e494d1b1046e5f88251b27aeedd0/test/common/wasm/wasm-macro-gen.h
[add] https://crrev.com/dd152527d639e494d1b1046e5f88251b27aeedd0/test/mjsunit/wasm/call-ref.js
[modify] https://crrev.com/dd152527d639e494d1b1046e5f88251b27aeedd0/test/mjsunit/wasm/wasm-module-builder.js

bugdroid via monorail

unread,
Sep 18, 2020, 12:03:33 PM9/18/20
to v8-re...@googlegroups.com

Comment #6 on issue 9495 by bugdroid: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c6


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8.git/+/a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3

commit a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3
Author: Manos Koukoutos <mano...@chromium.org>
Date: Fri Sep 18 16:03:04 2020

[wasm-gc] Preparation for typed function tables

Changes:
- Rename IsSignatureEqual -> MatchesSignature for consistency
- Add WasmInstanceObject field to WasmTableObject.
- Improve some error messages related to tables in
function-body-decoder-impl.h.
- Introduce WasmTable::IsValidTableType. Use it wherever appropriate.
- Overload equality operators in HeapType to work with
HeapType::Representation.
- Rename DynamicTypeCheckRef -> TypecheckJSObject.
- Handle WasmCapiFunctions in TypecheckJSObject.
- Use TypecheckJSObject in WasmTableObject::IsValidElement.
- A few more minor improvements.

Bug: v8:9495
Change-Id: I2867dd3486d7c31717ac26b87a50e15cf2b898be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2416491

Commit-Queue: Manos Koukoutos <mano...@chromium.org>
Reviewed-by: Jakob Kummerow <jkum...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70001}

[modify] https://crrev.com/a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3/src/compiler/wasm-compiler.cc
[modify] https://crrev.com/a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3/src/runtime/runtime-wasm.cc
[modify] https://crrev.com/a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3/src/wasm/c-api.cc
[modify] https://crrev.com/a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3/src/wasm/function-body-decoder-impl.h
[modify] https://crrev.com/a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3/src/wasm/module-decoder.cc
[modify] https://crrev.com/a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3/src/wasm/module-instantiate.cc
[modify] https://crrev.com/a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3/src/wasm/value-type.h
[modify] https://crrev.com/a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3/src/wasm/wasm-js.cc
[modify] https://crrev.com/a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3/src/wasm/wasm-module.cc
[modify] https://crrev.com/a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3/src/wasm/wasm-module.h
[modify] https://crrev.com/a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3/src/wasm/wasm-objects-inl.h
[modify] https://crrev.com/a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3/src/wasm/wasm-objects.cc
[modify] https://crrev.com/a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3/src/wasm/wasm-objects.h
[modify] https://crrev.com/a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3/src/wasm/wasm-objects.tq
[modify] https://crrev.com/a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3/test/cctest/wasm/wasm-run-utils.cc
[modify] https://crrev.com/a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3/test/mjsunit/wasm/reference-globals.js
[modify] https://crrev.com/a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3/test/mjsunit/wasm/wasm-module-builder.js
[modify] https://crrev.com/a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3/test/unittests/wasm/function-body-decoder-unittest.cc
[modify] https://crrev.com/a5f68abef67ac9aac8f85b827cc6fe6b96be1ff3/test/unittests/wasm/module-decoder-unittest.cc

bugdroid via monorail

unread,
Sep 21, 2020, 11:24:11 AM9/21/20
to v8-re...@googlegroups.com

Comment #7 on issue 9495 by bugdroid: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c7


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8.git/+/69ca751bc8aace8c15a6a2d2e22d1658914e4145

commit 69ca751bc8aace8c15a6a2d2e22d1658914e4145
Author: Manos Koukoutos <mano...@chromium.org>
Date: Mon Sep 21 15:20:32 2020

[wasm-gc] Implement typed function tables

Changes:
- When checking if a table is a function table, check for subtyping to
funcref instead of equality.
- Add WasmModuleObject argument to GetFunctionTableEntry.
- Implement WasmTableObject::Get/Set for all legal table types.
- Factor out SetFunctionTableEntry from WasmTableObject::Set.
- Write unittests and JS tests.

Bug: v8:9495
Change-Id: I4f0c7a7013f17c561afb3039c5e0811634a4d313
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2416387

Commit-Queue: Manos Koukoutos <mano...@chromium.org>
Reviewed-by: Jakob Kummerow <jkum...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70032}

[modify] https://crrev.com/69ca751bc8aace8c15a6a2d2e22d1658914e4145/src/runtime/runtime-wasm.cc
[modify] https://crrev.com/69ca751bc8aace8c15a6a2d2e22d1658914e4145/src/wasm/module-instantiate.cc
[modify] https://crrev.com/69ca751bc8aace8c15a6a2d2e22d1658914e4145/src/wasm/wasm-debug.cc
[modify] https://crrev.com/69ca751bc8aace8c15a6a2d2e22d1658914e4145/src/wasm/wasm-js.cc
[modify] https://crrev.com/69ca751bc8aace8c15a6a2d2e22d1658914e4145/src/wasm/wasm-objects.cc
[modify] https://crrev.com/69ca751bc8aace8c15a6a2d2e22d1658914e4145/src/wasm/wasm-objects.h
[add] https://crrev.com/69ca751bc8aace8c15a6a2d2e22d1658914e4145/test/mjsunit/wasm/reference-tables.js
[modify] https://crrev.com/69ca751bc8aace8c15a6a2d2e22d1658914e4145/test/mjsunit/wasm/wasm-module-builder.js
[modify] https://crrev.com/69ca751bc8aace8c15a6a2d2e22d1658914e4145/test/unittests/wasm/function-body-decoder-unittest.cc
[modify] https://crrev.com/69ca751bc8aace8c15a6a2d2e22d1658914e4145/test/unittests/wasm/module-decoder-unittest.cc

bugdroid via monorail

unread,
Sep 30, 2020, 5:57:15 AM9/30/20
to v8-re...@googlegroups.com

Comment #8 on issue 9495 by bugdroid: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c8


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8.git/+/2e9cb16c14bdfa4763b9e88ca252c510706ba3b2

commit 2e9cb16c14bdfa4763b9e88ca252c510706ba3b2
Author: Manos Koukoutos <mano...@chromium.org>
Date: Wed Sep 30 09:56:27 2020

[wasm][bug] Compare signatures correctly in ResolveWasmImportCall

Changes:
- Implement WasmExportedFunction::MatchesSignature.
- Use it over comparison with == in ResolveWasmImportCall.
- Add a test which exposes the existing bug.
- Add a few reminder TODOs.

Bug: v8:9495
Change-Id: Ibbe31dbf550be212dbf2170ab8cdab9b4b6de734
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438060

Commit-Queue: Manos Koukoutos <mano...@chromium.org>
Reviewed-by: Jakob Kummerow <jkum...@chromium.org>

bugdroid via monorail

unread,
Oct 5, 2020, 9:10:02 AM10/5/20
to v8-re...@googlegroups.com

Comment #9 on issue 9495 by bugdroid: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c9


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8.git/+/cdb3da7f5f430043c201fd4cbac8e834cb5639f5

commit cdb3da7f5f430043c201fd4cbac8e834cb5639f5
Author: Manos Koukoutos <mano...@chromium.org>
Date: Mon Oct 05 13:08:20 2020

[wasm-gc][bug] call_indirect should check for null table entries

This was not happening when there was no need to typecheck the entry.

Additional changes:
- Add tests with null table entries for typed and untyped function
tables.
- Allow AddIndirectFunctionTable in wasm-run-utils to specify table
type.
- Add possibility to define tables in test-gc.cc.
- Merge trapTableOutOfBounds with trapInvalidFunc.
- Use trapTableOutOfBounds in call_indirect as appropriate.
- Fix emission of table types in wasm-module-builder.cc.

Bug: v8:9495
Change-Id: I4a857ff4378e5a87dc0646d94b4c75635a43c55b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442622
Reviewed-by: Tobias Tebbi <te...@chromium.org>

Reviewed-by: Jakob Kummerow <jkum...@chromium.org>
Commit-Queue: Manos Koukoutos <mano...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70311}

[modify] https://crrev.com/cdb3da7f5f430043c201fd4cbac8e834cb5639f5/src/builtins/base.tq
[modify] https://crrev.com/cdb3da7f5f430043c201fd4cbac8e834cb5639f5/src/builtins/wasm.tq
[modify] https://crrev.com/cdb3da7f5f430043c201fd4cbac8e834cb5639f5/src/common/globals.h
[modify] https://crrev.com/cdb3da7f5f430043c201fd4cbac8e834cb5639f5/src/common/message-template.h
[modify] https://crrev.com/cdb3da7f5f430043c201fd4cbac8e834cb5639f5/src/compiler/common-operator.cc
[modify] https://crrev.com/cdb3da7f5f430043c201fd4cbac8e834cb5639f5/src/compiler/wasm-compiler.cc
[modify] https://crrev.com/cdb3da7f5f430043c201fd4cbac8e834cb5639f5/src/wasm/baseline/liftoff-compiler.cc
[modify] https://crrev.com/cdb3da7f5f430043c201fd4cbac8e834cb5639f5/src/wasm/wasm-module-builder.cc
[modify] https://crrev.com/cdb3da7f5f430043c201fd4cbac8e834cb5639f5/test/cctest/wasm/test-gc.cc
[modify] https://crrev.com/cdb3da7f5f430043c201fd4cbac8e834cb5639f5/test/cctest/wasm/test-run-wasm.cc
[modify] https://crrev.com/cdb3da7f5f430043c201fd4cbac8e834cb5639f5/test/cctest/wasm/wasm-run-utils.cc
[modify] https://crrev.com/cdb3da7f5f430043c201fd4cbac8e834cb5639f5/test/cctest/wasm/wasm-run-utils.h
[modify] https://crrev.com/cdb3da7f5f430043c201fd4cbac8e834cb5639f5/test/common/wasm/wasm-interpreter.cc
[modify] https://crrev.com/cdb3da7f5f430043c201fd4cbac8e834cb5639f5/test/mjsunit/wasm/indirect-call-non-zero-table.js
[modify] https://crrev.com/cdb3da7f5f430043c201fd4cbac8e834cb5639f5/test/mjsunit/wasm/indirect-calls.js
[modify] https://crrev.com/cdb3da7f5f430043c201fd4cbac8e834cb5639f5/test/mjsunit/wasm/indirect-tables.js
[modify] https://crrev.com/cdb3da7f5f430043c201fd4cbac8e834cb5639f5/test/mjsunit/wasm/table-grow-from-wasm.js
[modify] https://crrev.com/cdb3da7f5f430043c201fd4cbac8e834cb5639f5/test/mjsunit/wasm/table-grow.js
[modify] https://crrev.com/cdb3da7f5f430043c201fd4cbac8e834cb5639f5/test/mjsunit/wasm/trap-location.js
[modify] https://crrev.com/cdb3da7f5f430043c201fd4cbac8e834cb5639f5/test/mjsunit/wasm/wasm-module-builder.js

bugdroid via monorail

unread,
Oct 9, 2020, 7:25:28 AM10/9/20
to v8-re...@googlegroups.com

Comment #10 on issue 9495 by bugdroid: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c10


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8.git/+/da3c731894d3b15b39e3928e7c3d6aa804293236

commit da3c731894d3b15b39e3928e7c3d6aa804293236
Author: Manos Koukoutos <mano...@chromium.org>
Date: Fri Oct 09 11:24:22 2020

[wasm-gc] Cleanup/preparation to enable call_ref with WasmJSFunction

Changes:
- Add wasm-to-js wrapper field to WasmJSFunction. A WasmJSFunction might
be called with call_ref without being imported to a module, and this
provides a call target for this scenario. The wrapper is only compiled
if --experimental-wasm-typed-funcref is set.
- Add CompileWasmToJSWrapper in wasm-compiler.
- Rename BuildLoadFunctionDataFromExportedFunction ->
BuildLoadFunctionDataFromJSFunction to reflect its wider usage.
- Rename BuildWasmImportCallWrapper -> BuildWasmToJsWrapper to reflect
this function is now also used by CompileWasmToJSWrapper (unrelated to
imports).
- (Drive-by) Remove dead arguments from wasm-module-builder.js.

Bug: v8:9495
Change-Id: I23468b69d42310cb8e96da5286ce68c701188876
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2459371
Reviewed-by: Clemens Backes <clem...@chromium.org>
Commit-Queue: Manos Koukoutos <mano...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70421}

[modify] https://crrev.com/da3c731894d3b15b39e3928e7c3d6aa804293236/src/compiler/wasm-compiler.cc
[modify] https://crrev.com/da3c731894d3b15b39e3928e7c3d6aa804293236/src/compiler/wasm-compiler.h
[modify] https://crrev.com/da3c731894d3b15b39e3928e7c3d6aa804293236/src/wasm/module-instantiate.cc
[modify] https://crrev.com/da3c731894d3b15b39e3928e7c3d6aa804293236/src/wasm/wasm-objects-inl.h
[modify] https://crrev.com/da3c731894d3b15b39e3928e7c3d6aa804293236/src/wasm/wasm-objects.cc
[modify] https://crrev.com/da3c731894d3b15b39e3928e7c3d6aa804293236/src/wasm/wasm-objects.h
[modify] https://crrev.com/da3c731894d3b15b39e3928e7c3d6aa804293236/src/wasm/wasm-objects.tq
[modify] https://crrev.com/da3c731894d3b15b39e3928e7c3d6aa804293236/test/mjsunit/wasm/wasm-module-builder.js

bugdroid via monorail

unread,
Oct 9, 2020, 9:02:47 AM10/9/20
to v8-re...@googlegroups.com

Comment #11 on issue 9495 by bugdroid: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c11


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8.git/+/cb03097d7d7d16d48def658cb240a5546c9bf2b2

commit cb03097d7d7d16d48def658cb240a5546c9bf2b2
Author: Clemens Backes <clem...@chromium.org>
Date: Fri Oct 09 13:00:02 2020

[wasm-gc] Fix gc-stress error on WasmJSFunctionData

Always install the Abort builtin first, because heap validation might
get triggered while we compile the wasm-to-js wrapper, and it would find
an illegal WasmJSFunctionData object otherwise.

TBR=mano...@chromium.org

Bug: v8:9495
Change-Id: I959eb3b6e9944db8b7ad7ecd0a51eefdab98c751
No-Tree-Checks: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463230
Reviewed-by: Clemens Backes <clem...@chromium.org>
Commit-Queue: Clemens Backes <clem...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70426}

[modify] https://crrev.com/cb03097d7d7d16d48def658cb240a5546c9bf2b2/src/wasm/wasm-objects.cc

bugdroid via monorail

unread,
Oct 15, 2020, 10:33:30 AM10/15/20
to v8-re...@googlegroups.com

Comment #12 on issue 9495 by bugdroid: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c12


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8.git/+/6227c95e5fe97acfe2fa0bc3d21287538916225b

commit 6227c95e5fe97acfe2fa0bc3d21287538916225b
Author: Manos Koukoutos <mano...@chromium.org>
Date: Thu Oct 15 14:30:23 2020

[wasm-gc] Implement call_ref on WasmJSFunction

Changes:
- Introduce turbofan builtin WasmAllocatePair.
- Implement call_ref for WasmJSFunction in wasm-compiler.cc.
- Remove WasmJSFunction trap.
- Improve and extend call-ref.js test.

Bug: v8:9495
Change-Id: I8b4d1ab70cbbe9ae37887a6241d409eec638fd28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463226
Commit-Queue: Manos Koukoutos <mano...@chromium.org>
Reviewed-by: Clemens Backes <clem...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70535}

[modify] https://crrev.com/6227c95e5fe97acfe2fa0bc3d21287538916225b/src/builtins/base.tq
[modify] https://crrev.com/6227c95e5fe97acfe2fa0bc3d21287538916225b/src/builtins/builtins-definitions.h
[modify] https://crrev.com/6227c95e5fe97acfe2fa0bc3d21287538916225b/src/builtins/builtins-wasm-gen.cc
[modify] https://crrev.com/6227c95e5fe97acfe2fa0bc3d21287538916225b/src/builtins/wasm.tq
[modify] https://crrev.com/6227c95e5fe97acfe2fa0bc3d21287538916225b/src/common/globals.h
[modify] https://crrev.com/6227c95e5fe97acfe2fa0bc3d21287538916225b/src/common/message-template.h
[modify] https://crrev.com/6227c95e5fe97acfe2fa0bc3d21287538916225b/src/compiler/wasm-compiler.cc
[modify] https://crrev.com/6227c95e5fe97acfe2fa0bc3d21287538916225b/src/wasm/wasm-code-manager.h
[modify] https://crrev.com/6227c95e5fe97acfe2fa0bc3d21287538916225b/src/wasm/wasm-objects.cc
[modify] https://crrev.com/6227c95e5fe97acfe2fa0bc3d21287538916225b/test/mjsunit/wasm/call-ref.js

bugdroid via monorail

unread,
Oct 15, 2020, 11:23:10 AM10/15/20
to v8-re...@googlegroups.com

Comment #13 on issue 9495 by bugdroid: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c13


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8.git/+/d84109963d6012d2eb0bbb40a2a534498c122619

commit d84109963d6012d2eb0bbb40a2a534498c122619
Author: Maya Lekova <msle...@chromium.org>
Date: Thu Oct 15 15:22:18 2020

Revert "[wasm-gc] Implement call_ref on WasmJSFunction"

This reverts commit 6227c95e5fe97acfe2fa0bc3d21287538916225b.

Reason for revert: Breaks Mac64 GC stress - https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8866365194967638384/+/steps/Check_-_d8/0/logs/call-ref/0

Original change's description:

> [wasm-gc] Implement call_ref on WasmJSFunction
>
> Changes:
> - Introduce turbofan builtin WasmAllocatePair.
> - Implement call_ref for WasmJSFunction in wasm-compiler.cc.
> - Remove WasmJSFunction trap.
> - Improve and extend call-ref.js test.
>
> Bug: v8:9495
> Change-Id: I8b4d1ab70cbbe9ae37887a6241d409eec638fd28
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463226
> Commit-Queue: Manos Koukoutos <mano...@chromium.org>
> Reviewed-by: Clemens Backes <clem...@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70535}

TBR=clem...@chromium.org,mano...@chromium.org

Change-Id: Ifad2cd8185df5e8d6766cefbcd3f28234a157dfb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9495
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2475735
Reviewed-by: Maya Lekova <msle...@chromium.org>
Commit-Queue: Maya Lekova <msle...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70539}

[modify] https://crrev.com/d84109963d6012d2eb0bbb40a2a534498c122619/src/builtins/base.tq
[modify] https://crrev.com/d84109963d6012d2eb0bbb40a2a534498c122619/src/builtins/builtins-definitions.h
[modify] https://crrev.com/d84109963d6012d2eb0bbb40a2a534498c122619/src/builtins/builtins-wasm-gen.cc
[modify] https://crrev.com/d84109963d6012d2eb0bbb40a2a534498c122619/src/builtins/wasm.tq
[modify] https://crrev.com/d84109963d6012d2eb0bbb40a2a534498c122619/src/common/globals.h
[modify] https://crrev.com/d84109963d6012d2eb0bbb40a2a534498c122619/src/common/message-template.h
[modify] https://crrev.com/d84109963d6012d2eb0bbb40a2a534498c122619/src/compiler/wasm-compiler.cc
[modify] https://crrev.com/d84109963d6012d2eb0bbb40a2a534498c122619/src/wasm/wasm-code-manager.h
[modify] https://crrev.com/d84109963d6012d2eb0bbb40a2a534498c122619/src/wasm/wasm-objects.cc
[modify] https://crrev.com/d84109963d6012d2eb0bbb40a2a534498c122619/test/mjsunit/wasm/call-ref.js

bugdroid via monorail

unread,
Oct 22, 2020, 1:22:14 PM10/22/20
to v8-re...@googlegroups.com

Comment #14 on issue 9495 by bugdroid: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c14


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8.git/+/40ad911657e160af18dfc0ebe36c0ea3078fbf25

commit 40ad911657e160af18dfc0ebe36c0ea3078fbf25
Author: Manos Koukoutos <mano...@chromium.org>
Date: Thu Oct 22 17:20:17 2020

Reland "[wasm-gc] Implement call_ref on WasmJSFunction"

This is a reland of 6227c95e5fe97acfe2fa0bc3d21287538916225b

Fixes compared to original landing:
- Decode a WASM_TO_JS_FUNCTION Code object as a WASM_TO_JS frame.
- Enable call_ref on WasmJSFunctions with arity mismatch.
- Use builtin pointer in BuildWasmToJSWrapper, to avoid having to
resolve the relocatable constant.


Original change's description:
> [wasm-gc] Implement call_ref on WasmJSFunction
>
> Changes:
> - Introduce turbofan builtin WasmAllocatePair.
> - Implement call_ref for WasmJSFunction in wasm-compiler.cc.
> - Remove WasmJSFunction trap.
> - Improve and extend call-ref.js test.
>
> Bug: v8:9495
> Change-Id: I8b4d1ab70cbbe9ae37887a6241d409eec638fd28
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463226
> Commit-Queue: Manos Koukoutos <mano...@chromium.org>
> Reviewed-by: Clemens Backes <clem...@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70535}

Bug: v8:9495
Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
Change-Id: I294947059e612d417d92614a43cb7383cd5f3b92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476314
Commit-Queue: Manos Koukoutos <mano...@chromium.org>
Reviewed-by: Jakob Kummerow <jkum...@chromium.org>
Reviewed-by: Clemens Backes <clem...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70719}

[modify] https://crrev.com/40ad911657e160af18dfc0ebe36c0ea3078fbf25/src/builtins/base.tq
[modify] https://crrev.com/40ad911657e160af18dfc0ebe36c0ea3078fbf25/src/builtins/builtins-definitions.h
[modify] https://crrev.com/40ad911657e160af18dfc0ebe36c0ea3078fbf25/src/builtins/builtins-wasm-gen.cc
[modify] https://crrev.com/40ad911657e160af18dfc0ebe36c0ea3078fbf25/src/builtins/wasm.tq
[modify] https://crrev.com/40ad911657e160af18dfc0ebe36c0ea3078fbf25/src/common/globals.h
[modify] https://crrev.com/40ad911657e160af18dfc0ebe36c0ea3078fbf25/src/common/message-template.h
[modify] https://crrev.com/40ad911657e160af18dfc0ebe36c0ea3078fbf25/src/compiler/wasm-compiler.cc
[modify] https://crrev.com/40ad911657e160af18dfc0ebe36c0ea3078fbf25/src/execution/frames.cc
[modify] https://crrev.com/40ad911657e160af18dfc0ebe36c0ea3078fbf25/src/wasm/wasm-code-manager.h
[modify] https://crrev.com/40ad911657e160af18dfc0ebe36c0ea3078fbf25/test/mjsunit/wasm/call-ref.js

ah… via monorail

unread,
Dec 2, 2020, 6:00:07 AM12/2/20
to v8-re...@googlegroups.com
Updates:
Owner: mano...@chromium.org

Comment #15 on issue 9495 by ah...@chromium.org: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c15


(No comment was entered for this change.)

bugdroid via monorail

unread,
Dec 2, 2020, 11:54:07 AM12/2/20
to v8-re...@googlegroups.com

Comment #16 on issue 9495 by bugdroid: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c16


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8.git/+/0396b732e7c5d41188fcbd95b68c177a39e27a7a

commit 0396b732e7c5d41188fcbd95b68c177a39e27a7a
Author: Manos Koukoutos <mano...@chromium.org>
Date: Wed Dec 02 16:52:51 2020

[wasm-gc] read_heap_type should check if index is in module bounds

read_heap_type did not have knowledge of the module for which the heap
type was being decoded. As a result, callers of read_heap_type (or
read_value_type, which in turn calls read_heap_type) had to check after
the fact that a decoded indexed type (ref, ref null, or rtt) references
a type index within the module's bounds. This was not done consistently,
and was missing (at least) in DecodeLocals.
To avoid such problems in the future, this CL refactors read_heap_type
to accept a module and check the decoded index against it.

Changes:
- Add WasmModule argument to read_heap_type. Do so accordingly to all
its transitive callers (read_value_type, immediate arguments,
DecodeLocalDecls, DecodeValue/HeapType in unittests).
- Add index check to read_heap_type and emit an error for an
out-of-bounds index.
- Remove all other now-redundant index validations. Replace them with
decoder->ok() if needed (since read_heap_type will now emit an error).
- Fix error message in Validate for BlockTypeImmediate.
- In DecodeLocalDecls in unittests, pass an empty module to
DecodeLocalDecls in the main code.
- Add a unit test with an invalid index in local type declarations.

Bug: v8:9495
Change-Id: I4ed1204847db80f78b6ae85fa40d300cd2456295
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2569757
Reviewed-by: Jakob Kummerow <jkum...@chromium.org>
Commit-Queue: Manos Koukoutos <mano...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71572}

[modify] https://crrev.com/0396b732e7c5d41188fcbd95b68c177a39e27a7a/src/wasm/function-body-decoder-impl.h
[modify] https://crrev.com/0396b732e7c5d41188fcbd95b68c177a39e27a7a/src/wasm/function-body-decoder.cc
[modify] https://crrev.com/0396b732e7c5d41188fcbd95b68c177a39e27a7a/src/wasm/function-body-decoder.h
[modify] https://crrev.com/0396b732e7c5d41188fcbd95b68c177a39e27a7a/src/wasm/module-decoder.cc
[modify] https://crrev.com/0396b732e7c5d41188fcbd95b68c177a39e27a7a/test/common/wasm/wasm-interpreter.cc
[modify] https://crrev.com/0396b732e7c5d41188fcbd95b68c177a39e27a7a/test/fuzzer/wasm-fuzzer-common.cc
[modify] https://crrev.com/0396b732e7c5d41188fcbd95b68c177a39e27a7a/test/unittests/wasm/function-body-decoder-unittest.cc

bugdroid via monorail

unread,
Dec 2, 2020, 10:53:49 PM12/2/20
to v8-re...@googlegroups.com

Comment #17 on issue 9495 by bugdroid: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c17


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8.git/+/e2f858a88769f84de7948d2cd452a0a8a59bd0a3

commit e2f858a88769f84de7948d2cd452a0a8a59bd0a3
Author: Manos Koukoutos <mano...@chromium.org>
Date: Thu Dec 03 03:52:33 2020

[wasm-gc] Fix br_on_null behavior in unreachable code

br_on_null should push a value on the stack, even in unreachable code.


Bug: v8:9495
Change-Id: Ic227c2f889b863a267a7ff5f33e539b43e66b42f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567966

Reviewed-by: Jakob Kummerow <jkum...@chromium.org>
Commit-Queue: Manos Koukoutos <mano...@chromium.org>

bugdroid via monorail

unread,
Dec 3, 2020, 7:36:21 AM12/3/20
to v8-re...@googlegroups.com

Comment #18 on issue 9495 by bugdroid: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c18


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8.git/+/c186b0be6d273f953981d876e7ab531bfc9ce334

commit c186b0be6d273f953981d876e7ab531bfc9ce334
Author: Manos Koukoutos <mano...@chromium.org>
Date: Thu Dec 03 12:34:53 2020

[wasm-gc] Fix interaction between AnalyzeLoopAssignment and 'let'

AnalyzeLoopAssignment did not take into account that 'let' shifts local
indexes.

Drive-by: Use gTest infrastructure in AnalyzeLoopAssignment tests
(EXPECT_*) instead of CHECKs.

Bug: v8:9495
Change-Id: Ic0ddb5edfde48acf172f4cac9bdcd0312b6121a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567955

Commit-Queue: Manos Koukoutos <mano...@chromium.org>
Reviewed-by: Jakob Kummerow <jkum...@chromium.org>

bugdroid via monorail

unread,
Dec 10, 2020, 7:54:31 AM12/10/20
to v8-re...@googlegroups.com

Comment #19 on issue 9495 by bugdroid: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c19


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8.git/+/c9598d77ed969540d963457121a61f6a60715cf9

commit c9598d77ed969540d963457121a61f6a60715cf9
Author: Andreas Haas <ah...@chromium.org>
Date: Thu Dec 10 12:54:00 2020

[wasm] Transfer ownership of typed function references to manoskouk

NOTRY=true
R=mano...@chromium.org

Bug: v8:9495
Change-Id: I72142c4992e969852341b49a8e5628b53ec1d5b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2581965
Reviewed-by: Manos Koukoutos <mano...@chromium.org>
Commit-Queue: Andreas Haas <ah...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71693}

[modify] https://crrev.com/c9598d77ed969540d963457121a61f6a60715cf9/src/wasm/wasm-feature-flags.h

bugdroid via monorail

unread,
Jan 9, 2021, 6:29:33 PM1/9/21
to v8-re...@googlegroups.com

Comment #20 on issue 9495 by bugdroid: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c20


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8/+/1085b4563ce66e3074096fa0980340409df5d5f1

commit 1085b4563ce66e3074096fa0980340409df5d5f1
Author: Manos Koukoutos <mano...@chromium.org>
Date: Sat Jan 09 23:29:15 2021

[wasm-gc][bug] Fix interaction between 'let' and Goto

Invoking Goto in graph-builder-interface from inside a 'let' can cause
the number of locals between source and target ssa environment to be
different. This CL addresses this bug and adds a few unit tests.
Unfortunately, after this change we have to resort to always using
copy-constructors for SsaEnv, which might cause slowdown in decoding.

Bug: v8:9495
Change-Id: Idf5ace6c7563eff9d774d402f3a81e77959556ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2614062

Reviewed-by: Jakob Kummerow <jkum...@chromium.org>
Commit-Queue: Manos Koukoutos <mano...@chromium.org>

bugdroid via monorail

unread,
Jan 22, 2021, 4:40:09 PM1/22/21
to v8-re...@googlegroups.com

Comment #21 on issue 9495 by bugdroid: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c21


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8/+/ec5b796ffd103dfb2de48d9c5e7e9ca4161b0e9a

commit ec5b796ffd103dfb2de48d9c5e7e9ca4161b0e9a
Author: Jakob Kummerow <jkum...@chromium.org>
Date: Fri Jan 22 21:38:55 2021

[wasm-gc] Liftoff support part 6: funcrefs

This implements support for the following instructions:
ref.func, call_ref, return_call_ref

Bug: v8:7748,v8:9495
Change-Id: If5bdc2b9bc2347de056de2917430b8d9dc901c53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2632591
Commit-Queue: Jakob Kummerow <jkum...@chromium.org>
Reviewed-by: Clemens Backes <clem...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72270}

[modify] https://crrev.com/ec5b796ffd103dfb2de48d9c5e7e9ca4161b0e9a/test/cctest/wasm/test-gc.cc
[modify] https://crrev.com/ec5b796ffd103dfb2de48d9c5e7e9ca4161b0e9a/src/builtins/builtins-wasm-gen.cc
[modify] https://crrev.com/ec5b796ffd103dfb2de48d9c5e7e9ca4161b0e9a/src/wasm/baseline/liftoff-assembler.cc
[modify] https://crrev.com/ec5b796ffd103dfb2de48d9c5e7e9ca4161b0e9a/src/builtins/builtins-definitions.h
[modify] https://crrev.com/ec5b796ffd103dfb2de48d9c5e7e9ca4161b0e9a/src/wasm/baseline/liftoff-compiler.cc
[modify] https://crrev.com/ec5b796ffd103dfb2de48d9c5e7e9ca4161b0e9a/src/compiler/wasm-compiler.cc
[modify] https://crrev.com/ec5b796ffd103dfb2de48d9c5e7e9ca4161b0e9a/src/wasm/baseline/liftoff-assembler.h
[modify] https://crrev.com/ec5b796ffd103dfb2de48d9c5e7e9ca4161b0e9a/src/builtins/wasm.tq

bugdroid via monorail

unread,
Feb 11, 2021, 10:37:02 AM2/11/21
to v8-re...@googlegroups.com

Comment #22 on issue 9495 by bugdroid: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c22


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8/+/dd152527d639e494d1b1046e5f88251b27aeedd0

commit dd152527d639e494d1b1046e5f88251b27aeedd0
Author: Manos Koukoutos <mano...@chromium.org>

Date: Fri Aug 14 17:58:27 2020

[wasm-gc] Implement call_ref, return_call_ref, add some basic tests

Drive-by: Add flag implications for wasm experimental features:
gc -> typed_funcref, typed_funcref -> reftypes.

Bug: v8:9495
Change-Id: Ia6054886935d68e79b8f463289aa9e1e9d6484f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352777
Reviewed-by: Jakob Kummerow <jkum...@chromium.org>
Commit-Queue: Manos Koukoutos <mano...@chromium.org>

Git Watcher via monorail

unread,
Mar 5, 2021, 10:01:26 PM3/5/21
to v8-re...@googlegroups.com

Comment #23 on issue 9495 by Git Watcher: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c23


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8/+/e3acd9f8feba47b34fc4ff8a22391ce03345b900

commit e3acd9f8feba47b34fc4ff8a22391ce03345b900
Author: Manos Koukoutos <mano...@chromium.org>
Date: Fri Mar 05 10:23:27 2021

[wasm-gc] Implement non-nullable function tables

This adds the possibility to define non-nullable function tables of heap
types kFunc and user-defined functions. When such table is defined, it
is obligatory to provide an initializer expression after its limits.
Currently, this can only be a function reference.

Changes:
- Change WasmTableObject::raw_type to encode the whole entry type.
- Restructure call_indirect to load the signature only if needed, and
do null checks only if needed.
- Add the requirement to provide an initializer expression for
non-nullable tables in module-decoder.
- Rename "global initializer" -> "initializer expression" everywhere.
- Add table initialization in module-instantiate.
- Edit both the C++ and JS WasmModuleBuilder.
- Add and slightly improve tests.
- Format wasm-module-builder.js.

Bug: v8:9495
Change-Id: I7453ee7d567afd5b5fe48a4f1653513787cfe99a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2732673

Commit-Queue: Manos Koukoutos <mano...@chromium.org>
Reviewed-by: Jakob Kummerow <jkum...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73215}

[modify] https://crrev.com/e3acd9f8feba47b34fc4ff8a22391ce03345b900/src/builtins/wasm.tq
[modify] https://crrev.com/e3acd9f8feba47b34fc4ff8a22391ce03345b900/src/compiler/wasm-compiler.cc
[modify] https://crrev.com/e3acd9f8feba47b34fc4ff8a22391ce03345b900/src/wasm/baseline/liftoff-compiler.cc
[modify] https://crrev.com/e3acd9f8feba47b34fc4ff8a22391ce03345b900/src/wasm/module-decoder.cc
[modify] https://crrev.com/e3acd9f8feba47b34fc4ff8a22391ce03345b900/src/wasm/module-instantiate.cc
[modify] https://crrev.com/e3acd9f8feba47b34fc4ff8a22391ce03345b900/src/wasm/value-type.h
[modify] https://crrev.com/e3acd9f8feba47b34fc4ff8a22391ce03345b900/src/wasm/wasm-module-builder.cc
[modify] https://crrev.com/e3acd9f8feba47b34fc4ff8a22391ce03345b900/src/wasm/wasm-module-builder.h
[modify] https://crrev.com/e3acd9f8feba47b34fc4ff8a22391ce03345b900/src/wasm/wasm-module.h
[modify] https://crrev.com/e3acd9f8feba47b34fc4ff8a22391ce03345b900/src/wasm/wasm-objects-inl.h
[modify] https://crrev.com/e3acd9f8feba47b34fc4ff8a22391ce03345b900/src/wasm/wasm-objects.cc
[modify] https://crrev.com/e3acd9f8feba47b34fc4ff8a22391ce03345b900/test/mjsunit/wasm/reference-tables.js
[modify] https://crrev.com/e3acd9f8feba47b34fc4ff8a22391ce03345b900/test/mjsunit/wasm/table-access.js
[modify] https://crrev.com/e3acd9f8feba47b34fc4ff8a22391ce03345b900/test/mjsunit/wasm/wasm-module-builder.js
[modify] https://crrev.com/e3acd9f8feba47b34fc4ff8a22391ce03345b900/test/unittests/wasm/module-decoder-unittest.cc

manos… via monorail

unread,
Apr 21, 2021, 5:20:50 AM4/21/21
to v8-re...@googlegroups.com
Updates:
Status: Started

Comment #24 on issue 9495 by mano...@chromium.org: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c24


(No comment was entered for this change.)

Git Watcher via monorail

unread,
Apr 23, 2021, 12:23:07 PM4/23/21
to v8-re...@googlegroups.com

Comment #25 on issue 9495 by Git Watcher: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c25


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8/+/0241041e1984a436a8e11fbde9a6596be4c13d59

commit 0241041e1984a436a8e11fbde9a6596be4c13d59
Author: Jakob Kummerow <jkum...@chromium.org>
Date: Fri Apr 23 12:40:13 2021

[wasm-gc] Fix slow path of "FromJS" conversion

Since WasmToJSWrappers are on-heap Code objects, they should use
the "kCallBuiltinPointer" mechanism to call builtins.
AFAICT this only affected the call_ref instruction.

Bug: v8:9495
Change-Id: I2d55e8f2504787a8a92410868ced8d5ce63a5376
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2846896
Reviewed-by: Clemens Backes <clem...@chromium.org>
Commit-Queue: Jakob Kummerow <jkum...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74157}

[modify] https://crrev.com/0241041e1984a436a8e11fbde9a6596be4c13d59/src/compiler/wasm-compiler.cc
[modify] https://crrev.com/0241041e1984a436a8e11fbde9a6596be4c13d59/test/mjsunit/wasm/call-ref.js

Git Watcher via monorail

unread,
Apr 29, 2021, 2:43:15 PM4/29/21
to v8-re...@googlegroups.com

Comment #26 on issue 9495 by Git Watcher: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c26


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8/+/e0b941688ed256baf3501298a9695d5dc0a6c394

commit e0b941688ed256baf3501298a9695d5dc0a6c394
Author: Jakob Kummerow <jkum...@chromium.org>
Date: Thu Apr 29 17:33:11 2021

[wasm-gc] Optimize performance of call_ref

By (mostly) unifying the different kinds of WasmFunctionData, and
precomputing and caching what we can, we can reduce the amount of
work that has to be done for each call.
We still have to store the current instance for JS function calls;
that may be eliminatable in the future.
WasmCapiFunctions are not included in the refactoring yet.

Bug: v8:7748,v8:9495
Change-Id: Ie6839153153d5854670cd01bc77a86111c1f68d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2856543
Commit-Queue: Jakob Kummerow <jkum...@chromium.org>
Reviewed-by: Manos Koukoutos <mano...@chromium.org>
Reviewed-by: Ulan Degenbaev <ul...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74287}

[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/src/builtins/x64/builtins-x64.cc
[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/src/compiler/wasm-compiler.cc
[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/src/compiler/wasm-compiler.h
[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/src/diagnostics/objects-printer.cc
[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/src/heap/factory.cc
[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/src/heap/factory.h
[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/src/heap/objects-visiting.h
[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/src/heap/setup-heap-internal.cc
[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/src/objects/map.cc
[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/src/objects/map.h
[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/src/objects/object-list-macros.h
[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/src/objects/objects-body-descriptors-inl.h
[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/src/objects/objects-definitions.h
[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/src/roots/roots.h
[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/src/wasm/baseline/liftoff-compiler.cc
[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/src/wasm/c-api.cc
[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/src/wasm/wasm-objects-inl.h
[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/src/wasm/wasm-objects.cc
[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/src/wasm/wasm-objects.h
[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/src/wasm/wasm-objects.tq
[modify] https://crrev.com/e0b941688ed256baf3501298a9695d5dc0a6c394/tools/v8heapconst.py

Git Watcher via monorail

unread,
Oct 4, 2021, 9:04:09 AM10/4/21
to v8-re...@googlegroups.com

Comment #27 on issue 9495 by Git Watcher: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c27


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8/+/f78429b8a198d5c2f6005a06d0d21fd1e568cd6c

commit f78429b8a198d5c2f6005a06d0d21fd1e568cd6c
Author: Manos Koukoutos <mano...@chromium.org>
Date: Mon Oct 04 06:25:31 2021

[wasm] Pass WasmFeatures::All() to OpcodeLength

This is needed in case of 'let', where OpcodeLength transitively calls
{read_value_type()}.

Bug: v8:9495
Change-Id: I8aebffabc7ba1c47418d363dc9257f132fac33df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3200074

Reviewed-by: Jakob Kummerow <jkum...@chromium.org>
Commit-Queue: Manos Koukoutos <mano...@chromium.org>

Git Watcher via monorail

unread,
Jul 1, 2022, 10:36:08 AM7/1/22
to v8-re...@googlegroups.com

Comment #28 on issue 9495 by Git Watcher: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c28


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8/+/ccc74bc64eee8f7338359efc81a912e40573091f

commit ccc74bc64eee8f7338359efc81a912e40573091f
Author: Manos Koukoutos <mano...@chromium.org>
Date: Fri Jul 01 13:50:26 2022

[wasm-gc] Remove 'let' opcode

This opcode is being removed in favor of pre-declared non-defaultable
locals (details are still TBD).

Bug: v8:9495
Change-Id: I96ac053a1b5a852310c5dc0bbaeab0cbf5384663
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3738743

Commit-Queue: Manos Koukoutos <mano...@chromium.org>
Reviewed-by: Jakob Kummerow <jkum...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81496}

[modify] https://crrev.com/ccc74bc64eee8f7338359efc81a912e40573091f/src/wasm/wasm-opcodes.h
[modify] https://crrev.com/ccc74bc64eee8f7338359efc81a912e40573091f/test/mjsunit/wasm/array-copy-benchmark.js
[modify] https://crrev.com/ccc74bc64eee8f7338359efc81a912e40573091f/src/wasm/graph-builder-interface.cc
[modify] https://crrev.com/ccc74bc64eee8f7338359efc81a912e40573091f/test/mjsunit/wasm/wasm-module-builder.js
[modify] https://crrev.com/ccc74bc64eee8f7338359efc81a912e40573091f/test/mjsunit/wasm/loop-unrolling.js
[modify] https://crrev.com/ccc74bc64eee8f7338359efc81a912e40573091f/test/cctest/wasm/test-gc.cc
[modify] https://crrev.com/ccc74bc64eee8f7338359efc81a912e40573091f/src/wasm/function-body-decoder.cc
[modify] https://crrev.com/ccc74bc64eee8f7338359efc81a912e40573091f/test/common/wasm/wasm-macro-gen.h
[modify] https://crrev.com/ccc74bc64eee8f7338359efc81a912e40573091f/src/wasm/baseline/liftoff-compiler.cc
[modify] https://crrev.com/ccc74bc64eee8f7338359efc81a912e40573091f/test/unittests/wasm/loop-assignment-analysis-unittest.cc
[modify] https://crrev.com/ccc74bc64eee8f7338359efc81a912e40573091f/src/wasm/function-body-decoder-impl.h

Git Watcher via monorail

unread,
Jul 26, 2022, 5:46:19 AM7/26/22
to v8-re...@googlegroups.com

Comment #29 on issue 9495 by Git Watcher: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c29


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8/+/cb5c1b8a1fd1eee214501ee06fdd4566886803c1

commit cb5c1b8a1fd1eee214501ee06fdd4566886803c1
Author: Manos Koukoutos <mano...@chromium.org>
Date: Tue Jul 26 06:03:39 2022

[wasm-gc] Implement table-with-initializer encoding

See https://github.com/WebAssembly/function-references/pull/65.

Drive-by: Lower gc nodes also if typed-funcref is enabled.

Bug: v8:9495
Change-Id: I19cb67cdbdedae24b9460bc7d5b280a21a946b21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3784590
Reviewed-by: Nico Hartmann <nicoha...@chromium.org>

Commit-Queue: Manos Koukoutos <mano...@chromium.org>
Reviewed-by: Jakob Kummerow <jkum...@chromium.org>

Git Watcher via monorail

unread,
Aug 30, 2022, 11:18:07 AM8/30/22
to v8-re...@googlegroups.com

Comment #30 on issue 9495 by Git Watcher: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c30


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8/+/6ef7065eec9ed61b3bb97ce906f8cfddfabcd7b9

commit 6ef7065eec9ed61b3bb97ce906f8cfddfabcd7b9
Author: Manos Koukoutos <mano...@chromium.org>
Date: Tue Aug 30 14:11:23 2022

[wasm-gc] Remove traces of 'let'

... from WasmDecoder::AnalyzeLoopAssignment.

Bug: v8:9495
Change-Id: I937aca15ca77914ed920766e0e55b6d337139e17
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865956

Reviewed-by: Jakob Kummerow <jkum...@chromium.org>
Commit-Queue: Manos Koukoutos <mano...@chromium.org>

Git Watcher via monorail

unread,
Aug 30, 2022, 1:52:45 PM8/30/22
to v8-re...@googlegroups.com

Comment #31 on issue 9495 by Git Watcher: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c31


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8/+/61687829257e9cf09b48fd72be9ae3d731ad8197

commit 61687829257e9cf09b48fd72be9ae3d731ad8197
Author: Jakob Kummerow <jkum...@chromium.org>
Date: Tue Aug 30 16:48:43 2022

[wasm-gc] call_ref: consume a type immediate

Per https://github.com/WebAssembly/function-references/pull/76,
call_ref and return_call_ref should consume type immediates specifying
the signature of the funcref. This is a breaking change.

To ease the migration, this patch introduces a temporary alternative
binary encoding for call_ref:
- 0x14 continues to *not* take a type immediate for now.
- 0x17 (formerly "let") is the new call_ref *with* type immediate. Module
producers are encouraged to emit this encoding ASAP.
- After a few weeks of transitionary period, we'll update 0x14 to
take a type immediate as well. At this point, module producers will be
encouraged to switch back to 0x14.
- After a few more weeks of transitionary period, we'll drop 0x17 again.

We're not doing the same dance for return_call_ref because it currently
has no uses that we know of.

Bug: v8:7748,v8:9495
Change-Id: Id8d468be3949f84571efff713c937ffd1addff70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863280
Reviewed-by: Matthias Liedtke <mlie...@chromium.org>
Commit-Queue: Jakob Kummerow <jkum...@chromium.org>
Auto-Submit: Jakob Kummerow <jkum...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82839}

[modify] https://crrev.com/61687829257e9cf09b48fd72be9ae3d731ad8197/test/fuzzer/wasm-compile.cc
[modify] https://crrev.com/61687829257e9cf09b48fd72be9ae3d731ad8197/test/unittests/wasm/function-body-decoder-unittest.cc
[modify] https://crrev.com/61687829257e9cf09b48fd72be9ae3d731ad8197/test/mjsunit/wasm/reference-globals.js
[modify] https://crrev.com/61687829257e9cf09b48fd72be9ae3d731ad8197/test/mjsunit/wasm/wasm-module-builder.js
[modify] https://crrev.com/61687829257e9cf09b48fd72be9ae3d731ad8197/test/mjsunit/wasm/loop-unrolling.js
[modify] https://crrev.com/61687829257e9cf09b48fd72be9ae3d731ad8197/test/mjsunit/wasm/reference-tables.js
[modify] https://crrev.com/61687829257e9cf09b48fd72be9ae3d731ad8197/test/common/wasm/wasm-macro-gen.h
[modify] https://crrev.com/61687829257e9cf09b48fd72be9ae3d731ad8197/src/wasm/function-body-decoder-impl.h
[modify] https://crrev.com/61687829257e9cf09b48fd72be9ae3d731ad8197/src/wasm/wasm-opcodes.h
[modify] https://crrev.com/61687829257e9cf09b48fd72be9ae3d731ad8197/test/mjsunit/wasm/speculative-inlining.js
[modify] https://crrev.com/61687829257e9cf09b48fd72be9ae3d731ad8197/test/mjsunit/wasm/call-ref.js
[modify] https://crrev.com/61687829257e9cf09b48fd72be9ae3d731ad8197/test/mjsunit/wasm/reference-table-js-interop.js
[modify] https://crrev.com/61687829257e9cf09b48fd72be9ae3d731ad8197/test/mjsunit/regress/wasm/regress-13230.js
[modify] https://crrev.com/61687829257e9cf09b48fd72be9ae3d731ad8197/test/mjsunit/wasm/imported-function-types.js
[modify] https://crrev.com/61687829257e9cf09b48fd72be9ae3d731ad8197/test/cctest/wasm/test-gc.cc
[modify] https://crrev.com/61687829257e9cf09b48fd72be9ae3d731ad8197/test/mjsunit/wasm/externref-table.js

Git Watcher via monorail

unread,
Apr 17, 2023, 5:25:29 AM4/17/23
to v8-re...@googlegroups.com

Comment #32 on issue 9495 by Git Watcher: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c32


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8/+/6c108b36d5861c4186e931793a6d8adbfbc7ab83

commit 6c108b36d5861c4186e931793a6d8adbfbc7ab83
Author: Jakob Kummerow <jkum...@chromium.org>
Date: Thu Apr 13 18:15:52 2023

[wasm-gc] Add reserved zero-byte to Tables with initializers

Bringing our implementation in line with the spec:
https://github.com/WebAssembly/function-references/blob/main/proposals/function-references/Overview.md#tables-1

Bug: v8:9495
Change-Id: Ia9f3c75757e6045587021fb92c47426568cdb93f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4420358
Reviewed-by: Andy Wingo <wi...@igalia.com>

Reviewed-by: Matthias Liedtke <mlie...@chromium.org>
Commit-Queue: Jakob Kummerow <jkum...@chromium.org>

Git Watcher via monorail

unread,
Jul 7, 2023, 4:01:29 PM7/7/23
to v8-re...@googlegroups.com

Comment #33 on issue 9495 by Git Watcher: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c33


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8/+/e712fff9717c77df75ebdca60e907445da88b8a5

commit e712fff9717c77df75ebdca60e907445da88b8a5
Author: Jakob Kummerow <jkum...@chromium.org>
Date: Fri Jul 07 16:09:36 2023

[wasm] Stage GC, typed_funcref, stringref

Features that are subject to an Origin Trial shouldn't be marked as
"experimental" any more.
This CL adds the upstream spec tests for these features. The "stringref"
proposal doesn't have spec tests yet.
This CL also includes fixes to issues flushed out by these spec tests.

As a strategic change, this stops setting the --wasm-staging flag when
running proposal spec tests, i.e. we'll now test each proposal in
isolation, as opposed to in combination with all other staged proposals.
While the original motivation was to detect functional
incompatibilities, what we found in practice was that testing proposals
together mostly finds test rebasing issues (i.e. one proposal changing
behavior that another proposal has tests for).

Bug: v8:7748, v8:9495, v8:12868
Change-Id: If9a41b65bf5fb86b3b13b554cdbd00fdc3435210
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4669597
Auto-Submit: Jakob Kummerow <jkum...@chromium.org>
Commit-Queue: Jakob Kummerow <jkum...@chromium.org>
Reviewed-by: Matthias Liedtke <mlie...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#88769}

[modify] https://crrev.com/e712fff9717c77df75ebdca60e907445da88b8a5/src/wasm/wasm-objects.cc
[modify] https://crrev.com/e712fff9717c77df75ebdca60e907445da88b8a5/test/wasm-js/tests.tar.gz.sha1
[modify] https://crrev.com/e712fff9717c77df75ebdca60e907445da88b8a5/src/wasm/wasm-feature-flags.h
[modify] https://crrev.com/e712fff9717c77df75ebdca60e907445da88b8a5/test/wasm-js/wasm-js.status
[modify] https://crrev.com/e712fff9717c77df75ebdca60e907445da88b8a5/test/wasm-spec-tests/testcfg.py
[modify] https://crrev.com/e712fff9717c77df75ebdca60e907445da88b8a5/test/wasm-js/testcfg.py
[modify] https://crrev.com/e712fff9717c77df75ebdca60e907445da88b8a5/src/wasm/function-body-decoder-impl.h
[modify] https://crrev.com/e712fff9717c77df75ebdca60e907445da88b8a5/src/wasm/wasm-constants.h
[modify] https://crrev.com/e712fff9717c77df75ebdca60e907445da88b8a5/src/wasm/wasm-opcodes.h
[modify] https://crrev.com/e712fff9717c77df75ebdca60e907445da88b8a5/test/wasm-spec-tests/tests.tar.gz.sha1
[modify] https://crrev.com/e712fff9717c77df75ebdca60e907445da88b8a5/test/wasm-spec-tests/wasm-spec-tests.status
[modify] https://crrev.com/e712fff9717c77df75ebdca60e907445da88b8a5/tools/wasm/update-wasm-spec-tests.sh

Git Watcher via monorail

unread,
Jul 11, 2023, 7:58:19 AM7/11/23
to v8-re...@googlegroups.com

Comment #34 on issue 9495 by Git Watcher: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c34


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8/+/5781df766674498e0fbf533d0b2d1160bb6140a2

commit 5781df766674498e0fbf533d0b2d1160bb6140a2
Author: Jakob Kummerow <jkum...@chromium.org>
Date: Tue Jul 11 10:27:40 2023

[wasm-gc] Run Int64Lowering for WebAssembly.Function

When creating wasm-to-js wrappers for WebAssembly.Function instances
on 32-bit platforms, we need to run i64-to-i32 replacements in the
signature just like for imported function wrappers.

Bug: v8:9495
Change-Id: I825391efc955f1af82f21042cc58c0164f6b4546
Fixed: chromium:1463219
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4677164
Commit-Queue: Matthias Liedtke <mlie...@chromium.org>
Auto-Submit: Jakob Kummerow <jkum...@chromium.org>
Reviewed-by: Matthias Liedtke <mlie...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#88823}

[modify] https://crrev.com/5781df766674498e0fbf533d0b2d1160bb6140a2/src/compiler/wasm-compiler.cc
[add] https://crrev.com/5781df766674498e0fbf533d0b2d1160bb6140a2/test/mjsunit/regress/wasm/regress-crbug-1463219.js

Git Watcher via monorail

unread,
Jul 11, 2023, 8:20:08 AM7/11/23
to v8-re...@googlegroups.com

Comment #35 on issue 9495 by Git Watcher: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c35


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8/+/07365bef1406f9df8c3898ad96f713d77c262135

commit 07365bef1406f9df8c3898ad96f713d77c262135
Author: Jakob Kummerow <jkum...@chromium.org>
Date: Tue Jul 11 11:33:12 2023

[wasm] Fix unreachable validation of return_call_ref

The result types must match, even in unreachable code.

Bug: v8:9495
Change-Id: I245c7d7a39779f44fa2cce9ab6c445cc67de6dd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4677170
Auto-Submit: Jakob Kummerow <jkum...@chromium.org>
Commit-Queue: Matthias Liedtke <mlie...@chromium.org>
Commit-Queue: Jakob Kummerow <jkum...@chromium.org>
Reviewed-by: Matthias Liedtke <mlie...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#88825}

[modify] https://crrev.com/07365bef1406f9df8c3898ad96f713d77c262135/test/unittests/wasm/function-body-decoder-unittest.cc
[modify] https://crrev.com/07365bef1406f9df8c3898ad96f713d77c262135/src/wasm/function-body-decoder-impl.h

Git Watcher via monorail

unread,
Sep 13, 2023, 3:57:30 PM9/13/23
to v8-re...@googlegroups.com

Comment #36 on issue 9495 by Git Watcher: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c36


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8/+/50f8643de79d1c0db4efb41c24ed7c283a97bb7b

commit 50f8643de79d1c0db4efb41c24ed7c283a97bb7b
Author: Jakob Kummerow <jkum...@chromium.org>
Date: Wed Sep 13 17:05:38 2023

[wasm-gc] Ship it!

This patch enables typed-function-references and GC by default.
It also enables enforcement of WasmGC "final types".
It also disables support for deprecated prototype instructions.

Bug: v8:7748, v8:9495
Change-Id: I00752892d9385d62bdc06411efeaf63dc2e7cf8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4756848

Commit-Queue: Jakob Kummerow <jkum...@chromium.org>
Reviewed-by: Matthias Liedtke <mlie...@chromium.org>

Git Watcher via monorail

unread,
Feb 23, 2024, 9:30:28 AM2/23/24
to v8-re...@googlegroups.com

Comment #37 on issue 9495 by Git Watcher: [wasm] Implement typed function references
https://bugs.chromium.org/p/v8/issues/detail?id=9495#c37


The following revision refers to this bug:
https://chromium.googlesource.com/v8/v8/+/3fe82e7f4a3a1f86f56bff05332dd8c5b3c8f7d4

commit 3fe82e7f4a3a1f86f56bff05332dd8c5b3c8f7d4
Author: Jakob Kummerow <jkum...@chromium.org>
Date: Fri Feb 23 13:58:47 2024

[wasm-gc] Relax static type reqs for call_indirect

As discovered on https://github.com/WebAssembly/binaryen/pull/6336,
we erroneously required that the immediate type of a call_indirect
instruction be a subtype of the referenced table's type, but there
is no such requirement in the spec. This patch drops the check.
This change is backwards-compatible because it makes V8's behavior
strictly more permissive.

Bug: v8:9495
Change-Id: I198822e3d1ef8d8dd349fa92ed9e49d043d5d192
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5319505
Commit-Queue: Manos Koukoutos <mano...@chromium.org>
Commit-Queue: Jakob Kummerow <jkum...@chromium.org>
Reviewed-by: Manos Koukoutos <mano...@chromium.org>
Auto-Submit: Jakob Kummerow <jkum...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#92509}

[modify] https://crrev.com/3fe82e7f4a3a1f86f56bff05332dd8c5b3c8f7d4/test/mjsunit/wasm/call_indirect.js
[modify] https://crrev.com/3fe82e7f4a3a1f86f56bff05332dd8c5b3c8f7d4/test/unittests/wasm/function-body-decoder-unittest.cc
[modify] https://crrev.com/3fe82e7f4a3a1f86f56bff05332dd8c5b3c8f7d4/src/wasm/function-body-decoder-impl.h
Reply all
Reply to author
Forward
0 new messages