This checks the type signature during import against the expected
signature. For this the {WasmExceptionObject} now contains a serialized
version of the signature.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-import
BUG=v8:8091
Change-Id: I5a34ef87eccf4d2ed3a784620796ec009623fd90
Reviewed-on: https://chromium-review.googlesource.com/1219509
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55789}
There was a bug in WebAssembly.instantiate in the case where a CSP
disallows WebAssembly compilation. In this case the promise returned by
WebAssembly.instantiate was rejected immediately because of the CSP,
but then compilation was started anyways, and the promise was resolved
after compilation for a second time, which caused the crash. With this
CL we do not start compilation if CSP disallows WebAssembly compilation.
R=clemensh@chromium.org
Bug: chromium:881978
Change-Id: Iffdb3e02c3006eb7f86211ab197f81cf20438f0e
Reviewed-on: https://chromium-review.googlesource.com/1219706
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55788}
Use v8_executable instead of executable for
bytecode_builtins_list_generator so that coverage link flags should be
picked up too.
Bug: v8:8068
Change-Id: I260e4de3485a78d3b3a3455441837e1a5936aa25
Reviewed-on: https://chromium-review.googlesource.com/1219326
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55787}
This enables cctest, unittests, fuzzer and inspector on Android.
The cctest suite requires extra resource-fetching logic for the
bytecode-generator expectation files.
Bug: chromium:866862
Cq-Include-Trybots: luci.v8.try:v8_android_arm64_n5x_rel_ng
Change-Id: If3da853a62c047388476a7f38e32e64e2859f186
Reviewed-on: https://chromium-review.googlesource.com/1213208
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55784}
This reverts commit 6afe7d1815.
Reason for revert: Failures (-2e+66 vs. -2e+66): https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20debug/22148
Original change's description:
> [Liftoff] Implement f32.copysign and f64.copysign
>
> These are two of the few missing instructions. This CL implements them
> for ia32 and x64, and bails out on other platforms.
> On x64, we are using the BTR instruction since we cannot have 64-bit
> immediates.
>
> Drive-by: Fix naming of existing bt/bts instructions on x64.
>
> R=titzer@chromium.org
>
> Bug: v8:6600
> Change-Id: Ib8532ca811160cd61f4ba7c06b04ce093861c872
> Reviewed-on: https://chromium-review.googlesource.com/1174383
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55780}
TBR=titzer@chromium.org,clemensh@chromium.org
Change-Id: I4377c13346b42b65e8db04cbd15fc2f906113f65
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6600
Reviewed-on: https://chromium-review.googlesource.com/1219446
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55783}
These are two of the few missing instructions. This CL implements them
for ia32 and x64, and bails out on other platforms.
On x64, we are using the BTR instruction since we cannot have 64-bit
immediates.
Drive-by: Fix naming of existing bt/bts instructions on x64.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ib8532ca811160cd61f4ba7c06b04ce093861c872
Reviewed-on: https://chromium-review.googlesource.com/1174383
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55780}
The macro has been deprecated since 2016, and it keeps confusing me, so
let's just remove it completely from the code base.
R=leszeks@chromium.orgTBR=mstarzinger@chromium.org, verwaest@chromium.org, jgruber@chromium.org
Bug: v8:8015
Change-Id: Ibe1122fd9d2624bc94873d9c51dc8499c54a04fd
Reviewed-on: https://chromium-review.googlesource.com/1209322
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55779}
This adds the ability to import exception into a module at instantiation
time. Only a {WasmExceptionObject} that has been exported by another
module instance can be imported, all other values are rejected.
Note that currently there is no signature check being performed to make
sure the imported exception matches the expected type. Also the identity
of imported exceptions is not yet preserved.
Furthermore the engine does not yet match thrown exception objects on a
global level across modules. Hence imported exceptions will (wrongly)
behave as completely new types within the module.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-import,unittests/WasmModuleVerifyTest
BUG=v8:8091
Change-Id: If247762b949a1ba4a87d13bc3e790a45dbc67815
Reviewed-on: https://chromium-review.googlesource.com/1216402
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55777}
This patch removes unnecessary copies and adds reserves to vectors that
are filled in a loop afterwards. Fixing clang-tidy warning.
Bug: v8:8015
Change-Id: I4e13c0445a9760e09ef03a62ae48be622ebecc6b
Reviewed-on: https://chromium-review.googlesource.com/1209783
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55776}
Manually roll ICU to 7ca3ffa to pick up an upstream fix for quarter handling.
Remove the hack that prevent unexpected behavior in ICU
and remove the skip of failing tests.
Bug: v8:8151,v8:7869
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ic9a56679bf1eb9dc18c739161838d518fd664d6f
Reviewed-on: https://chromium-review.googlesource.com/1214522
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55774}
Moves some functions that used to be simple, but now do more complex logic
out of the inlined headers into .cc to avoid having to export all the
functions they depend on as V8_PRIVATE_EXPORT for tests. Also mark them
as V8_PRIVATE_EXPORT for tests along with a couple in ast.h
BUG=v8:8041
Change-Id: I6e94ca160cd3d84a0d1b099167a7b9862f08b122
Reviewed-on: https://chromium-review.googlesource.com/1216642
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55772}
This inserts unreachable node after uncoditional deopt in bit-to-word
conversion and wires it as an input to the dead-value.
This fixes a problem, where a floating dead-value was inserted by a change
of bit-to-word (which always fails because bit cannot be converted to word).
Without the unrachable node (which this CL inserts in the effect chain after
deopt), the dead value was scheduled before the uncoditional deoptimization
and crash at runtime.
Unfortunately, I do not know how to construct a test that does not end up in
an infinite loop.
Bug: chromium:878805
Change-Id: Ia03060949f6a9b914807f5614fadcf2271911998
Reviewed-on: https://chromium-review.googlesource.com/1196663
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55770}
This CL adds a new "Call" stub that can be used by builtins that will
call the same JS call-back function often (e.g. compare function in
Array.p.sort). The checks have to be done upfront once, but can then
be omitted.
R=jgruber@chromium.org
Bug: v8:7861
Change-Id: Id6e4ca27c3d488a7b1f708cbcb4cbe6cc382513e
Reviewed-on: https://chromium-review.googlesource.com/1208574
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55769}
The ICU API for maximizing and minimizing a locale ID takes ICU format locale id as an input
so that a BCP 47 language tag must be converted to the corresponding ICU locale id.
Bug: v8:7982
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I1cb1dacbf057bbc8bb8beb9b62d1ec4becd82624
Reviewed-on: https://chromium-review.googlesource.com/1150934
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55768}
In many cases, the condition already explains the assertion and a string
message clutters the code without adding value. This wrapper macro is
actually very useful in such cases.
Change-Id: I44f27c1c9255f5fc80453c92565f07f8f3cbacae
Reviewed-on: https://chromium-review.googlesource.com/1216183
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55767}
The motivation behind this change is that the WasmArgumentsAdaptor
builtin needed too many registers on ia32 and was blocking work on
adding a root register.
Bug: v8:6666
Change-Id: I9d39af96e8520acc092f5ef4b7f0a159fe4e3b12
Reviewed-on: https://chromium-review.googlesource.com/1209788
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55761}
To support all possible cases, we must limit the number of register
args for TFS builtins on ia32 to 3. Out of the 6 allocatable
registers, esi is taken as the context register and ebx is the root
register. One register must remain available to store the jump/call
target. Thus 3 registers remain for arguments.
The reason this applies to TFS builtins specifically is because this
becomes relevant for builtins used as targets of Torque function
pointers (which must have a register available to store the target).
Bug: v8:6666
Change-Id: I17d9450cc29c983ddaffc2deb36f45c1c414e166
Reviewed-on: https://chromium-review.googlesource.com/1209287
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55759}
Previously the builtins table had a value for every single
OperandScale/Bytecode combination regardless of whether it was valid.
This change makes it so that only valid bytecode handlers are stored in
the builtins table. This prevents placeholders being serialized into the
snapshot (and embedded into the binary) saving 9KB in
CODE_SPACE/OLD_SPACE and 2.5KB in the embedded data as well as 66
entries in the builtins table.
To do this, it generates a new header file bytecodes-builtins-list.h
which is created from the BYTECODE_LIST and OPERAND_SCALE_LIST macros.
Since list macros cannot be used to conditionally generate elements in
the C-preprocessor, this is done by generator executable, compiled from
interpreter/generate-flat-headers.cc.
Additionally the generator creates the flat bytecode list so that it is
transposed from the previous result, i.e. the results are grouped by
bytecode and then operand scale rather than operand scale then bytecode.
This should give better locality for commonly used bytecodes and may
allow less commonly used ExtraWide bytecodes to never be mapped into
memory at all.
The cost to storing the handlers densely is that looking up a handler
now requires a binary search through the builtins table, but this should
only happen during debugging. It is also fixable at least for non-wide
handlers and could be improved for wide ones if the need arises.
Bug: v8:8068
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iaad22a952e2858f508030c5ddc082f91bf59f667
Reviewed-on: https://chromium-review.googlesource.com/1209304
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55757}
- Provide MapData::SerializeDescriptors method for serializing the whole
descriptor array.
- Trigger this in JSObjectData::SerializeAsBoilerplate.
- Further make things more consistent across the broker.
Bug: v8:7790
Change-Id: Ie6499da8857f7c6561f7c44922aeffcea4876be7
Reviewed-on: https://chromium-review.googlesource.com/1199102
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55756}
- Provide getters for all member variables.
- Add missing flags for cycle detection.
- Be more consistent in stylistic matters.
Bug: v8:7790
Change-Id: I87c3901b203acc4254ec48f5cc895b2e68ff32aa
Reviewed-on: https://chromium-review.googlesource.com/1196431
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55755}
Issues that caused failure of this test have been resolved with commit
https://chromium-review.googlesource.com/c/v8/v8/+/1213183, so it can
be re-enabled.
Change-Id: I441998e5e63fce7a7e718b593c8e58a71841b78e
Reviewed-on: https://chromium-review.googlesource.com/1215168
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Sreten Kovacevic <skovacevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#55754}
This new instance type will be used for wrapper objects representing
exported exceptions. Currently the objects are empty and only serve as
an identity for exported exceptions. Eventually they will also need to
reference the signature underlying the exception to perform a signature
check upon import.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-import
BUG=v8:8091
Change-Id: Ifdd561fc000090f4a985aeb45549fd7110849646
Reviewed-on: https://chromium-review.googlesource.com/1215166
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55752}
* Enable Liftoff wasm cctests on BE for mips and mips64
* Fix issues that were introduced with these tests and that are
linked with Load/Store instructions
* Change endianness on GetGlobal and SetGlobal, as done in TF
* Skip I32Binop tests that fail with OOM error and seem to not be
related directly to this task
Bug: v8:6600
Change-Id: Ib62ca5e3c681326d28e70a5157d8646e0c8d0b51
Reviewed-on: https://chromium-review.googlesource.com/1213183
Commit-Queue: Sreten Kovacevic <skovacevic@wavecomp.com>
Reviewed-by: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55751}
This CL makes sure, that logical operators (||, &&) always have return
type never. Together with a check that never is never passed as a
function argument, this prevents faulty evaluation as in !(x || y).
Before, the logical operators had a behavior similar to
(bool labels Taken, NotTaken), with a fast exit if the left-hand side
allowed shor-circuit evaluation, but returning the right-hand side
otherwise. Since we want to allow existing (a || b || c) patterns in
the codebase, this requires weakening the restriction that the left-
and right-hand side need to have the same type. Now the possibilites
are:
bool, never
never, bool
never, never
bool, bool
constexpr bool, constexpr bool
Bug: v8:8137
Change-Id: I9576b337dc4008ac58b4625e77fef4e73bcdd6e3
Reviewed-on: https://chromium-review.googlesource.com/1215162
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55750}
If there are many workers and we are very unlucky, the cmpxchg loop can
in fact fail for more than 5 times. This CL removes this unneeded
limitation to avoid spurious failures.
R=mstarzinger@chromium.org
Bug: chromium:824443
Change-Id: I0a6adde1330c8a8389a42b36bf44e516fae8c574
Reviewed-on: https://chromium-review.googlesource.com/1213170
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55749}
This CL fixes a bug that allowed calls to Array.p.shift on
zero-length arrays where the 'length' is read-only without throwing
a TypeError.
R=bmeurer@chromium.org, jgruber@chromium.org
Bug: chromium:882233
Change-Id: Ib129ab4c4f4f233e7bb553effa77539badfbe26e
Reviewed-on: https://chromium-review.googlesource.com/1215164
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55746}
It used to call the old IterableToList, which had the wrong
semantics for holes.
Bug: v8:8133
Change-Id: Idd5acd55a155bc43df7552135a44151bb2db38e9
Reviewed-on: https://chromium-review.googlesource.com/1213204
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55745}
This will replace "<?>" in certain debug output with the empty string.
There should be no end-user visible changes, though.
Change-Id: I80db2f2169532c600662977025185378004f7cd5
Reviewed-on: https://chromium-review.googlesource.com/1213188
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55742}