Commit Graph

6290 Commits

Author SHA1 Message Date
gdeepti
3d6f774352 [wasm] Fix bounds check for zero initial memory.
Currently when memory size references are updated with zero initial memory during GrowMemory/Relocation of Instance objects, the bounds check does not take into account the size of memtype.

R=titzer@chromium.org, bradnelson@chromium.org

Committed: https://crrev.com/70416a2b360c0d993cffb48284b143d484d1e290
Review-Url: https://codereview.chromium.org/2416543002
Cr-Original-Commit-Position: refs/heads/master@{#40326}
Cr-Commit-Position: refs/heads/master@{#40329}
2016-10-14 23:54:50 +00:00
gdeepti
2c4563003c Revert of [wasm] Fix bounds check for zero initial memory. (patchset #11 id:200001 of https://codereview.chromium.org/2416543002/ )
Reason for revert:
Reverting because of failure on V8 Linux64 GC Stress

http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/8572

Original issue's description:
> [wasm] Fix bounds check for zero initial memory.
>
> Currently when memory size references are updated with zero initial memory during GrowMemory/Relocation of Instance objects, the bounds check does not take into account the size of memtype.
>
> R=titzer@chromium.org, bradnelson@chromium.org
>
> Committed: https://crrev.com/70416a2b360c0d993cffb48284b143d484d1e290
> Cr-Commit-Position: refs/heads/master@{#40326}

TBR=bradnelson@chromium.org,titzer@chromium.org,bradnelson@google.com,mtrofin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2416393002
Cr-Commit-Position: refs/heads/master@{#40328}
2016-10-14 22:43:24 +00:00
gsathya
b122da39d0 [async await] Fix debug async task event
If the catch prediction machinery in the middle of some async op, we
shouldn't send invalid events to the debugger.

Instead of sending events with an undefined id, we don't send them at
all.

Review-Url: https://codereview.chromium.org/2417093003
Cr-Commit-Position: refs/heads/master@{#40327}
2016-10-14 21:16:58 +00:00
gdeepti
70416a2b36 [wasm] Fix bounds check for zero initial memory.
Currently when memory size references are updated with zero initial memory during GrowMemory/Relocation of Instance objects, the bounds check does not take into account the size of memtype.

R=titzer@chromium.org, bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2416543002
Cr-Commit-Position: refs/heads/master@{#40326}
2016-10-14 21:01:55 +00:00
marja
2a480eff39 mjsunit: Fix the error message produced by assertInstanceof.
Used to be:

Failure: expected <foo> is not an instance of <Bar> but of < Baz>> found <undefined>

Should be:

Failure: <foo> is not an instance of <Bar> but of <Baz>

BUG=

Review-Url: https://codereview.chromium.org/2413153004
Cr-Commit-Position: refs/heads/master@{#40319}
2016-10-14 14:12:04 +00:00
titzer
88a8cc7f22 [test] Disable regress-599717 on TSAN.
R=machenbach@chromium.org
BUG=v8:5513

Review-Url: https://codereview.chromium.org/2416433005
Cr-Commit-Position: refs/heads/master@{#40283}
2016-10-13 17:32:29 +00:00
titzer
283b31f57c [wasm] Reduce usage of old Wasm.* API in JS tests.
BUG=

Review-Url: https://codereview.chromium.org/2417773004
Cr-Commit-Position: refs/heads/master@{#40282}
2016-10-13 16:55:57 +00:00
rossberg
fb5b2f5241 [wasm] Implement {Compile,Runtime}Error; fix traps from start function
R=ahaas@chromium.org, titzer@chromium.org
BUG=v8:5507

Review-Url: https://codereview.chromium.org/2421453002
Cr-Commit-Position: refs/heads/master@{#40280}
2016-10-13 16:18:10 +00:00
rossberg
d95b754319 Implement Table#length and Table#get
R=ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2411963003
Cr-Commit-Position: refs/heads/master@{#40273}
2016-10-13 14:43:46 +00:00
ahaas
fa1f9c37d1 [wasm] Do not generate a loop stack check upon a decoder error.
A decoder error sets builder_ to null, which causes builder_->StackCheck
to segfault.

R=titzer@chromium.org

TEST=mjsunit/regress/wasm/loop-stack-check

Review-Url: https://codereview.chromium.org/2416873002
Cr-Commit-Position: refs/heads/master@{#40271}
2016-10-13 14:33:11 +00:00
clemensh
e902b69d88 [wasm] Stack inspection support for asm.js frames
This CL fixes the debugger interface to provide correct (high-level)
information for asm.js frames.
It moves the computation of the source position from the FrameInspector
to the individual StackFrame implementations, such that we can easily
specualize it for certain frame types, and can potentially reuse this
in other locations.

Also, we are finalizing the setup of the wasm module earlier, before
executing the start function. This is required for correct stack traces
during the execution of the start function.

R=titzer@chromium.org, yangguo@chromium.org
BUG=v8:4203

Review-Url: https://codereview.chromium.org/2413693003
Cr-Commit-Position: refs/heads/master@{#40268}
2016-10-13 13:55:07 +00:00
neis
dafe6867f3 [modules] Implement @@iterator on namespace objects.
As part of this, introduce a new JSObject for iterating over the elements of a
FixedArray.

R=adamk@chromium.org,bmeurer@chromium.org
TBR=ulan@chromium.org
BUG=v8:1569

Review-Url: https://codereview.chromium.org/2407423002
Cr-Commit-Position: refs/heads/master@{#40265}
2016-10-13 13:35:06 +00:00
jgruber
33a4faa47d [regexp] Port RegExp.prototype[@@replace]
This moves the implementation of @@replace from regexp.js to builtins-regexp.cc
(the TurboFan fast path) and runtime-regexp.cc (slow path). The fast path
handles all cases in which the regexp itself is an unmodified JSRegExp
instance, the given 'replace' argument is not callable and does not contain any
'$' characters (i.e. we are doing a string replacement).

BUG=v8:5339

Review-Url: https://codereview.chromium.org/2398423002
Cr-Commit-Position: refs/heads/master@{#40253}
2016-10-13 11:27:50 +00:00
jgruber
e89eef3029 [regexp] Fix fallback path in RegExpExec
This fixes the code-path in RegExpExec in which both the passed exec
argument and regexp.exec are not callable and regexp is a JSRegExp.

In this case, we fall back to the default RegExp.prototype.exec
implementation. The arguments for Execution::call were incorrect.

BUG=v8:5339

Review-Url: https://codereview.chromium.org/2415073002
Cr-Commit-Position: refs/heads/master@{#40249}
2016-10-13 10:43:32 +00:00
verwaest
2325ad7e62 Allow lazy parsing of eval-created functions
I don't see a reason why we can't benefit from preparsing such functions. We don't necessarily compile them, so fully parsing them when unnecessary is just additional overhead.

BUG=v8:5501

Review-Url: https://codereview.chromium.org/2413213002
Cr-Commit-Position: refs/heads/master@{#40248}
2016-10-13 10:08:18 +00:00
ahaas
0e1f6d8bfc [wasm] Do not create TF nodes during verification
BUG=chromium:654377
TEST=mjsunit/regress/wasm/regression-654377
R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2403013002
Cr-Commit-Position: refs/heads/master@{#40246}
2016-10-13 08:21:47 +00:00
gsathya
bacd0db4f2 [mjsunit] remove unnecessary AsyncFunction
Review-Url: https://codereview.chromium.org/2405173005
Cr-Commit-Position: refs/heads/master@{#40236}
2016-10-12 18:35:24 +00:00
dschuff
9b55c07698 Imported and defined globals share an index space, but previously the decoder clobbered the imported global indices with the defined globals.
BUG=none

Review-Url: https://codereview.chromium.org/2410953003
Cr-Commit-Position: refs/heads/master@{#40230}
2016-10-12 15:19:41 +00:00
clemensh
5d9fa102a7 [wasm] Provide better stack traces for asm.js code
For the asm.js to WASM pipeline, the current stack traces only show
low-level WASM information.
This CL maps this back to asm.js source positions.
It does so by attaching the asm.js source Script to the compiled WASM
module, and emitting a delta-encoded table which maps from WASM byte
offsets to positions within that Script. As asm.js code does not throw
exceptions, we only store a mapping for call instructions.

The new AsmJsWasmStackFrame implementation inherits from
WasmStackFrame, but contains the logic to provide the source script and
the position inside of it.
What is still missing is the JSFunction object returned by
CallSite.getFunction(). We currently return null.

R=jgruber@chromium.org, titzer@chromium.org
BUG=v8:4203

Review-Url: https://codereview.chromium.org/2404253002
Cr-Commit-Position: refs/heads/master@{#40205}
2016-10-12 09:17:28 +00:00
ishell
9a0109d72e [crankshaft] Range analysis should not rely on overflowed ranges.
BUG=chromium:645438

Review-Url: https://codereview.chromium.org/2412853002
Cr-Commit-Position: refs/heads/master@{#40202}
2016-10-12 09:06:32 +00:00
bmeurer
edfe391ef5 [turbofan] Fix effect chain for polymorphic array access.
We accidently dropped the effect on the floor that we have for the
polymorphic map check in case of array elements access.

BUG=chromium:655004
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2411273002
Cr-Commit-Position: refs/heads/master@{#40201}
2016-10-12 08:31:55 +00:00
adamk
1eaf2927ba Change TF regression test to not trigger tons of allocation
Instead of allocating an ArrayBuffer in the test, use a different example
from the original bug.

R=bmeurer@chromium.org
BUG=chromium:644631, v8:5504

Review-Url: https://codereview.chromium.org/2408403002
Cr-Commit-Position: refs/heads/master@{#40195}
2016-10-12 07:33:29 +00:00
bmeurer
a4f37da86f [turbofan] Respect ConsString invariant.
For ConsString, the left hand side must be either sequential or external
if the right hand side is empty.

R=jarin@chromium.org
BUG=chromium:654723
NOTRY=true

Review-Url: https://codereview.chromium.org/2410893003
Cr-Commit-Position: refs/heads/master@{#40192}
2016-10-12 07:00:52 +00:00
adamk
d4c4618174 Remove --harmony-for-in flag which is always false
The ES spec has been updated to include this legacy syntax in Annex B:
https://tc39.github.io/ecma262/#sec-initializers-in-forin-statement-heads

R=neis@chromium.org
BUG=v8:4942

Review-Url: https://codereview.chromium.org/2407863003
Cr-Commit-Position: refs/heads/master@{#40189}
2016-10-11 23:20:58 +00:00
titzer
ff6941966e [wasm] Canonicalize function signature indices for matching in indirect calls.
R=bradnelson@chromium.org, ahaas@chromium.org, clemensh@chromium.org
BUG=chromium:575167

Review-Url: https://codereview.chromium.org/2403093002
Cr-Commit-Position: refs/heads/master@{#40169}
2016-10-11 12:40:33 +00:00
petermarshall
08217e45a7 [builtins] Move StringStartsWith to a C++ builtin.
BUG=v8:5364

Review-Url: https://codereview.chromium.org/2407173002
Cr-Commit-Position: refs/heads/master@{#40165}
2016-10-11 11:36:12 +00:00
petermarshall
5af6ec76b2 [builtins] Move StringEndsWith to a C++ builtin.
BUG=v8:5364

Review-Url: https://codereview.chromium.org/2406873002
Cr-Commit-Position: refs/heads/master@{#40164}
2016-10-11 11:28:12 +00:00
jgruber
effb8def76 [regexp] Skip regexp-property-lu-ui test in gc-stress
This test is timing out in gc-stress mode since RegExp.prototype.test
was moved to C++. RE.proto.test will be improved shortly, and this test
should be reenabled then.

BUG=v8:5339
NOTRY=true

Review-Url: https://codereview.chromium.org/2407133002
Cr-Commit-Position: refs/heads/master@{#40150}
2016-10-11 07:19:45 +00:00
yangguo
0d8e52123e [Math] implement Math.random as TFJ builtin.
R=bmeurer@chromium.org
BUG=v8:5049, v8:5086

Review-Url: https://codereview.chromium.org/2402363002
Cr-Commit-Position: refs/heads/master@{#40149}
2016-10-11 06:47:15 +00:00
bradnelson
b884a51ff2 Re-enable fasta on gc_stress.
BUG=v8:5053
TEST=None
R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2395333003
Cr-Commit-Position: refs/heads/master@{#40136}
2016-10-10 17:59:32 +00:00
neis
9606a938a6 [modules] Extend a namespace test.
Extend a test of namespace imports such that it accesses the object inside a
with statement (inside a sloppy function).

Drive-by-fix: remove duplicate initialization of embedder data (probably due to
bad merge).

R=adamk@chromium.org
BUG=v8:1569

Review-Url: https://codereview.chromium.org/2405603003
Cr-Commit-Position: refs/heads/master@{#40129}
2016-10-10 16:56:36 +00:00
petermarshall
8b48aa1cda [builtins] Move StringIncludes to a builtin.
Also add a test for when the first argument is null or undefined, as there are no tests that cover this currently.

BUG=v8:5364

Review-Url: https://codereview.chromium.org/2399423003
Cr-Commit-Position: refs/heads/master@{#40127}
2016-10-10 15:01:32 +00:00
mtrofin
b75a0c4a55 [wasm] Fix wasm instantiation flakes
The spurious failures were caused by the compiled module
template and its corresponding owning object getting out of
sync due to memory allocations (which may trigger GC)
between the points each were fetched.

Specifically, the {original} was first obtained; then a GC
may happen when cloning the {code_table}. At this point,
the {original}'s owner may have been collected, getting us
down the path of not cloning. When time comes to patch up
globals, we incorrectly try to patch them assuming the
global start is at 0 (nullptr), which in fact it isn't.

This change roots early, in a GC-free area, both objects.
Additionally, it avoids publishing to the instances chain
the new instance until the very end. This way:
- the objects used to create the new instance offer a
consistent view
- the instances chain does not see the object we try to
form. If something fails, we can safely retry.
- since the owner is rooted, the state of the front of the
instances chain stays unchanged - with the same compiled
module we started from. So the early belief that we needed
to clone is not invalidated by any interspersed GC.

This situation suffers from a sub-optimality discussed in
the design document, in that, in a memory constrained
system, the following snippet may surprisingly fail:

var m = new WebAssembly.Module(...);
var i1 = new WebAssembly.Instance(m);
i1 = null;
var i2 = new WebAssembly.Instance(m); //may fail.

This will be addressed subsequently.

BUG=v8:5451

Review-Url: https://codereview.chromium.org/2395063002
Cr-Commit-Position: refs/heads/master@{#40126}
2016-10-10 14:53:58 +00:00
titzer
d20dabb090 [wasm] Base address for data segments can also be the value of a global variable.
R=rossberg@chromium.org
BUG=chromium:575167
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux64_msan_rel

Committed: https://crrev.com/640ae3f9d20dcae915dbfa978bf48944cd4d0dc3
Review-Url: https://codereview.chromium.org/2403823002
Cr-Original-Commit-Position: refs/heads/master@{#40121}
Cr-Commit-Position: refs/heads/master@{#40125}
2016-10-10 14:42:10 +00:00
machenbach
a6fb296a78 Revert of [wasm] Base address for data segments can also be the value of a global variable. (patchset #1 id:1 of https://codereview.chromium.org/2403823002/ )
Reason for revert:
msan not happy:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/11332

Original issue's description:
> [wasm] Base address for data segments can also be the value of a global variable.
>
> R=rossberg@chromium.org
> BUG=chromium:575167
>
> Committed: https://crrev.com/640ae3f9d20dcae915dbfa978bf48944cd4d0dc3
> Cr-Commit-Position: refs/heads/master@{#40121}

TBR=rossberg@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:575167

Review-Url: https://codereview.chromium.org/2402373002
Cr-Commit-Position: refs/heads/master@{#40123}
2016-10-10 14:12:52 +00:00
titzer
640ae3f9d2 [wasm] Base address for data segments can also be the value of a global variable.
R=rossberg@chromium.org
BUG=chromium:575167

Review-Url: https://codereview.chromium.org/2403823002
Cr-Commit-Position: refs/heads/master@{#40121}
2016-10-10 13:26:26 +00:00
marja
e474e5ffc8 PreParsing inner functions: Fix declaration-only variables, part 2.
If an inner function only declares a variable but doesn't use it, Parser
and PreParser produced different unresolved variables, and that confused
the pessimistic context allocation.

This is continuation to https://codereview.chromium.org/2388183003/

This CL fixes more complicated declarations (which are not just one
identifier). For this, PreParser needs to accumulate identifiers used
in expressions.

In addition, this CL manifests FLAG_lazy_inner_functions in tests, so that
we get clusterfuzz coverage for it.

BUG=chromium:650969, v8:5501

Review-Url: https://codereview.chromium.org/2400613003
Cr-Commit-Position: refs/heads/master@{#40112}
2016-10-10 09:22:34 +00:00
bmeurer
f6bd23f244 [turbofan] Enforce native context specialization.
There were once plans to generate cross-context code with TurboFan,
however that doesn't fit into the model anymore, and so all of this
is essentially dead untested code (and thus most likely already broken
in subtle ways). With this mode still in place it would also be a lot
harder to make inlining based on SharedFunctionInfo work.

BUG=v8:2206,v8:5499
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2406803002
Cr-Commit-Position: refs/heads/master@{#40109}
2016-10-10 05:53:51 +00:00
neis
57ba0ae10e [modules] Implement namespace imports.
This implements namespace imports (import * as foo from "bar"), except for the
@@iterator property on namespace objects (to be done later).

R=adamk@chromium.org
BUG=v8:1569

Review-Url: https://codereview.chromium.org/2388153003
Cr-Commit-Position: refs/heads/master@{#40096}
2016-10-07 19:37:28 +00:00
machenbach
b072d014d8 [test] Skip more flaky wasm tests for gc stress
BUG=v8:5451,v8:5496
TBR=mtrofin@chromium.org, titzer@chromium.org, ahaas@chromium.org
NOTRY=true
NOTREECHECKS=true

Review-Url: https://codereview.chromium.org/2399343003
Cr-Commit-Position: refs/heads/master@{#40091}
2016-10-07 16:36:57 +00:00
titzer
e3ff4cf8c9 [wasm] Implement importing of WebAssembly.Memory.
R=mtrofin@chromium.org,gdeepti@chromium.org
BUG=chromium:575167

Review-Url: https://codereview.chromium.org/2392943006
Cr-Commit-Position: refs/heads/master@{#40076}
2016-10-07 09:34:27 +00:00
gdeepti
19dab886a4 [wasm] Simd128 types should not be available in asmjs modules.
- Added gating code in the module-decoder to allow SIMD code only when
 it can be decoded correctly
 - SIMD128 values should not be exported to JS
 - Try/Catch should not be available in asmjs modules
 - Trivial fixes for S128  values

BUG=chromium:648079

R=ahaas@chromium.org, titzer@chromium.org, bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2400863003
Cr-Commit-Position: refs/heads/master@{#40067}
2016-10-07 07:52:19 +00:00
adamk
3aeaf49781 [modules] Add basic path normalization to d8's module loader
d8 now elides './' when constructing absolute paths.
'../' is still not normalized.

R=neis@chromium.org
BUG=v8:1569

Review-Url: https://codereview.chromium.org/2393243002
Cr-Commit-Position: refs/heads/master@{#40057}
2016-10-06 19:32:37 +00:00
gsathya
9d836ec64a [promises] fix deferred object leak
This patch sets `this` to be undefined when calling resolve and reject
functions attached to the deferred.

BUG=v8:5476

Review-Url: https://codereview.chromium.org/2399053003
Cr-Commit-Position: refs/heads/master@{#40056}
2016-10-06 18:29:35 +00:00
titzer
e97ca6ec47 [wasm] Refactor import handling for 0xC.
Imports and exports in 0xC can be much more than functions, including
tables, memories, and globals. This CL refactors the underlying
organization of imports and exports to support these new import types.

BUG=

Committed: https://crrev.com/599f8a83420346d9cba5ff97bd2a7520468207b6
Review-Url: https://codereview.chromium.org/2390113003
Cr-Original-Commit-Position: refs/heads/master@{#40033}
Cr-Commit-Position: refs/heads/master@{#40050}
2016-10-06 15:43:22 +00:00
hablich
3b1b544c20 Revert of [wasm] Refactor import handling for 0xC. (patchset #10 id:180001 of https://codereview.chromium.org/2390113003/ )
Reason for revert:
Failes a few GC stress tests.https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20gc%20stress/builds/6253

Original issue's description:
> [wasm] Refactor import handling for 0xC.
>
> Imports and exports in 0xC can be much more than functions, including
> tables, memories, and globals. This CL refactors the underlying
> organization of imports and exports to support these new import types.
>
> BUG=
>
> Committed: https://crrev.com/599f8a83420346d9cba5ff97bd2a7520468207b6
> Cr-Commit-Position: refs/heads/master@{#40033}

TBR=mtrofin@chromium.org,ahaas@chromium.org,bradnelson@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2395133002
Cr-Commit-Position: refs/heads/master@{#40038}
2016-10-06 13:43:23 +00:00
titzer
599f8a8342 [wasm] Refactor import handling for 0xC.
Imports and exports in 0xC can be much more than functions, including
tables, memories, and globals. This CL refactors the underlying
organization of imports and exports to support these new import types.

BUG=

Review-Url: https://codereview.chromium.org/2390113003
Cr-Commit-Position: refs/heads/master@{#40033}
2016-10-06 12:30:50 +00:00
jarin
5d6b514192 Reland of "[turbofan] Osr value typing + dynamic type checks on entry. (patchset #5 id:80001 of https://codereview.chromium.org/2384113002/ )"
Fixes:

- Remove OsrGuards on frame specialization (for asm.js).
- Handle the rename in the walk for native context.
- Fix LoadContext effect wiring for Osr context chains.

Review-Url: https://codereview.chromium.org/2388303006
Cr-Commit-Position: refs/heads/master@{#40021}
2016-10-06 06:42:29 +00:00
bradnelson
e901ccdd18 [wasm] [asm.js] Fix asm.js issues around floating point globals.
Allow fround to take values without dots for globals (the spec allows this
subtly).

Drop over-restrictive assert preventing floating point globals from working.

BUG=v8:4203
R=jpp@chromium.org,aseemgarg@chromium.org

Review-Url: https://codereview.chromium.org/2397823003
Cr-Commit-Position: refs/heads/master@{#40013}
2016-10-05 19:46:25 +00:00
mstarzinger
c22e4278ec [interpreter] Module tests in all Ignition variants.
This makes sure we run the module tests against all variants using
Ignition as the first compilation tier. It will henceforth extend the
test coverage to the BytecodeGraphBuilder as well.

R=neis@chromium.org

Review-Url: https://codereview.chromium.org/2397733002
Cr-Commit-Position: refs/heads/master@{#39992}
2016-10-05 13:06:09 +00:00