This seems to be a merge error. The if moved down by a few lines and
now actually implements the bounds check instead of bailing out.
Taking it out revealed a bug where we were trying to access the lowest
8 bits on a register where this is not allowed on ia32, thus a few
more changes were needed in this CL.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ib1ef131a12df050302ae50115493a1fcd8323fe5
Reviewed-on: https://chromium-review.googlesource.com/852734
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50422}
Port fba4cdf16c
Original Commit Message:
This patch breaks out bailout reasons into two enum classes.
This helps save 3 bits on the SharedFunctionInfo as we don't have to
track the abort reasons.
R=gsathya@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ib2b2ce10b2f1ef6380193964aa9d868168fe129a
Reviewed-on: https://chromium-review.googlesource.com/855016
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#50419}
This is a reland of 9c79b37aa7
Original change's description:
> [wasm] use allocation tracker to track reserved address space
>
> This is a step towards falling back on bounds checks when there are too many
> guarded Wasm memories.
>
> Bug: v8:7143
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I01916cbdd5ddb08fe1d946ab83b801f37a8fe1c6
> Reviewed-on: https://chromium-review.googlesource.com/832944
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50390}
Bug: v8:7143
Change-Id: Iaf0d22d300a3f2da22649552a17162dcf7bc608b
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/853142
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50418}
This is just a rebased version of
https://chromium-review.googlesource.com/c/v8/v8/+/571453 with
no functional changes
Bug: v8:6889
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ia082cc09ca527505b288ac88e68e0b74eae94765
Reviewed-on: https://chromium-review.googlesource.com/849423
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50417}
This causes issues when running tools/node/fetch_deps.py on systems without
gyp as pre-installed python module. And we do not even need to do this for
building for node (with GN).
R=machenbach@chromium.org
Bug: v8:6105
Change-Id: If0089dedf176bb509b9fd000e5fe829f8a32bac6
Reviewed-on: https://chromium-review.googlesource.com/852458
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50416}
This fixes two issues with --trace-wasm-decoder and --trace-liftoff.
First, cache state tracing in liftoff only makes sense together with
--trace-wasm-decoder, so disable it otherwise.
Second, we were sometimes hitting a DCHECK with --trace-wasm-decoder on
functions which bailed out to Turbofan, since the bailout was resetting
the end pointer of the decoder to the current pc.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ib4e052a1cdec6389b12b4a0ea57f07c031324ed5
Reviewed-on: https://chromium-review.googlesource.com/853493
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50415}
GetProperty CSA implementation bailouts prototype lookup when the
holder is a typed array, which is to handle integer indexed exotic
cases. However, this strict condition made too much overheads for
search of common names such as "constructor". This CL checks the
first character of a name, and do not bailout if we are sure that
the name cannot be a special index.
Bug: v8:4911, v8:7161
Change-Id: I2229ff3bebe14a452718e0b1f8354bb05437c09c
Reviewed-on: https://chromium-review.googlesource.com/842963
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50414}
In order to remove the CALL_GENERATED_CODE macro, it helps a lot to
unify the interfaces of the simulators and make the Call method variadic
in the number of arguments.
This CL does that for each simulator. A follow-up CL will then
completely remove the CALL_GENERATED_CODE macro and replace uses with
the (new) GeneratedCode wrapper.
R=mstarzinger@chromium.org
Bug: v8:7182
Change-Id: I1f81445ec2faba30f0bd233b022ae1f0fae4e96f
Reviewed-on: https://chromium-review.googlesource.com/850873
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50413}
Add a counter to measure the pure liftoff compile time. With background
compilation, the reported result will roughly match the cpu time, not
wall-clock time.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I9c76673a4cbe833de5b41a23d09892f577401374
Reviewed-on: https://chromium-review.googlesource.com/853859
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50412}
And apply a minor change: the {end_offset} is currently always >= 1, and
we sometimes use {end_offset - 1}. Change this to compute the
{end_offset} to be one less than before, and use {Uint32LessThan}
instead of {Uint32LessThanOrEqual}.
This matches the documentation I added and makes reasoning about the
correctness of the checks easier (at least for me).
R=titzer@chromium.org
Change-Id: I9a18ad5c72895cbadb6593cb74d6edc24f9ab032
Reviewed-on: https://chromium-review.googlesource.com/852145
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50411}
For simplicity, we currently use the approach to do all computations
and bounds checks on 32 bit values, and only convert to pointer size
right before using the value as memory offset.
Unfortunately, there are still cases left where we use 32-bit values
for 64-bit operations, which can lead to subtle bugs.
This CL hopefully fixes the last of these bugs.
R=titzer@chromium.org
Bug: v8:7257
Change-Id: I8d340f83ad17925c0d18d4e788350ef6101786ea
Reviewed-on: https://chromium-review.googlesource.com/852299
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50409}
This prints nicer error messages for checks like
"DCHECK_EQ(reg1, reg2)", and also splits cache state tracing into
one method for printing the overall state, one for printing each slot,
and one for printing the register.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I36e83ba2542986dd8ad17dbfe7cbb8df54a56755
Reviewed-on: https://chromium-review.googlesource.com/853495
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50407}
When generating code, store the vector of protected instruction data
as unique_ptr. It only becomes a shared_ptr once ownership has been
transferred to the NativeModule, because it can be shared between
different instances of the same function.
Drive-by: Remove dead accessor in PipelineData.
R=ahaas@chromium.org
Change-Id: I7571b32bf89f3c816683c5a77ac08fe8c22eb968
Reviewed-on: https://chromium-review.googlesource.com/853496
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50404}
This is needed to ensure that code can be interrupted. It will be
covered by a test once we support if-constructs in Liftoff.
Drive-by: Separate handling of blocks and loops, as there is only one
line in common.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: Ic22ca5e65c8d03a5d504289ec2a9e30cb97dc220
Reviewed-on: https://chromium-review.googlesource.com/853858
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50403}
The tests generated by --wasm-fuzzer-gen-test did not encode the locals
of functions yet. This CL fixes that.
A bit of care has to be taken to ensure that the locals are generated
in exactly the same order as in the module generated by the fuzzer.
This requires calling {addLocals} several times.
R=ahaas@chromium.org
Change-Id: I95237b0baef0731b6c164fddc8f12fa6f478e220
Reviewed-on: https://chromium-review.googlesource.com/848832
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50402}
This ensure that once features are added for other platform, we don't
forget to implement all platform specific methods that are then being
used.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: I4cc948da280fdb63da1938edc6b391d180b88cad
Reviewed-on: https://chromium-review.googlesource.com/853494
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50401}
Test case generation produced unusable output if the module contains
more than one function. Also, it was unnecessarily scattered around
several places in the code.
This CL consolidates test case generation in one method in the fuzzer,
and supports multiple functions with different signatures.
R=ahaas@chromium.org
Change-Id: I8bea71b0d69bb69d8bbe50002c6c7616a0a1941b
Reviewed-on: https://chromium-review.googlesource.com/847515
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50400}
Test processors can be enabled with --infra-staging flag.
Rerunning tests, execution and verbose progress indicator already
work as test processors.
Bug: v8:6917
Change-Id: I40fc42db94dbc8629e8000a3d363030045532fe3
Reviewed-on: https://chromium-review.googlesource.com/850398
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50399}
Bug: chromium:783124
Change-Id: Ie420be3ad05583d8ad999ab1e13e89ada4774028
Reviewed-on: https://chromium-review.googlesource.com/850674
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50398}
Also, remove {FunctionBodyForTesting}, which is only being used once.
Use the constructor directly instead.
R=ahaas@chromium.org
Change-Id: Ieceac41bf62ec2accf1bb39d8334563557c0dbbd
Reviewed-on: https://chromium-review.googlesource.com/847514
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50397}
Bug: v8:7217
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I97b067254355eb91e12b92eba92631cbc3ce8000
Reviewed-on: https://chromium-review.googlesource.com/839280
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50395}
As noted in the attached bug, accurately counting this would require
significant changes to the parser and is thus infeasible.
Bug: v8:7211
Change-Id: I61f14c948f50e0f97e596a9696d72a3570ad588a
Reviewed-on: https://chromium-review.googlesource.com/853214
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50393}
This reverts commit 9c79b37aa7.
Reason for revert: breaks TSAN
https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Linux64_TSAN%2F18959%2F%2B%2Frecipes%2Fsteps%2FCheck%2F0%2Flogs%2Finstance-gc%2F0
Original change's description:
> [wasm] use allocation tracker to track reserved address space
>
> This is a step towards falling back on bounds checks when there are too many
> guarded Wasm memories.
>
> Bug: v8:7143
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I01916cbdd5ddb08fe1d946ab83b801f37a8fe1c6
> Reviewed-on: https://chromium-review.googlesource.com/832944
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50390}
TBR=bbudge@chromium.org,gdeepti@chromium.org,eholk@chromium.org,eholk@google.com
Change-Id: I207b9466377ba50be17794e71407b0ebc8eb88e2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7143
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/853140
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50392}
These tests are gone from upstream.
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ie69be268d493a52e0d64b7bb216f3135dd111188
Reviewed-on: https://chromium-review.googlesource.com/853195
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50391}
This is a step towards falling back on bounds checks when there are too many
guarded Wasm memories.
Bug: v8:7143
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I01916cbdd5ddb08fe1d946ab83b801f37a8fe1c6
Reviewed-on: https://chromium-review.googlesource.com/832944
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50390}
Turns out gclient calls download_from_google_storage, which needs to be
included in PATH.
TBR=machenbach@chromium.org
Bug: v8:6105
Change-Id: I15d44d67152f6fa0d20ae7bc7e44bc5e0393b519
Reviewed-on: https://chromium-review.googlesource.com/852616
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50389}
Fixes nits found by @clemensh after
CL https://chromium-review.googlesource.com/c/v8/v8/+/834670
was committed. That is, the code uses static asserts instead of
assert.
Bug: v8:7226
Change-Id: I5488ec4609d1bee3aafa61a3ff2505f71b06d80d
Reviewed-on: https://chromium-review.googlesource.com/847687
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50388}
Otherwise dynamic linking with dlopen, as is the case with Node.js
addons, would not work.
R=fhinkel@chromium.org
Bug: v8:6105
Change-Id: I5a884afc003fdfdb9de7e9b0c736f1894ba0019a
Reviewed-on: https://chromium-review.googlesource.com/850112
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50384}
This CL removes some magic numbers used to convert floating values into
integer values, and the corresponding comments describing how they were
computed. It replaces these tests with template function is_inbounds()
that makes the compiler automatically generate the appropriate constants
and tests.
Note: This CL only changes the WASM interpreter to use is_inbounds(). Tests
have not yet been updated to guarantee that this change did not break anything.
Note: This change was initialed by a comment by @clemensh in
CL https://chromium-review.googlesource.com/c/v8/v8/+/834670.
Bug: v8:7226
Change-Id: I14c0962eb6ae20cf6647787c006924a208f7ce4a
Reviewed-on: https://chromium-review.googlesource.com/846280
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50383}
This adds the gn flag 'v8_untrusted_code_mitigations', which defaults to
true. If false, the DISABLE_UNTRUSTED_CODE_MITIGATIONS preprocessor
macro will be defined, which sets the default for the
--untrusted-code-mitigations runtime flag to false.
R=machenbach@chromium.org, hablich@chromium.org
CC=bmeurer@chromium.org
Bug: chromium:798964
Change-Id: Ief037e194dc9eeb7fe224b5d414a4ea8e69beb20
Reviewed-on: https://chromium-review.googlesource.com/852074
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50380}
Flags can be passed as "--any_flag" or "--any-flag". It seems that
people generally prefer the second form, but our help outputs the first
one. Avoid confusion by outputting the second form.
R=bmeurer@chromium.org
Change-Id: I21e07a7d2484ae78ccd27736f8373d53eb312818
Reviewed-on: https://chromium-review.googlesource.com/850692
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50376}
Even though kSpecMaxWasmMemoryPages == WasmModule::kPageSize, the
computation {wasm::kV8MaxWasmMemoryPages *
wasm::kSpecMaxWasmMemoryPages} is semantically wrong.
R=titzer@chromium.org
Change-Id: If4a875c714f1ca3c1fc928ec79b8be8aab62e8d0
Reviewed-on: https://chromium-review.googlesource.com/850072
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50375}
This makes the bitcasts that change pointerness effectful so that
they are not accidentally reordered with memory allocation.
Change-Id: I70e820fc0de1adb2a81b52a43bce4d47f2c304b9
Reviewed-on: https://chromium-review.googlesource.com/852052
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50374}
Remove the --extra-masking and --mask-array-index flags. Instead, use
--untrusted-code-mitigations directly.
This also changes the default for these flags: There were off by
default so far, but --untrusted_code_mitigations is on by default.
Store the value of the untrusted_code_mitigations flag in the
CompilationInfo in order to ensure that it stays consistent during the
compilation of one function.
R=jarin@chromium.org, bmeurer@chromium.org, hablich@chromium.orgCC=rmcilroy@chromium.org
Bug: chromium:798964
Change-Id: I15a919e741f0628afa6a6ea1e8274ad0c4399929
Reviewed-on: https://chromium-review.googlesource.com/850412
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50373}
