Commit Graph

44 Commits

Author SHA1 Message Date
Mircea Trofin
1048a6b4ea [wasm] Fix wasm-jit-to-native + W^X GC heap interaction issues
- in certain cases, we need both modification scopes because we may
mutate JS functions, even in the jit-to-native case - e.g. JS-to-wasm
wrappers
- added handling for wasm-to-wasm wrappers in the context of lazy
compilation.

Bug: v8:7105
Change-Id: I085c14e03ef0b08d040998f2207abf7bc3fff01c
Reviewed-on: https://chromium-review.googlesource.com/811285
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49947}
2017-12-08 02:21:46 +00:00
Michael Starzinger
02d201bfdd Enable --write-protect-code-memory by default.
R=hablich@chromium.org
BUG=v8:6792

Change-Id: Ib3bb3f84f9acec37a37803f460f5c8cdc3669867
Reviewed-on: https://chromium-review.googlesource.com/792937
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49886}
2017-12-06 10:14:58 +00:00
Michael Achenbach
df659b17ed [test] Refactor variant flags
This derives two global variables to ease adding new variants.

Bug: chromium:788104
Change-Id: Ibe933dc0999f6dfa0ae8bf2afa0a5de8e44aefca
Reviewed-on: https://chromium-review.googlesource.com/799790
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49741}
2017-11-30 10:41:57 +00:00
Michael Lippautz
c99c9c3e96 [testing] Add minor MC variant
No-try: true
Bug: v8:788113
Change-Id: I6e9c659cc5658f4da361552936551adb594f56d9
Reviewed-on: https://chromium-review.googlesource.com/799872
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49740}
2017-11-30 10:02:57 +00:00
Mircea Trofin
b03b1bd9a8 Revert "Revert "[wasm] JIT using WasmCodeManager""
This reverts commit b301203e5a.

Reason for revert: Fixed issues on arm.

Original change's description:
> Revert "[wasm] JIT using WasmCodeManager"
> 
> This reverts commit d4c8393c1c.
> 
> Reason for revert: Breaks ARM hardware:
> https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm%20-%20debug/builds/5268
> 
> Original change's description:
> > [wasm] JIT using WasmCodeManager
> > 
> > This is the first step towards wasm code sharing. This CL moves wasm
> > code generation outside the JavaScript GC heap using the previously -
> > introduced WasmCodeManager (all this, behind the --wasm-jit-to-native
> > flag).
> > 
> > See design document: go/wasm-on-native-heap-stage-1
> > 
> > This CL doesn't change other wasm architectural invariants. We still
> > have per-Isolate wasm code generation, and per-wasm module instance
> > code specialization.
> > 
> > Bug:v8:6876
> > 
> > Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> > Change-Id: I1e08cecad75f93fb081545c31228a4568be276d3
> > Reviewed-on: https://chromium-review.googlesource.com/674086
> > Reviewed-by: Ben Titzer <titzer@chromium.org>
> > Reviewed-by: Eric Holk <eholk@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#49689}
> 
> TBR=bradnelson@chromium.org,titzer@chromium.org,mtrofin@chromium.org,eholk@chromium.org
> 
> Change-Id: I89af1ea5decd841bc12cd2ceaf74d32bc4433885
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: v8:6876
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Reviewed-on: https://chromium-review.googlesource.com/794690
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49691}

TBR=bradnelson@chromium.org,machenbach@chromium.org,titzer@chromium.org,mtrofin@chromium.org,eholk@chromium.org

Change-Id: I1b07638d1bb2ba0664305b4b2dcfc1342dc8444f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6876
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/794434
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49692}
2017-11-28 22:27:13 +00:00
Michael Achenbach
b301203e5a Revert "[wasm] JIT using WasmCodeManager"
This reverts commit d4c8393c1c.

Reason for revert: Breaks ARM hardware:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm%20-%20debug/builds/5268

Original change's description:
> [wasm] JIT using WasmCodeManager
> 
> This is the first step towards wasm code sharing. This CL moves wasm
> code generation outside the JavaScript GC heap using the previously -
> introduced WasmCodeManager (all this, behind the --wasm-jit-to-native
> flag).
> 
> See design document: go/wasm-on-native-heap-stage-1
> 
> This CL doesn't change other wasm architectural invariants. We still
> have per-Isolate wasm code generation, and per-wasm module instance
> code specialization.
> 
> Bug:v8:6876
> 
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I1e08cecad75f93fb081545c31228a4568be276d3
> Reviewed-on: https://chromium-review.googlesource.com/674086
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Eric Holk <eholk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49689}

TBR=bradnelson@chromium.org,titzer@chromium.org,mtrofin@chromium.org,eholk@chromium.org

Change-Id: I89af1ea5decd841bc12cd2ceaf74d32bc4433885
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6876
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/794690
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49691}
2017-11-28 21:58:44 +00:00
Mircea Trofin
d4c8393c1c [wasm] JIT using WasmCodeManager
This is the first step towards wasm code sharing. This CL moves wasm
code generation outside the JavaScript GC heap using the previously -
introduced WasmCodeManager (all this, behind the --wasm-jit-to-native
flag).

See design document: go/wasm-on-native-heap-stage-1

This CL doesn't change other wasm architectural invariants. We still
have per-Isolate wasm code generation, and per-wasm module instance
code specialization.

Bug:v8:6876

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I1e08cecad75f93fb081545c31228a4568be276d3
Reviewed-on: https://chromium-review.googlesource.com/674086
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49689}
2017-11-28 20:39:25 +00:00
Clemens Hammacher
412f1568f2 Reland "[test] Add Liftoff variant"
This is a reland of 712fa67554.

Original change's description:
> [test] Add Liftoff variant
>
> Add a variant for testing the current state of the Liftoff
> implementation.
> This variant will only run on a subset of the bots, just like the
> --future variant.
>
> R=machenbach@chromium.org, hablich@chromium.org
>
> Bug: v8:7088, v8:6600
> Change-Id: If49fad3a8ed579356504b821a787326754f24e78
> Reviewed-on: https://chromium-review.googlesource.com/779420
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49504}

TBR=machenbach@chromium.org
CC=hablich@chromium.org

Bug: v8:7088, v8:6600
Change-Id: Ieb20020f07c70acaa64bb421763a41aa163a261b
Reviewed-on: https://chromium-review.googlesource.com/781499
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49531}
2017-11-21 12:10:53 +00:00
Michael Achenbach
b5bdb762ac Revert "[test] Add Liftoff variant"
This reverts commit 712fa67554.

Reason for revert: Infra side change was reverted. Please reland
after it stays in for a bot cycle...

Original change's description:
> [test] Add Liftoff variant
> 
> Add a variant for testing the current state of the Liftoff
> implementation.
> This variant will only run on a subset of the bots, just like the
> --future variant.
> 
> R=​machenbach@chromium.org, hablich@chromium.org
> 
> Bug: v8:7088, v8:6600
> Change-Id: If49fad3a8ed579356504b821a787326754f24e78
> Reviewed-on: https://chromium-review.googlesource.com/779420
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49504}

TBR=machenbach@chromium.org,hablich@chromium.org,clemensh@chromium.org

Change-Id: Ib6b2e79cea5d9f99f8933c72bbb9d9dddbd6ae07
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7088, v8:6600
Reviewed-on: https://chromium-review.googlesource.com/779719
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49507}
2017-11-20 17:35:58 +00:00
Clemens Hammacher
712fa67554 [test] Add Liftoff variant
Add a variant for testing the current state of the Liftoff
implementation.
This variant will only run on a subset of the bots, just like the
--future variant.

R=machenbach@chromium.org, hablich@chromium.org

Bug: v8:7088, v8:6600
Change-Id: If49fad3a8ed579356504b821a787326754f24e78
Reviewed-on: https://chromium-review.googlesource.com/779420
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49504}
2017-11-20 17:30:51 +00:00
Michael Achenbach
209d379083 [test] Enable future variant as part of the extra suite set
Bug: chromium:786938
Change-Id: Ib8041c3cfe2237922824d783ebf8f0bb4d967a53
Reviewed-on: https://chromium-review.googlesource.com/779259
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49493}
2017-11-20 13:43:34 +00:00
Ross McIlroy
2f5d90a816 [d8] Add a stress-background-compile mode
Adds a stress-background-compile mode which runs compilation on a background
thread at the same time as compiling on the main thread to flush out races.
This is added as one of the variants, removing stress_asm_validation since this
is no longer a useful variant.

BUG=v8:5203

Change-Id: I73dd9f21d9b6da4a4cb39c05061aa24116e6c5ad
Reviewed-on: https://chromium-review.googlesource.com/741746
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49376}
2017-11-15 11:08:21 +00:00
Michael Starzinger
2328e4d196 [test] Add testing of --write-protect-code-memory feature.
This adds test coverage for write-protected code pages by adding the
feature to the existing "stress_incremental_marking" variant. Since this
is considered a temporary state, the variant has not been renamed.

R=machenbach@chromium.org
BUG=v8:6792

Change-Id: I62fa5aa15bf5309b12fbc269fcf81069845755f9
Reviewed-on: https://chromium-review.googlesource.com/753388
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49267}
2017-11-09 12:25:35 +00:00
Eric Holk
69d790e521 [wasm] Remove --wasm-guard-pages flag
This flag was originally added as a staging mechanism to let us land and test
guard regions without the full trap handler feature landing. Additionally, we
thought we might enable guard regions without trap handlers on some systems.

Trap handlers are now supported, and there's not a real compelling reason for
why we need guard regions without trap handlers. Keeping the separate flag leads
to confusion, since some code treats guard regions and trap handlers the same,
while other code treats them as independent.

Removing this flag and its associated special cases makes everything more
uniform and predictable.

R=gdeepti@chromium.org

Change-Id: Icebab91d1f1e0c55e7a35c75b880085d37fa14ae
Reviewed-on: https://chromium-review.googlesource.com/706570
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48411}
2017-10-10 01:10:28 +00:00
Michael Achenbach
c7e84f5216 [test] Add stress_incremental_marking testing variant
Bug: 
Change-Id: Iddb8dde328af42b99c74195a13975346437c7259
Reviewed-on: https://chromium-review.googlesource.com/700635
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48310}
2017-10-05 13:10:42 +00:00
Michael Starzinger
e398bf81d7 [test] Remove deprecated "fullcode" test variant.
Note that this also renames the existing "asm_wasm" variant to use the
more appropriate "stress_asm_wasm" name.

R=rmcilroy@chromium.org
BUG=v8:6409

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I1f9550cd03874c678f4583047a4e123a6f090250
Reviewed-on: https://chromium-review.googlesource.com/584879
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46937}
2017-07-27 14:01:03 +00:00
Ross McIlroy
05207b098a [Interpreter] Replace --ignition flag with a --stress-fullcodegen
Removes the --ignition flag which is now on by default. Adds a
--stress-fullcodegen flag which enables running all functions supported
by fullcodegen to be compiled by fullcodegen.

This will enable moving parser internalization later when we are not
stressing fullcodegen or compiling asm.js functions.

BUG=v8:5203, v8:6409, v8:6589

Change-Id: I7fa68016d4e734755434ec0b4e749ef65ffa7f4e
Reviewed-on: https://chromium-review.googlesource.com/565569
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46635}
2017-07-13 13:05:00 +00:00
Michael Starzinger
4e86ae8c2c Decouple the --ignition from the --turbo flag.
Both Ignition and TurboFan have been enabled by default for a while.
This just disentangles the implication between those two flags and sets
the --ignition individually. They can now be controlled individually.

R=rmcilroy@chromium.org
BUG=v8:6408

Change-Id: I08eca85120160efa5868b5ca36d1613964ed82eb
Reviewed-on: https://chromium-review.googlesource.com/527637
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45800}
2017-06-09 08:04:39 +00:00
Michael Starzinger
e5fb221d55 [test] Deprecate and remove 'noturbofan' test variant.
The variant in question was intended to test Crankshaft, which is being
deprecated. Note that the variants 'nooptimization' and 'fullcode' still
test configuration where TurboFan is not active.

R=machenbach@chromium.org
BUG=v8:6408

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I587c3eee7ba511dfc270aab66b546d2532bc635f
Reviewed-on: https://chromium-review.googlesource.com/528133
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45785}
2017-06-08 09:48:36 +00:00
Michael Starzinger
18d82682d1 [test] Remove dead and unmaintained test variants.
The two variants "turbofan" and "turbofan_opt" are not part of any of
the default sets of variants that run-tests.py uses. The only way to
trigger execution would be via the --variants flag directly, which our
infrastructure is not doing.

R=machenbach@chromium.org

Change-Id: Ifa58cb4a83a3760ffba73e8b40b417a845f53506
Reviewed-on: https://chromium-review.googlesource.com/526637
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45772}
2017-06-07 15:57:56 +00:00
Michael Starzinger
76aef2f33e [test] Remove Crankshaft stress test variant.
This removes the test suite variant for stressing Crankshaft from the
list of supported variants. Other stress variants remain untouched.

R=machenbach@chromium.org

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Iad236c2b80a1dea21b8be9b931e6a4e88f3ebcc5
Reviewed-on: https://chromium-review.googlesource.com/527094
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45758}
2017-06-07 12:15:45 +00:00
Michael Starzinger
3a47312226 [asm.js] Remove deprecated --fast-validate-asm flag.
R=clemensh@chromium.org
BUG=v8:6127

Change-Id: I104bf807d3da6a9f269e4f729b254bc6a0d2f0df
Reviewed-on: https://chromium-review.googlesource.com/496206
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45098}
2017-05-04 13:52:39 +00:00
Mythri
7371c34b6b Use --opt instead of --crankshaft in tests.
1. Replaces --crankshaft with --opt in tests.
2. Also fixes presubmit to check for --opt flag when
assertOptimized is used.
3. Updates testrunner/local/variants.py and 
v8_foozie.py to use --opt flag.
This would mean, nooptimize variant means there are
no optimizations. Not even with %OptimizeFunctionOnNextCall.

Bug:v8:6325

Change-Id: I638e743d0773a6729c6b9749e2ca1e2537f12ce6
Reviewed-on: https://chromium-review.googlesource.com/490206
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44985}
2017-04-28 14:20:39 +00:00
Michael Starzinger
ab4c91904d [asm.js] Widen test coverage to message tests.
R=machenbach@chromium.org
BUG=v8:6127

Change-Id: Ie828f6e0dc6fe9f9f9351aa1afaf7b9dbf536e26
Reviewed-on: https://chromium-review.googlesource.com/461181
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44219}
2017-03-29 08:42:32 +00:00
Ross McIlroy
980448dfcd [Compiler] Remove CompileBaseline and three tier pipeline.
Since we no longer support the ignition-staging configuration 
any longer,  we can retire the three tier pipeline and the
CompileBaseline functionallity.

We still need support for JSFunction self healing due to
liveedit (which for --no-turbo might end up replacing a
forced Ignition function with a FCG function) - we can
remove this once we remove --no-turbo support.

BUG=v8:4280

Change-Id: I5482abd17785324654e022affd6bdb555b19b181
Reviewed-on: https://chromium-review.googlesource.com/452620
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44141}
2017-03-27 11:15:43 +00:00
Michael Starzinger
565829f580 [asm.js] Switch test coverage to --fast-validate-asm.
R=machenbach@chromium.org
BUG=v8:6127

Change-Id: I8681102a2eec42a55db8d98d2422faa69d4c193c
Reviewed-on: https://chromium-review.googlesource.com/459478
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44109}
2017-03-24 14:25:49 +00:00
Michael Achenbach
c9da660928 Revert "[asm.js] Switch test coverage to --fast-validate-asm."
This reverts commit 15898daf7c.

Reason for revert: Bunch of custom snapshot check failures:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/11887
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20custom%20snapshot%20-%20debug/builds/13603

Original change's description:
> [asm.js] Switch test coverage to --fast-validate-asm.
> 
> R=​machenbach@chromium.org
> BUG=v8:6127
> 
> Change-Id: I65a6905e57ff47195503b37118c279d22f0baba0
> Reviewed-on: https://chromium-review.googlesource.com/459536
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44099}

TBR=bradnelson@chromium.org,machenbach@chromium.org,mstarzinger@chromium.org,v8-reviews@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6127

Change-Id: Iecbd29d8ee31b49e553048c6f59670167cd22d9d
Reviewed-on: https://chromium-review.googlesource.com/459497
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44103}
2017-03-24 13:01:34 +00:00
Michael Starzinger
15898daf7c [asm.js] Switch test coverage to --fast-validate-asm.
R=machenbach@chromium.org
BUG=v8:6127

Change-Id: I65a6905e57ff47195503b37118c279d22f0baba0
Reviewed-on: https://chromium-review.googlesource.com/459536
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44099}
2017-03-24 12:23:26 +00:00
Michael Starzinger
8aa3459f20 [asm.js] Add stress mode for the asm.js validator.
This adds a --stress-validate-asm flag intended to stress test the
validator by running against every single function, independent of
whether a "use asm" directive is present. It mainly tests negative
cases because barely any function in our test corpus will be a valid
module according to the asm.js spec.

R=bradnelson@chromium.org
BUG=v8:6127

Change-Id: Id04b0440628134d4e81c9bb4d71039f940fc9a83
Reviewed-on: https://chromium-review.googlesource.com/457039
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44055}
2017-03-23 08:54:05 +00:00
Ross McIlroy
b7648be7ec [Flags] Remove --ignition-staging flag.
Removes the --ignition-staging flag since it is no longer used
by anything and won't be a shipping configuration. Also removes
ignition_turbo variant from testrunner, since it is now 
the same as the turbofan variant.

BUG=v8:4280

Change-Id: I3b96e986879fc70b8e202fe9496334828acdd0ba
Reviewed-on: https://chromium-review.googlesource.com/452621
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43806}
2017-03-14 23:07:09 +00:00
Michael Achenbach
9f4188c252 [test] Fix fullcode and ignition testing variants
BUG=chromium:682617
R=mstarzinger@chromium.org,mvstanton@chromium.org,rmcilroy@chromium.org

Change-Id: Id0c904e080bb09e4ac1a127a02b110459442f7f3
Reviewed-on: https://chromium-review.googlesource.com/452484
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43771}
2017-03-14 09:59:04 +00:00
eholk
118c376fcb [wasm] Initial signal handler
This is basically the minimum viable signal handler for Wasm bounds checks.
It includes the TLS check and the fine grained instructions checks. These
two checks provide most of the safety for the signal handler. Future CLs will
add code range and data range checks for more robustness.

The trap handling code and data structures are all in src/trap-handler, with
the code that actually runs in the signal handler confined to
src/trap-handler/signal-handler.cc.

This changes adds a new V8 API that the embedder should call from a signal
handler that will give V8 the chance to handle the fault first. For hosts that
do not want to implement their own signal handler, we include the option to
install a simple one. This simple handler is also used for the tests.

When a Wasm module is instantiated, information about each function is passed
to the trap handler, which is used to classify faults. These are removed during
the instance finalizer.

Several future enhancements are planned before turning this on by default.
Obviously, the additional checks will be added to MaybeHandleFault. We are
also planning to add a two-level CodeObjectData table that is grouped by
isolates to make cleanup easier and also reduce potential for contending on
a single data structure.

BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277

Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Original-Commit-Position: refs/heads/master@{#43523}
Committed: a5af7fe9ee
Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Commit-Position: refs/heads/master@{#43755}
Committed: 338622d7ca
Review-Url: https://codereview.chromium.org/2371833007
Cr-Commit-Position: refs/heads/master@{#43759}
2017-03-13 22:12:23 +00:00
eholk
aba151b92f Revert of [wasm] Initial signal handler (patchset #60 id:1170001 of https://codereview.chromium.org/2371833007/ )
Reason for revert:
ASAN breakage, such as https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/19111/steps/Check/logs/grow-memory

Original issue's description:
> [wasm] Initial signal handler
>
> This is basically the minimum viable signal handler for Wasm bounds checks.
> It includes the TLS check and the fine grained instructions checks. These
> two checks provide most of the safety for the signal handler. Future CLs will
> add code range and data range checks for more robustness.
>
> The trap handling code and data structures are all in src/trap-handler, with
> the code that actually runs in the signal handler confined to
> src/trap-handler/signal-handler.cc.
>
> This changes adds a new V8 API that the embedder should call from a signal
> handler that will give V8 the chance to handle the fault first. For hosts that
> do not want to implement their own signal handler, we include the option to
> install a simple one. This simple handler is also used for the tests.
>
> When a Wasm module is instantiated, information about each function is passed
> to the trap handler, which is used to classify faults. These are removed during
> the instance finalizer.
>
> Several future enhancements are planned before turning this on by default.
> Obviously, the additional checks will be added to MaybeHandleFault. We are
> also planning to add a two-level CodeObjectData table that is grouped by
> isolates to make cleanup easier and also reduce potential for contending on
> a single data structure.
>
> BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
>
> Review-Url: https://codereview.chromium.org/2371833007
> Cr-Original-Commit-Position: refs/heads/master@{#43523}
> Committed: a5af7fe9ee
> Review-Url: https://codereview.chromium.org/2371833007
> Cr-Commit-Position: refs/heads/master@{#43755}
> Committed: 338622d7ca

TBR=ahaas@chromium.org,bradnelson@google.com,hpayer@chromium.org,jochen@chromium.org,mark@chromium.org,mseaborn@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277

Review-Url: https://codereview.chromium.org/2744383002
Cr-Commit-Position: refs/heads/master@{#43757}
2017-03-13 20:03:25 +00:00
eholk
338622d7ca [wasm] Initial signal handler
This is basically the minimum viable signal handler for Wasm bounds checks.
It includes the TLS check and the fine grained instructions checks. These
two checks provide most of the safety for the signal handler. Future CLs will
add code range and data range checks for more robustness.

The trap handling code and data structures are all in src/trap-handler, with
the code that actually runs in the signal handler confined to
src/trap-handler/signal-handler.cc.

This changes adds a new V8 API that the embedder should call from a signal
handler that will give V8 the chance to handle the fault first. For hosts that
do not want to implement their own signal handler, we include the option to
install a simple one. This simple handler is also used for the tests.

When a Wasm module is instantiated, information about each function is passed
to the trap handler, which is used to classify faults. These are removed during
the instance finalizer.

Several future enhancements are planned before turning this on by default.
Obviously, the additional checks will be added to MaybeHandleFault. We are
also planning to add a two-level CodeObjectData table that is grouped by
isolates to make cleanup easier and also reduce potential for contending on
a single data structure.

BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277

Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Commit-Position: refs/heads/master@{#43523}
Committed: a5af7fe9ee
Review-Url: https://codereview.chromium.org/2371833007
Cr-Commit-Position: refs/heads/master@{#43755}
2017-03-13 19:14:35 +00:00
Michael Achenbach
8e4be1a2e3 [test] Fix typo in testing variant name
This makes it possible to directly request testing noturbofan_stress on the command line.

BUG=chromium:682617
TBR=mstarzinger@chromium.org,mvstanton@chromium.org,rmcilroy@chromium.org
NOTRY=true

Change-Id: I6ba9a022c4ef24fb5abe6878d3f2f972e8461eb8
Reviewed-on: https://chromium-review.googlesource.com/453180
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43748}
2017-03-13 14:21:15 +00:00
Michael Achenbach
3d3de00717 [test] Drop testing ignition_staging
Removing it from default variants set which will substantially increase test speed for developers.

Pure ignition is intended to be tested only on bots unless opted in.

BUG=chromium:682617
R=mstarzinger@chromium.org,mvstanton@chromium.org,rmcilroy@chromium.org

Change-Id: I98adb81951a0a2d16f52e6b34b98d3a90e178d8a
Reviewed-on: https://chromium-review.googlesource.com/452580
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43721}
2017-03-10 12:01:01 +00:00
Michael Achenbach
abc055e7b2 [test] Enable test coverage for noturbo
BUG=chromium:682617
R=mstarzinger@chromium.org,bmeurer@chromium.org

Change-Id: I1dedc4e2a0cb6e5e42b734c7eb99a40164da4229
Reviewed-on: https://chromium-review.googlesource.com/452498
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43701}
2017-03-09 14:41:33 +00:00
bmeurer
0b3e554e03 Revert of [wasm] Initial signal handler (patchset #56 id:1090001 of https://codereview.chromium.org/2371833007/ )
Reason for revert:
Breaks tree, i.e. https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/18928/steps/Check/logs/grow-memory

Original issue's description:
> [wasm] Initial signal handler
>
> This is basically the minimum viable signal handler for Wasm bounds checks.
> It includes the TLS check and the fine grained instructions checks. These
> two checks provide most of the safety for the signal handler. Future CLs will
> add code range and data range checks for more robustness.
>
> The trap handling code and data structures are all in src/trap-handler, with
> the code that actually runs in the signal handler confined to
> src/trap-handler/signal-handler.cc.
>
> This changes adds a new V8 API that the embedder should call from a signal
> handler that will give V8 the chance to handle the fault first. For hosts that
> do not want to implement their own signal handler, we include the option to
> install a simple one. This simple handler is also used for the tests.
>
> When a Wasm module is instantiated, information about each function is passed
> to the trap handler, which is used to classify faults. These are removed during
> the instance finalizer.
>
> Several future enhancements are planned before turning this on by default.
> Obviously, the additional checks will be added to MaybeHandleFault. We are
> also planning to add a two-level CodeObjectData table that is grouped by
> isolates to make cleanup easier and also reduce potential for contending on
> a single data structure.
>
> BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
>
> Review-Url: https://codereview.chromium.org/2371833007
> Cr-Commit-Position: refs/heads/master@{#43523}
> Committed: a5af7fe9ee

TBR=ahaas@chromium.org,bradnelson@google.com,hpayer@chromium.org,jochen@chromium.org,mark@chromium.org,mseaborn@chromium.org,titzer@chromium.org,eholk@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277

Review-Url: https://codereview.chromium.org/2723133003
Cr-Commit-Position: refs/heads/master@{#43525}
2017-03-01 19:47:27 +00:00
eholk
a5af7fe9ee [wasm] Initial signal handler
This is basically the minimum viable signal handler for Wasm bounds checks.
It includes the TLS check and the fine grained instructions checks. These
two checks provide most of the safety for the signal handler. Future CLs will
add code range and data range checks for more robustness.

The trap handling code and data structures are all in src/trap-handler, with
the code that actually runs in the signal handler confined to
src/trap-handler/signal-handler.cc.

This changes adds a new V8 API that the embedder should call from a signal
handler that will give V8 the chance to handle the fault first. For hosts that
do not want to implement their own signal handler, we include the option to
install a simple one. This simple handler is also used for the tests.

When a Wasm module is instantiated, information about each function is passed
to the trap handler, which is used to classify faults. These are removed during
the instance finalizer.

Several future enhancements are planned before turning this on by default.
Obviously, the additional checks will be added to MaybeHandleFault. We are
also planning to add a two-level CodeObjectData table that is grouped by
isolates to make cleanup easier and also reduce potential for contending on
a single data structure.

BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277

Review-Url: https://codereview.chromium.org/2371833007
Cr-Commit-Position: refs/heads/master@{#43523}
2017-03-01 18:02:13 +00:00
marja
4a5b7e32c4 Remove FLAG_min_preparse_length.
It originates from the era where we used to run a separate preparse step
before parsing and store the function data. Now the usage of preparser
is something completely different, so this flag doesn't make sense any
more.

In addition, this way we get more test coverage for preparser (for small
scripts).

BUG=

Review-Url: https://codereview.chromium.org/2513563002
Cr-Commit-Position: refs/heads/master@{#41110}
2016-11-18 14:06:49 +00:00
eholk
eaed31c5f5 [wasm] Add guard regions to end of WebAssembly.Memory buffers
With this change, WebAssembly.Memory objects have backing stores allocated as an
8GB region where everything beyond the size of the Wasm heap is inaccessible.

GrowMemory is now implemented by changing the protection on the guard regions to
make the new portions of the heap accessible.

Guard pages are not enabled by default, but this change adds a flag and a test
variant to make sure we get test coverage on them.

BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277

Review-Url: https://codereview.chromium.org/2396433008
Cr-Commit-Position: refs/heads/master@{#41089}
2016-11-17 20:29:13 +00:00
bradnelson
7e07d3f669 [wasm] asm.js: Add asm_wasm variant to test asm.js->wasm pipeline.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5406
LOG=N
R=mstarzinger@chromium.org,machenbach@chromium.org

Review-Url: https://codereview.chromium.org/2309833003
Cr-Commit-Position: refs/heads/master@{#39521}
2016-09-19 23:57:13 +00:00
machenbach
55a4344f41 [test] Activate ignition_staging variant
BUG=v8:5238
NOTREECHECKS=true

Review-Url: https://codereview.chromium.org/2214283003
Cr-Commit-Position: refs/heads/master@{#38381}
2016-08-05 12:48:36 +00:00
machenbach
03f5124822 [test] Enable test status filtering by variant
This adds the possibility to address test cases in the
status file with the variant under which the test is running.
This is only allowed in top-level sections.

Example:
[{
  'test-case': [PASS, SLOW],
}]

['variant == foo', {
  'test-case': [FAIL],
}]

The test case "test-case" is marked as slow in all variants.
Additionally, in variant foo, it'll be expected to fail.

This CL also exemplifies the new feature with test cases
running under the ignition_turbofan variant. The
corresponding legacy flag is deprecated.

BUG=v8:5238

Review-Url: https://codereview.chromium.org/2203013002
Cr-Commit-Position: refs/heads/master@{#38342}
2016-08-04 14:42:16 +00:00