GetProperty CSA implementation bailouts prototype lookup when the
holder is a typed array, which is to handle integer indexed exotic
cases. However, this strict condition made too much overheads for
search of common names such as "constructor". This CL checks the
first character of a name, and do not bailout if we are sure that
the name cannot be a special index.
Bug: v8:4911, v8:7161
Change-Id: I2229ff3bebe14a452718e0b1f8354bb05437c09c
Reviewed-on: https://chromium-review.googlesource.com/842963
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50414}
In order to remove the CALL_GENERATED_CODE macro, it helps a lot to
unify the interfaces of the simulators and make the Call method variadic
in the number of arguments.
This CL does that for each simulator. A follow-up CL will then
completely remove the CALL_GENERATED_CODE macro and replace uses with
the (new) GeneratedCode wrapper.
R=mstarzinger@chromium.org
Bug: v8:7182
Change-Id: I1f81445ec2faba30f0bd233b022ae1f0fae4e96f
Reviewed-on: https://chromium-review.googlesource.com/850873
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50413}
Add a counter to measure the pure liftoff compile time. With background
compilation, the reported result will roughly match the cpu time, not
wall-clock time.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I9c76673a4cbe833de5b41a23d09892f577401374
Reviewed-on: https://chromium-review.googlesource.com/853859
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50412}
And apply a minor change: the {end_offset} is currently always >= 1, and
we sometimes use {end_offset - 1}. Change this to compute the
{end_offset} to be one less than before, and use {Uint32LessThan}
instead of {Uint32LessThanOrEqual}.
This matches the documentation I added and makes reasoning about the
correctness of the checks easier (at least for me).
R=titzer@chromium.org
Change-Id: I9a18ad5c72895cbadb6593cb74d6edc24f9ab032
Reviewed-on: https://chromium-review.googlesource.com/852145
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50411}
For simplicity, we currently use the approach to do all computations
and bounds checks on 32 bit values, and only convert to pointer size
right before using the value as memory offset.
Unfortunately, there are still cases left where we use 32-bit values
for 64-bit operations, which can lead to subtle bugs.
This CL hopefully fixes the last of these bugs.
R=titzer@chromium.org
Bug: v8:7257
Change-Id: I8d340f83ad17925c0d18d4e788350ef6101786ea
Reviewed-on: https://chromium-review.googlesource.com/852299
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50409}
This prints nicer error messages for checks like
"DCHECK_EQ(reg1, reg2)", and also splits cache state tracing into
one method for printing the overall state, one for printing each slot,
and one for printing the register.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I36e83ba2542986dd8ad17dbfe7cbb8df54a56755
Reviewed-on: https://chromium-review.googlesource.com/853495
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50407}
When generating code, store the vector of protected instruction data
as unique_ptr. It only becomes a shared_ptr once ownership has been
transferred to the NativeModule, because it can be shared between
different instances of the same function.
Drive-by: Remove dead accessor in PipelineData.
R=ahaas@chromium.org
Change-Id: I7571b32bf89f3c816683c5a77ac08fe8c22eb968
Reviewed-on: https://chromium-review.googlesource.com/853496
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50404}
This is needed to ensure that code can be interrupted. It will be
covered by a test once we support if-constructs in Liftoff.
Drive-by: Separate handling of blocks and loops, as there is only one
line in common.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: Ic22ca5e65c8d03a5d504289ec2a9e30cb97dc220
Reviewed-on: https://chromium-review.googlesource.com/853858
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50403}
The tests generated by --wasm-fuzzer-gen-test did not encode the locals
of functions yet. This CL fixes that.
A bit of care has to be taken to ensure that the locals are generated
in exactly the same order as in the module generated by the fuzzer.
This requires calling {addLocals} several times.
R=ahaas@chromium.org
Change-Id: I95237b0baef0731b6c164fddc8f12fa6f478e220
Reviewed-on: https://chromium-review.googlesource.com/848832
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50402}
This ensure that once features are added for other platform, we don't
forget to implement all platform specific methods that are then being
used.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: I4cc948da280fdb63da1938edc6b391d180b88cad
Reviewed-on: https://chromium-review.googlesource.com/853494
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50401}
Test case generation produced unusable output if the module contains
more than one function. Also, it was unnecessarily scattered around
several places in the code.
This CL consolidates test case generation in one method in the fuzzer,
and supports multiple functions with different signatures.
R=ahaas@chromium.org
Change-Id: I8bea71b0d69bb69d8bbe50002c6c7616a0a1941b
Reviewed-on: https://chromium-review.googlesource.com/847515
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50400}
Test processors can be enabled with --infra-staging flag.
Rerunning tests, execution and verbose progress indicator already
work as test processors.
Bug: v8:6917
Change-Id: I40fc42db94dbc8629e8000a3d363030045532fe3
Reviewed-on: https://chromium-review.googlesource.com/850398
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50399}
Bug: chromium:783124
Change-Id: Ie420be3ad05583d8ad999ab1e13e89ada4774028
Reviewed-on: https://chromium-review.googlesource.com/850674
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50398}
Also, remove {FunctionBodyForTesting}, which is only being used once.
Use the constructor directly instead.
R=ahaas@chromium.org
Change-Id: Ieceac41bf62ec2accf1bb39d8334563557c0dbbd
Reviewed-on: https://chromium-review.googlesource.com/847514
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50397}
Bug: v8:7217
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I97b067254355eb91e12b92eba92631cbc3ce8000
Reviewed-on: https://chromium-review.googlesource.com/839280
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50395}
As noted in the attached bug, accurately counting this would require
significant changes to the parser and is thus infeasible.
Bug: v8:7211
Change-Id: I61f14c948f50e0f97e596a9696d72a3570ad588a
Reviewed-on: https://chromium-review.googlesource.com/853214
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50393}
This reverts commit 9c79b37aa7.
Reason for revert: breaks TSAN
https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Linux64_TSAN%2F18959%2F%2B%2Frecipes%2Fsteps%2FCheck%2F0%2Flogs%2Finstance-gc%2F0
Original change's description:
> [wasm] use allocation tracker to track reserved address space
>
> This is a step towards falling back on bounds checks when there are too many
> guarded Wasm memories.
>
> Bug: v8:7143
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I01916cbdd5ddb08fe1d946ab83b801f37a8fe1c6
> Reviewed-on: https://chromium-review.googlesource.com/832944
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50390}
TBR=bbudge@chromium.org,gdeepti@chromium.org,eholk@chromium.org,eholk@google.com
Change-Id: I207b9466377ba50be17794e71407b0ebc8eb88e2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7143
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/853140
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50392}
These tests are gone from upstream.
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ie69be268d493a52e0d64b7bb216f3135dd111188
Reviewed-on: https://chromium-review.googlesource.com/853195
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50391}
This is a step towards falling back on bounds checks when there are too many
guarded Wasm memories.
Bug: v8:7143
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I01916cbdd5ddb08fe1d946ab83b801f37a8fe1c6
Reviewed-on: https://chromium-review.googlesource.com/832944
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50390}
Turns out gclient calls download_from_google_storage, which needs to be
included in PATH.
TBR=machenbach@chromium.org
Bug: v8:6105
Change-Id: I15d44d67152f6fa0d20ae7bc7e44bc5e0393b519
Reviewed-on: https://chromium-review.googlesource.com/852616
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50389}
Fixes nits found by @clemensh after
CL https://chromium-review.googlesource.com/c/v8/v8/+/834670
was committed. That is, the code uses static asserts instead of
assert.
Bug: v8:7226
Change-Id: I5488ec4609d1bee3aafa61a3ff2505f71b06d80d
Reviewed-on: https://chromium-review.googlesource.com/847687
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50388}
Otherwise dynamic linking with dlopen, as is the case with Node.js
addons, would not work.
R=fhinkel@chromium.org
Bug: v8:6105
Change-Id: I5a884afc003fdfdb9de7e9b0c736f1894ba0019a
Reviewed-on: https://chromium-review.googlesource.com/850112
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50384}
This CL removes some magic numbers used to convert floating values into
integer values, and the corresponding comments describing how they were
computed. It replaces these tests with template function is_inbounds()
that makes the compiler automatically generate the appropriate constants
and tests.
Note: This CL only changes the WASM interpreter to use is_inbounds(). Tests
have not yet been updated to guarantee that this change did not break anything.
Note: This change was initialed by a comment by @clemensh in
CL https://chromium-review.googlesource.com/c/v8/v8/+/834670.
Bug: v8:7226
Change-Id: I14c0962eb6ae20cf6647787c006924a208f7ce4a
Reviewed-on: https://chromium-review.googlesource.com/846280
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50383}
This adds the gn flag 'v8_untrusted_code_mitigations', which defaults to
true. If false, the DISABLE_UNTRUSTED_CODE_MITIGATIONS preprocessor
macro will be defined, which sets the default for the
--untrusted-code-mitigations runtime flag to false.
R=machenbach@chromium.org, hablich@chromium.org
CC=bmeurer@chromium.org
Bug: chromium:798964
Change-Id: Ief037e194dc9eeb7fe224b5d414a4ea8e69beb20
Reviewed-on: https://chromium-review.googlesource.com/852074
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50380}
Flags can be passed as "--any_flag" or "--any-flag". It seems that
people generally prefer the second form, but our help outputs the first
one. Avoid confusion by outputting the second form.
R=bmeurer@chromium.org
Change-Id: I21e07a7d2484ae78ccd27736f8373d53eb312818
Reviewed-on: https://chromium-review.googlesource.com/850692
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50376}
Even though kSpecMaxWasmMemoryPages == WasmModule::kPageSize, the
computation {wasm::kV8MaxWasmMemoryPages *
wasm::kSpecMaxWasmMemoryPages} is semantically wrong.
R=titzer@chromium.org
Change-Id: If4a875c714f1ca3c1fc928ec79b8be8aab62e8d0
Reviewed-on: https://chromium-review.googlesource.com/850072
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50375}
This makes the bitcasts that change pointerness effectful so that
they are not accidentally reordered with memory allocation.
Change-Id: I70e820fc0de1adb2a81b52a43bce4d47f2c304b9
Reviewed-on: https://chromium-review.googlesource.com/852052
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50374}
Remove the --extra-masking and --mask-array-index flags. Instead, use
--untrusted-code-mitigations directly.
This also changes the default for these flags: There were off by
default so far, but --untrusted_code_mitigations is on by default.
Store the value of the untrusted_code_mitigations flag in the
CompilationInfo in order to ensure that it stays consistent during the
compilation of one function.
R=jarin@chromium.org, bmeurer@chromium.org, hablich@chromium.orgCC=rmcilroy@chromium.org
Bug: chromium:798964
Change-Id: I15a919e741f0628afa6a6ea1e8274ad0c4399929
Reviewed-on: https://chromium-review.googlesource.com/850412
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50373}
Previously the Promise builtins would always use a runtime function to
schedule a new microtask, which is unnecessarily expensive. Since the
runtime function only adds the microtask to a FixedArray (potentially
growing that array) and increments the number of pending microtasks, it
is fairly straight-forward to do this in CSA land instead.
This change improves the Bluebird benchmarks by 2-4% on average.
Bug: v8:7253
Change-Id: I77e96b9e5afbb4bdbe129b6bb289d9905ed581bf
Reviewed-on: https://chromium-review.googlesource.com/851972
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50372}
WasmGraphBuilder contains fields which store state which is modified
during graph construction, other fields store information which is
never modified. Make the latter fields const.
R=mtrofin@chromium.org
Change-Id: I3ea57fbca6b24247989f5ae7260ffed2013ad82a
Reviewed-on: https://chromium-review.googlesource.com/850396
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50371}
Add a flag which controls our mitigations for executing untrusted code,
in particular mitigations against speculative side channel attacks.
The new flag (--untrusted-code-mitigations) is enabled by default, and
currently only controls the mitigations we do in wasm.
In the future, it should also replace the --extra-masking flag
controlling our javascript mitigations.
R=bradnelson@chromium.org, bmeurer@chromium.org
CC=hablich@chromium.org
Bug: chromium:798964
Change-Id: I94a008fdb95b6bce07d547a8b81ec9f23f392496
Reviewed-on: https://chromium-review.googlesource.com/850212
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50370}
Create a new function kind for initializer functions and ban arguments
if used in such a function.
Bug: v8:5367, v8:7183
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Id3089e587b3d6a25f27224045f250e032b831818
Reviewed-on: https://chromium-review.googlesource.com/850547
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50369}
These APIs have been marked as deprecated for more than 6 months.
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I4f05a8904c367f335be7e159709f564362c8bbd9
Reviewed-on: https://chromium-review.googlesource.com/848782
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50368}
This changes the names of the builtins on the Promise.prototype to match
the general naming convention and make it easier to tell what the
builtin is about just by looking at its name.
Bug: v8:7253
Change-Id: I906cc6fc14a6b9d8ffe9c0dcfd94b50439c4cfcf
Reviewed-on: https://chromium-review.googlesource.com/850698
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50367}
This is a simple refactoring to make the code dealing with the marker
symbols for the default resolve/reject handlers more readable.
Bug: v8:7253
Change-Id: Ife279e77007d52ad11fed3726009d60d7c352c33
Reviewed-on: https://chromium-review.googlesource.com/850696
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50366}