Commit Graph

610 Commits

Author SHA1 Message Date
Clemens Hammacher
68bec6c3f7 [wasm] Fix serialization of lazily compiled modules
R=mstarzinger@chromium.org

Change-Id: If72df4425633cac8e98f0dd6adb80512e226f251
Reviewed-on: https://chromium-review.googlesource.com/1097323
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53677}
2018-06-12 17:07:36 +00:00
Eric Holk
b984b70c3a [wasm] Fall back on bounds checks when guarded memory unavailable
This CL adds the simplest version of a trap handler fallback. At
instantiation time, we check whether the module was compiled to use
trap handlers and the memory is guarded. If the memory is not guarded
but the module is supposed to use trap handlers, we recompile the
module with bounds checks so that we can use an unguarded memory.

The compiled module is replaced with a bounds checking version, meaning
future instances from this module will also use bounds checks.

Some likely desirable features that are current missing but can be
added future CLs include:
* Disabling trap handler mode entirely.
* Recompiling all old instances so that trap handler and bounds checked
  code does not coexist in the same process.

Bug: v8:7143

Change-Id: I161fc0d544133b07dc4a93cc6af813369aaf3efe
Reviewed-on: https://chromium-review.googlesource.com/1018182
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53566}
2018-06-07 01:29:53 +00:00
Andreas Haas
86a2720763 [test] Make assertThrowsEquals use assertSame
The typical use of assertThrowsEquals is to check that a specific
object is thrown. However, assertEquals only does a proper equality
check for primitive types, not for complex types. Using assertSame
does a reference equality check on objects, which is more what you
would expect from assertThrowsEquals. For exception kind testing,
assertThrowsEquals actually did not work correctly, assertThrows is
better for that case.

R=clemensh@chromium.org, mythria@chromium.org

Change-Id: I24fb22e75fa33ebe90eb4bae40825119a054bba5
Reviewed-on: https://chromium-review.googlesource.com/1087952
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53556}
2018-06-06 14:17:12 +00:00
Clemens Hammacher
dd8356020f [wasm] Add test for printing wasm code after deserialization
R=mstarzinger@chromium.org

Bug: chromium:849656
Change-Id: I4c1990e10905969c94913f434ec0013e5cbbfb19
Reviewed-on: https://chromium-review.googlesource.com/1087273
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53535}
2018-06-05 19:15:15 +00:00
Michael Starzinger
c96ac82c50 [wasm] Make stack check independent of the Isolate.
This makes stack checks in WasmCode independent of the underlying
Isolate by loading the limit address from the WasmInstanceObject instead
of embedding it into the instruction stream. It hence removes the last
use of the Isolate field from WasmGraphBuilder.

Additionally this introduces the notion of a "runtime stub" which
represents stub code global to the NativeModule that can be directly
called from each WasmCode in the same module. These stubs can act as
trampolines via which Isolate-independent WasmCode can enter other V8
builtins or runtime functions that remain Isolate-dependent. They will
eventually replace the current "trampoline" in a NativeModule.

R=titzer@chromium.org
BUG=v8:7424

Change-Id: Ie1f5582ee656b1ab7716ea06316d6e21a0268e74
Reviewed-on: https://chromium-review.googlesource.com/1078732
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53487}
2018-06-04 11:24:17 +00:00
Ben Smith
b466a99f91 [wasm] Rename type to value in Global constructor
This was renamed recently in the spec.

Change-Id: I825e47e8b4113ddb2c3356ee8e7663705ba65e1c
Reviewed-on: https://chromium-review.googlesource.com/1079851
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53448}
2018-05-30 21:08:03 +00:00
Clemens Hammacher
37e9017f8e [wasm] Use correct instance when calling start function
We were always using the instance we were currently building. If the
start function is an exported wasm function of another instance, use the
exporting instance instead.

R=titzer@chromium.org

Bug: chromium:843120
Change-Id: I141d272b947bef8e903be7208ddf6ce344e754c4
Reviewed-on: https://chromium-review.googlesource.com/1059620
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53190}
2018-05-15 16:17:29 +00:00
Clemens Hammacher
d171ed411a [wasm] Add tests for re-importing into different instances
Since the code around that is quite fragile, and I plan to refactor it,
just add some tests to ensure that everything is and keeps working as
intended.

R=mstarzinger@chromium.org

Bug: v8:7758
Change-Id: Ib3814b93b465286d70b5669ed0161eecb9fc925a
Reviewed-on: https://chromium-review.googlesource.com/1059616
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53187}
2018-05-15 14:52:26 +00:00
Michael Starzinger
8c57a54b86 [wasm] Create module object in async compilation earlier.
This makes sure that the {WasmModuleObject} has been allocated before
any debug events are fired. Since {WasmScript} objects reference the
module object, it needs to be allocated earlier by now.

R=ahaas@chromium.org
TEST=debugger/regress/regress-crbug-840288
BUG=chromium:840288

Change-Id: I02783ce126c463ac953eb2192acb65f3a5d420a1
Reviewed-on: https://chromium-review.googlesource.com/1050246
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53084}
2018-05-09 07:54:56 +00:00
Clemens Hammacher
5d11921320 [Liftoff] Stage Liftoff and tier up behind --future
In order to get more test coverage (also on ClusterFuzz), stage Liftoff
and tier up behind --future.

R=hablich@chromium.org
CC=​​titzer@chromium.org

Bug: v8:6600
Change-Id: I718e17957b26f60aa4c002333035f693344806e0
Reviewed-on: https://chromium-review.googlesource.com/1042385
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52987}
2018-05-04 11:48:18 +00:00
Michael Starzinger
56e8b09936 Reland "[wasm] Maintain link from Instance to Module."
This is a reland of a0c57368a9

Original change's description:
> [wasm] Maintain link from Instance to Module.
> 
> This moves the link from a {WasmInstanceObject} to its corresponding
> {WasmModuleObject} into the right place and also makes it strong. This
> ensures that an instance always keeps the underlying module alive and
> hence removes the situation of an "orphaned instance".
> 
> R=clemensh@chromium.org
> 
> Change-Id: Id59f6a49740af8ef0248679c3d2c696bb9776944
> Reviewed-on: https://chromium-review.googlesource.com/1041691
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52942}

Change-Id: I9854400bfc1d22bd258f17118fcb7460cdc3acd5
Reviewed-on: https://chromium-review.googlesource.com/1043786
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52985}
2018-05-04 10:16:58 +00:00
Michael Achenbach
79a99dfc10 Revert "[wasm] Maintain link from Instance to Module."
This reverts commit a0c57368a9.

Reason for revert: Speculative revert due to failures with custom
snapshot:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/19061

Local bisect also points to this change:
http://shortn/_IhVxU2FKLu

Original change's description:
> [wasm] Maintain link from Instance to Module.
> 
> This moves the link from a {WasmInstanceObject} to its corresponding
> {WasmModuleObject} into the right place and also makes it strong. This
> ensures that an instance always keeps the underlying module alive and
> hence removes the situation of an "orphaned instance".
> 
> R=​clemensh@chromium.org
> 
> Change-Id: Id59f6a49740af8ef0248679c3d2c696bb9776944
> Reviewed-on: https://chromium-review.googlesource.com/1041691
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52942}

TBR=mstarzinger@chromium.org,clemensh@chromium.org

Change-Id: I1830e6ce14314f06f918a0c428182bfd68354ad9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1041968
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52949}
2018-05-03 11:56:25 +00:00
Michael Starzinger
a0c57368a9 [wasm] Maintain link from Instance to Module.
This moves the link from a {WasmInstanceObject} to its corresponding
{WasmModuleObject} into the right place and also makes it strong. This
ensures that an instance always keeps the underlying module alive and
hence removes the situation of an "orphaned instance".

R=clemensh@chromium.org

Change-Id: Id59f6a49740af8ef0248679c3d2c696bb9776944
Reviewed-on: https://chromium-review.googlesource.com/1041691
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52942}
2018-05-03 09:36:38 +00:00
Ben Smith
2747d0e6da [wasm] Fix some bugs in mut global implementation
* If the mutability of the global object doesn't match the module, then
  it should throw a LinkError.
* There was a missing `return` when importing a Number as a mutable
  global.
* All globals were being exported as immutable.
* Attempting to set the value of an immutable global should throw a
  TypeError.
* The length of the setter function should be 1.

Bug: v8:7625
Change-Id: I08d6a428506a18db15eecadf4cbcee89e0658924
Reviewed-on: https://chromium-review.googlesource.com/1031626
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52865}
2018-04-27 19:14:36 +00:00
Ben L. Titzer
903d87312e [wasm] Fix target instance for indirect calls to imports
In the case of an indirect call to an imported function, the target
instance stored in the IFT was actually wrong.

Bug: chromium:834619
Change-Id: Id2ac4158335ecf2b58e1983ce37df852a9ebd1b2
Reviewed-on: https://chromium-review.googlesource.com/1030174
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52831}
2018-04-27 08:27:56 +00:00
Ben Smith
e3c9f26626 [wasm] Update WebAssembly.Global constructor
The new spec has two arguments, the first is the global descriptor, and
the second is the initial value:

    new WebAssembly.Global({type: i32}, 42);

If the initial value argument is omitted, the value is set to 0.

Bug: v8:7625
Change-Id: I679d4b7c49c69ec7ffcdfeb8ae506fa7ab9bba95
Reviewed-on: https://chromium-review.googlesource.com/1028847
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52822}
2018-04-26 18:01:53 +00:00
Ben Smith
9166affb29 [wasm] Implement importing mutable globals
The WasmInstanceObject stores two new arrays:

- imported_mutable_globals_buffers_: a FixedArray of all the imported
  globals' array buffers.
- imported_mutable_globals: a calloc'd array of Addresses pointing to
  the mutable global in its array buffer.

When accessing the global, the generated code looks up the address in
imported_mutable_globals to find where to load/store.

Bug: v8:7625
Change-Id: I60844c21a788fce28f346455f10f2283d1c152e9
Reviewed-on: https://chromium-review.googlesource.com/1020602
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52794}
2018-04-25 18:57:48 +00:00
Ben Smith
6a50560650 [wasm] Implement WebAssembly.Global import/export
The mutable-globals proposal spec allows importing as Numbers or
WebAssembly.Global values, but always exports as WebAssembly.Global.

Since the value is always boxed, we can also import/export i64 values.

This CL also includes support for export of mutable globals. Since the
underlying ArrayBuffer that stores the global's value is shared between
the module and the WebAssembly.Global object, all that needs to be done
is remove the validation check.

Bug: v8:7625
Change-Id: I24d763e3bc193d229a7cc33b2f2690a473c6f2bc
Reviewed-on: https://chromium-review.googlesource.com/1018406
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52789}
2018-04-25 16:54:06 +00:00
Ben L. Titzer
c536ea2dba [wasm] Remove temporary table immutability workaround
Now that tables and stack frames properly root instances, there is no
longer any need to disallow mutations that could unroot instances
while their code is on the stack.

Bug: v8:7232
Change-Id: I907b9522ac12ad7a67fb4124774713b6b3b40bb7
Reviewed-on: https://chromium-review.googlesource.com/1007004
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52629}
2018-04-16 18:39:33 +00:00
Clemens Hammacher
bbb26b5f75 Reland "Reland "[d8][wasm] Test wasm compilation completion""
The deadlock should be fixed with https://crrev.com/c/1002174.

This is a reland of 4d1c2907d3

Original change's description:
> Reland "[d8][wasm] Test wasm compilation completion"
>
> This is a reland of ed2605f040
>
> Original change's description:
> > [d8][wasm] Test wasm compilation completion
> >
> > d8 was recently changed to keep running until wasm compilation has
> > completed. This adds a message test to test that.
> >
> > R=ahaas@chromium.org
> >
> > Change-Id: I73af53b6df4ee5f9a6afd26cf2d71a269140465f
> > Reviewed-on: https://chromium-review.googlesource.com/966184
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#52008}
>
> Change-Id: Iadbd5056dfa58da454956c4e89369af8b0455b35
> Reviewed-on: https://chromium-review.googlesource.com/975242
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52154}

Bug: chromium:824681
Change-Id: I4077645bcfcb2320f6573bb779027add36feee3f
Reviewed-on: https://chromium-review.googlesource.com/999632
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52505}
2018-04-10 08:24:27 +00:00
Andreas Haas
813106ad30 [wasm][anyref] Implement ref.is_null
R=titzer@chromium.org

Bug: v8:7581
Change-Id: I30482ddb95a5c8501f1764922cc579855c209fdf
Reviewed-on: https://chromium-review.googlesource.com/998162
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52502}
2018-04-10 07:28:37 +00:00
Andreas Haas
73a231466a [wasm][anyref] Implement the RefNull opcode
R=titzer@chromium.org

Bug: v8:7581
Change-Id: I3a1fcffd3429907bcf9f92a904ab30568e6d4d07
Reviewed-on: https://chromium-review.googlesource.com/998914
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52501}
2018-04-10 07:21:37 +00:00
Ben Smith
b5757ce50c [wasm] Implement WebAssembly.Global.value{,Of}
See
https://webassembly.github.io/mutable-global/js-api/index.html#globals
for the current spec.

Bug: v8:7625

Change-Id: I70f567a9a0c6fc44c04c245ff496386941a699a9
Reviewed-on: https://chromium-review.googlesource.com/999168
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52494}
2018-04-09 21:00:43 +00:00
Andreas Haas
1800e9bb36 [wasm][anyref] Add support for js-to-wasm and wasm-to-js wrappers
R=titzer@chromium.org

Bug: v8:7581
Change-Id: Ib100a45ad51ec6b6a0400cfe97fe918089c04ead
Reviewed-on: https://chromium-review.googlesource.com/998095
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52468}
2018-04-09 08:00:55 +00:00
Ben L. Titzer
a6d974fe00 [wasm] Merge the WasmContext into WasmInstanceObject
This change makes lifetime management of WasmCode much simpler.
By using the WasmInstanceObject as the context for WASM code execution,
including the pointer to the memory base and indirect function tables,
this keeps the instance alive when WASM code is on the stack, since
the instance object is passed as a parameter and spilled onto the stack.
This is in preparation of sharing the code between instances and
isolates.

Bug: v8:7424

R=mstarzinger@chromium.org

Change-Id: Ia35a3ce91a8f6135767fa764e185cde8bbc889f4
Reviewed-on: https://chromium-review.googlesource.com/997932
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52436}
2018-04-06 12:13:26 +00:00
Ben Titzer
8adb94fc81 Revert "[wasm] Merge the WasmContext into WasmInstanceObject"
This reverts commit 57bf0bfefb.

Reason for revert: <INSERT REASONING HERE>

Original change's description:
> [wasm] Merge the WasmContext into WasmInstanceObject
> 
> This change makes lifetime management of WasmCode much simpler.
> By using the WasmInstanceObject as the context for WASM code execution,
> including the pointer to the memory base and indirect function tables,
> this keeps the instance alive when WASM code is on the stack, since
> the instance object is passed as a parameter and spilled onto the stack.
> This is in preparation of sharing the code between instances and
> isolates.
> 
> Bug: v8:7424
> 
> Change-Id: Ic2e4b7bcc2feb20001d0553a615a8a9dff36317e
> Reviewed-on: https://chromium-review.googlesource.com/958520
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52361}

TBR=mstarzinger@chromium.org,titzer@chromium.org,ahaas@chromium.org,clemensh@chromium.org

Change-Id: I653e27b46dbc43ad773eda4292d521a508f42d79
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7424
Reviewed-on: https://chromium-review.googlesource.com/995418
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52364}
2018-04-04 17:08:02 +00:00
Ben L. Titzer
57bf0bfefb [wasm] Merge the WasmContext into WasmInstanceObject
This change makes lifetime management of WasmCode much simpler.
By using the WasmInstanceObject as the context for WASM code execution,
including the pointer to the memory base and indirect function tables,
this keeps the instance alive when WASM code is on the stack, since
the instance object is passed as a parameter and spilled onto the stack.
This is in preparation of sharing the code between instances and
isolates.

Bug: v8:7424

Change-Id: Ic2e4b7bcc2feb20001d0553a615a8a9dff36317e
Reviewed-on: https://chromium-review.googlesource.com/958520
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52361}
2018-04-04 16:34:50 +00:00
Ben Smith
2e197ba64e [wasm] Implement WebAssembly.Global object
This change implements the WebAssembly.Global object and constructor,
but none of the accessors or functions.

There is a new flag to enable this: --experimental-wasm-mut-global.

Change-Id: Ifeb270d57392d7ca0900c80c0038932c96ee8b61
Reviewed-on: https://chromium-review.googlesource.com/989296
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52335}
2018-04-03 20:59:10 +00:00
Andreas Haas
fc976f8e23 [wasm] Don't call constructors directly from wasm2js wrappers
For the wasm2js wrappers we have an optimization to call a JavaScript
function directly if the signature of the JavaScript function matches
the signature of the WebAssembly import. However, we are not supposed
to do this optimization if the imported function is a constructor,
because constructors can only be called with `new`. With this CL we
do not apply this optimization when the imported function is a
constructor.

R=titzer@chromium.org

Bug: chromium:824859
Change-Id: I1722367bd865d0b129eadf7d4849182410447179
Reviewed-on: https://chromium-review.googlesource.com/985974
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52296}
2018-03-29 11:48:32 +00:00
Eric Holk
07387b3d21 [liftoff] fix statically out of bounds memory access with trap handlers
Change-Id: Idbf76d4fed6d0fe21f4af3df455a2f667942643e
Reviewed-on: https://chromium-review.googlesource.com/976946
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52195}
2018-03-23 19:24:16 +00:00
Michael Achenbach
85432a2381 Revert "Reland "[d8][wasm] Test wasm compilation completion""
This reverts commit 4d1c2907d3.

Reason for revert: Still often hangs:
https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/23898

Original change's description:
> Reland "[d8][wasm] Test wasm compilation completion"
> 
> This is a reland of ed2605f040
> 
> Original change's description:
> > [d8][wasm] Test wasm compilation completion
> > 
> > d8 was recently changed to keep running until wasm compilation has
> > completed. This adds a message test to test that.
> > 
> > R=ahaas@chromium.org
> > 
> > Change-Id: I73af53b6df4ee5f9a6afd26cf2d71a269140465f
> > Reviewed-on: https://chromium-review.googlesource.com/966184
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#52008}
> 
> Change-Id: Iadbd5056dfa58da454956c4e89369af8b0455b35
> Reviewed-on: https://chromium-review.googlesource.com/975242
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52154}

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: I4c2f3f69d6a2e749ce7c5379a3949d098c5946c4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/975835
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52160}
2018-03-22 17:43:29 +00:00
Clemens Hammacher
4d1c2907d3 Reland "[d8][wasm] Test wasm compilation completion"
This is a reland of ed2605f040

Original change's description:
> [d8][wasm] Test wasm compilation completion
> 
> d8 was recently changed to keep running until wasm compilation has
> completed. This adds a message test to test that.
> 
> R=ahaas@chromium.org
> 
> Change-Id: I73af53b6df4ee5f9a6afd26cf2d71a269140465f
> Reviewed-on: https://chromium-review.googlesource.com/966184
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52008}

Change-Id: Iadbd5056dfa58da454956c4e89369af8b0455b35
Reviewed-on: https://chromium-review.googlesource.com/975242
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52154}
2018-03-22 15:54:06 +00:00
Clemens Hammacher
e6bd3ee5cd Revert "[d8][wasm] Test wasm compilation completion"
This reverts commit ed2605f040.

Reason for revert: Test flakes.

Original change's description:
> [d8][wasm] Test wasm compilation completion
> 
> d8 was recently changed to keep running until wasm compilation has
> completed. This adds a message test to test that.
> 
> R=​ahaas@chromium.org
> 
> Change-Id: I73af53b6df4ee5f9a6afd26cf2d71a269140465f
> Reviewed-on: https://chromium-review.googlesource.com/966184
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52008}

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: If1e015bd346a71df1da8effe92882c37a00d1e62
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/968521
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52023}
2018-03-19 12:03:14 +00:00
Clemens Hammacher
ed2605f040 [d8][wasm] Test wasm compilation completion
d8 was recently changed to keep running until wasm compilation has
completed. This adds a message test to test that.

R=ahaas@chromium.org

Change-Id: I73af53b6df4ee5f9a6afd26cf2d71a269140465f
Reviewed-on: https://chromium-review.googlesource.com/966184
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52008}
2018-03-19 09:29:34 +00:00
Andreas Haas
c7d68161bd [d8] Add no-wait-for-wasm flag
The flag lets d8 wait for async compilation of WebAssembly to finish
before d8 shuts down.

R=clemensh@chromium.org
CC=​kimanh@google.com

Change-Id: I4cf59a1f35cc5a0ecaf769d2745df5e2e14eb509
Reviewed-on: https://chromium-review.googlesource.com/966031
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51999}
2018-03-16 15:35:27 +00:00
Clemens Hammacher
567dcad1ae [wasm] Fix prototype property of exported functions
According to the spec, exported wasm functions should not have a
[[Construct]] method, hence they don't have a prototype.

R=bmeurer@chromium.org
CC=​titzer@chromium.org

Bug: v8:7503
Change-Id: I9e142d65a80c0ef6dbd743421771f194c2d50614
Reviewed-on: https://chromium-review.googlesource.com/939782
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51622}
2018-02-28 09:14:57 +00:00
Clemens Hammacher
bd2c9d560c [wasm][testing] Fix definition of kSig_f_v
There is a clear mistake of using kWasmF64 instead of kWasmF32.

R=ahaas@chromium.org

Change-Id: I638d568b3736fdb8417f17bcd04d17268a45b965
Reviewed-on: https://chromium-review.googlesource.com/939178
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51595}
2018-02-27 12:52:23 +00:00
Clemens Hammacher
537885e829 [wasm][interpreter] Fix indirect calls to other instances
When calling a function through a function table, check whether the
instance of the called function differs from the current instance, and
in that case call the other function via a c-wasm-entry instead of
interpreting it.
The c-wasm-entry needs to pass the wasm context, so this CL changes
this to receive the wasm context as parameter instead of embedding the
context of the calling instance.

R=titzer@chromium.org

Bug: chromium:814562, v8:7400
Change-Id: Iea93f270542169f8aac4f8c81aacec559c716368
Reviewed-on: https://chromium-review.googlesource.com/930966
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51485}
2018-02-22 19:51:41 +00:00
Kim-Anh Tran
6da59ee38c [wasm] Remove default value for is_liftoff
AddCode and AddOwnedCode (from NativeModule), as well as the WasmCode
constructor are using a default value (false) for determining whether
the code is liftoff-compiled or not. This CL removes the default
value and requires each call to these functions/constructors to explicitly
set the value.

Change-Id: Icd4187d1710c774826c9134078ec65845bc98dd7
Reviewed-on: https://chromium-review.googlesource.com/928921
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51475}
2018-02-22 13:59:17 +00:00
Clemens Hammacher
a677243034 [wasm] Enable more asm.js tests
They were disabled for some reason, but they are working, so reenable
them.

R=titzer@chromium.org

Change-Id: I24cab05d01060b9eae3d6191a978cdb04daf626b
Reviewed-on: https://chromium-review.googlesource.com/928648
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51440}
2018-02-21 15:42:22 +00:00
Ben L. Titzer
0c1b4c257b [wasm] Move indirect function tables into the WasmContext
This CL changes the WASM implementation to access indirect function
tables through the WasmContext, whereas previously indirect function
tables and their sizes were constants that were inlined into compiled
into code, requiring code patching. This is a necessary step for sharing
code between instances and eventually, isolates.

R=clemensh@chromium.org,mstarzinger@chromium.org

Bug: v8:7424
Change-Id: Ida4138ed92729730dfbc0a81a84d8484b233d808
Reviewed-on: https://chromium-review.googlesource.com/895683
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51427}
2018-02-21 12:29:21 +00:00
Adam Klein
5aad943dfe Remove mtrofin and rossberg from OWNERS
Tbr: jarin@chromium.org
Change-Id: I17477e2c82398b228a366a3d1fd8eb521dd51eae
Reviewed-on: https://chromium-review.googlesource.com/922270
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51317}
2018-02-15 23:48:43 +00:00
Andreas Haas
97a2654633 [wasm] Update spec tests
I fixed some spec tests since the last update, so we can turn them on
again. The problem was in the spec test itself and not in V8.

R=titzer@chromium.org

Change-Id: Id2755138293d22d49e0393b884df797a1134b6f9
Reviewed-on: https://chromium-review.googlesource.com/919041
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51290}
2018-02-14 14:17:44 +00:00
Andreas Haas
384ac3cde9 [wasm] Reexported wasm functions should be identical to imports
According to the spec, if an imported function gets exported, the
exported function has to be identical to to imported function.

With this CL we initialize the list of potential js_wrappers_ with all
wasm function we imported. Therefore no new wrappers are generated for
these functions.

R=clemensh@chromium.org

Bug: v8:7364
Change-Id: Ibcd47d8fcc4c2fb5740d57ea547fbd01c2a4e80a
Reviewed-on: https://chromium-review.googlesource.com/901626
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51244}
2018-02-12 14:27:18 +00:00
Andreas Haas
59e87d645c [wasm] Remove mjsunit/wasm/test-import-export-wrapper
The test required a special runtime function, which did not work in
general but only in the context of that one test. After an offline
discussion we decided that what the test is testing is not worth a
runtime function, since we would also see in other tests if something
goes wrong.

R=clemensh@chromium.org

Bug: v8:7403
Change-Id: I129a189a9df299d409a4a555eae28783e47b97d1
Reviewed-on: https://chromium-review.googlesource.com/901284
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51095}
2018-02-05 13:28:11 +00:00
Clemens Hammacher
650dd1746b [wasm] Improve trap messages
Especially "invalid function" and "invalid type" could contain much
more information.

Drive-by: Remove unused WasmTrapInvalidIndex.

R=ahaas@chromium.org

Change-Id: I7fd72c095eaad94e3e2d9bfe6ab4a9ce0bb4798b
Reviewed-on: https://chromium-review.googlesource.com/897526
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51059}
2018-02-02 11:27:11 +00:00
Andreas Haas
775109e9cf [wasm] Update spec tests
In addition I added some comments in the update script which describes
steps which have to be takes the first time you run the script on a
new machine.

R=titzer@chromium.org

Change-Id: Ib360e6fcdcb63eaf225f398eff60041b48f86b62
Reviewed-on: https://chromium-review.googlesource.com/883344
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50863}
2018-01-25 09:28:58 +00:00
Michael Starzinger
7900db4f9a [wasm] Fix cloned deserialization of JS-to-WASM wrappers.
This fixes a corner-case where deserialization of a module containing
multiple exported functions of the same signature forgot to properly
unprotect the code-space. Test coverage has been added.

R=clemensh@chromium.org
TEST=mjsunit/wasm/compiled-module-serialization
BUG=chromium:804767

Change-Id: I0082303db19bcc14c4de30f29d604665e281d79d
Reviewed-on: https://chromium-review.googlesource.com/880844
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50799}
2018-01-23 12:38:47 +00:00
Ben L. Titzer
6da9254ccb Reland "[wasm] Fix page size constant + test limits on max pages."
This is a reland of 183bc643b5.

Original change's description:
> [wasm] Fix page size constant + test limits on max pages.
> 
> BUG=chromium:801604
> R=bbudge@chromium.org,titzer@chromium.org
> 
> Change-Id: I5fa57d5f8ea288d7aef7d466cbf11df46c4dcd1d
> Reviewed-on: https://chromium-review.googlesource.com/869468
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Brad Nelson <bradnelson@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50665}

Bug: chromium:801604
Change-Id: I89943644f5921f8635e62af82bb472c7bfd5e145
Reviewed-on: https://chromium-review.googlesource.com/874696
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50707}
2018-01-19 10:19:32 +00:00
Benedikt Meurer
f3d22635d1 Revert "[wasm] Fix page size constant + test limits on max pages."
This reverts commit 183bc643b5.

Reason for revert: https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Linux_-_debug%2F18780%2F%2B%2Frecipes%2Fsteps%2FCheck_-_extra%2F0%2Flogs%2Fmemory-size%2F0

Original change's description:
> [wasm] Fix page size constant + test limits on max pages.
> 
> BUG=chromium:801604
> R=​bbudge@chromium.org,titzer@chromium.org
> 
> Change-Id: I5fa57d5f8ea288d7aef7d466cbf11df46c4dcd1d
> Reviewed-on: https://chromium-review.googlesource.com/869468
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Brad Nelson <bradnelson@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50665}

TBR=bradnelson@chromium.org,bbudge@chromium.org,titzer@chromium.org

Change-Id: I2b5a51f1a94e862f8ac4455d466e23d26c220202
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:801604
Reviewed-on: https://chromium-review.googlesource.com/872950
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50666}
2018-01-18 06:55:42 +00:00
Brad Nelson
183bc643b5 [wasm] Fix page size constant + test limits on max pages.
BUG=chromium:801604
R=bbudge@chromium.org,titzer@chromium.org

Change-Id: I5fa57d5f8ea288d7aef7d466cbf11df46c4dcd1d
Reviewed-on: https://chromium-review.googlesource.com/869468
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50665}
2018-01-18 02:52:48 +00:00
Ben L. Titzer
3b64a340c7 [wasm] grow_memory(0) should detach the underlying ArrayBuffer
The WebAssembly JS API specification [1] covers the JS-visible side-effects
of executing a grow_memory operation and states that a successful
grow operation should always detach any prior array buffer.

[1] https://github.com/WebAssembly/spec/blob/master/document/js-api/index.bs

R=mstarzinger@chromium.org,gdeepti@chromium.org

Bug: 
Change-Id: Ib9232e01209ba546c0bba1c9408c92da60ff6d92
Reviewed-on: https://chromium-review.googlesource.com/860011
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50627}
2018-01-16 19:07:59 +00:00
Clemens Hammacher
566b3bf4a7 [Liftoff] Implement direct calls
This adds support for direct calls in Liftoff.

Drive-by: Fix / extend two tests for calls which were helpful for
developing this CL.

R=ahaas@chromium.org

Bug: v8:6600
Change-Id: I20a98d9dd330da9a020c8c9b5c10b04e94af684d
Reviewed-on: https://chromium-review.googlesource.com/847579
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50427}
2018-01-09 10:54:56 +00:00
Eric Holk
92183d8a48 Reland "[wasm] use allocation tracker to track reserved address space"
This is a reland of 9c79b37aa7
Original change's description:
> [wasm] use allocation tracker to track reserved address space
> 
> This is a step towards falling back on bounds checks when there are too many
> guarded Wasm memories.
> 
> Bug: v8:7143
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I01916cbdd5ddb08fe1d946ab83b801f37a8fe1c6
> Reviewed-on: https://chromium-review.googlesource.com/832944
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50390}

Bug: v8:7143
Change-Id: Iaf0d22d300a3f2da22649552a17162dcf7bc608b
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/853142
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50418}
2018-01-08 18:53:14 +00:00
Clemens Hammacher
1cd6efe7bb [wasm][fuzzer] Generate correct tests with locals
The tests generated by --wasm-fuzzer-gen-test did not encode the locals
of functions yet. This CL fixes that.
A bit of care has to be taken to ensure that the locals are generated
in exactly the same order as in the module generated by the fuzzer.
This requires calling {addLocals} several times.

R=ahaas@chromium.org

Change-Id: I95237b0baef0731b6c164fddc8f12fa6f478e220
Reviewed-on: https://chromium-review.googlesource.com/848832
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50402}
2018-01-08 12:28:30 +00:00
Bill Budge
eada517579 Revert "[wasm] use allocation tracker to track reserved address space"
This reverts commit 9c79b37aa7.

Reason for revert: breaks TSAN

https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Linux64_TSAN%2F18959%2F%2B%2Frecipes%2Fsteps%2FCheck%2F0%2Flogs%2Finstance-gc%2F0

Original change's description:
> [wasm] use allocation tracker to track reserved address space
> 
> This is a step towards falling back on bounds checks when there are too many
> guarded Wasm memories.
> 
> Bug: v8:7143
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I01916cbdd5ddb08fe1d946ab83b801f37a8fe1c6
> Reviewed-on: https://chromium-review.googlesource.com/832944
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50390}

TBR=bbudge@chromium.org,gdeepti@chromium.org,eholk@chromium.org,eholk@google.com

Change-Id: I207b9466377ba50be17794e71407b0ebc8eb88e2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7143
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/853140
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50392}
2018-01-06 00:16:25 +00:00
Eric Holk
9c79b37aa7 [wasm] use allocation tracker to track reserved address space
This is a step towards falling back on bounds checks when there are too many
guarded Wasm memories.

Bug: v8:7143
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I01916cbdd5ddb08fe1d946ab83b801f37a8fe1c6
Reviewed-on: https://chromium-review.googlesource.com/832944
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50390}
2018-01-05 23:27:43 +00:00
Deepti Gandluri
f7601238f1 [wasm] Allocate SAB when memory is shared
When shared memory is defined in the module bytes, and not imported/exported
underlying memory should be a SharedArrayBuffer. This was missing in the
allocate flow during instantiation. Fixed to use a SharedArrayBuffer.

BUG=v8:6532

Change-Id: Ic62ed3fd578a0e03124ee40b273e6a4ea474bba4
Reviewed-on: https://chromium-review.googlesource.com/835348
Reviewed-by: Eric Holk <eholk@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50255}
2017-12-21 01:01:32 +00:00
Mircea Trofin
c8fe2635ea [wasm] Freeze mutability of tables
Bug: v8:7232
Change-Id: I1eed337749686ec749b970b4af56413c5614b980
Reviewed-on: https://chromium-review.googlesource.com/837646
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50253}
2017-12-21 00:37:01 +00:00
Mircea Trofin
f9c9616e62 [wasm] Ensure free-standing tables are rooted.
Bug: chromium:796584
Change-Id: Ib6a62d616d36344f35cad0b0a177f8f07c7fd2ac
Reviewed-on: https://chromium-review.googlesource.com/836849
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50244}
2017-12-20 19:17:12 +00:00
Clemens Hammacher
9a241228cf [asm.js] Fix continue target in for loops
Make sure that a continue still executed the increment part of a for
loop by adding another nested block for the body, which is the break
target for a continue in the body. The increment code lives outside
this block, in the original loop.

R=bradnelson@chromium.org
CC=mstarzinger@chromium.org

Bug: chromium:788916
Change-Id: I178b874ffac16d9237a0f4da097d2742bd93335a
Reviewed-on: https://chromium-review.googlesource.com/832447
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50169}
2017-12-18 16:29:27 +00:00
Mircea Trofin
1e7bd2e251 [wasm] Fix WasmCompiledFrame::Print
The function wasn't off-the-heap aware.

Bug: chromium:795020
Change-Id: I133dce54e570ff74b1475192882761d2bc377d6f
Reviewed-on: https://chromium-review.googlesource.com/830819
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50142}
2017-12-15 22:01:16 +00:00
Mircea Trofin
958b78a795 [wasm] Ensure indirect calls happen in the context of the owning instance
Bug: chromium:793714
Change-Id: I8c1ea8a2e27b5a7fe9cd1f8260873057a3bf9fd9
Reviewed-on: https://chromium-review.googlesource.com/826030
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50136}
2017-12-15 17:00:16 +00:00
Caitlin Potter
52ff3ae48b [builtins] implement RunMicrotasks pump as a code stub
- Implement RunMicrotasks in CSA to prevent a potentially large number
  of jumps between C++ and JS code while consuming te queue. Appears to
  provide a ~60% speedup in microtask-heavy code, which from limited
  testing appears to scale linearly.

  The code-stub microtask pump bails out to the old C++ microtask pump
  if it encounters a CallHandlerInfo microtask, and remains in C++ for
  the remainder of the queue (returning to the JS/stub implementation
  after the bailed out queue is exhausted).

- Add a variation of JSEntryStub which enters the new RunMicrotasks code
  stub.

- Add a new RunMicrotasks helper to Execution, which uses the
  RunMicrotasks entry stub.

Bug: 
Change-Id: I4667d4dd633d24455ea5d7cef239da0af1a7365e
Reviewed-on: https://chromium-review.googlesource.com/650486
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49842}
2017-12-04 17:55:29 +00:00
Clemens Hammacher
bb64e34f0c [wasm] Add "freeze" flag to test lazy compilation
In order to test that we don't repeatedly go through the
WasmCompileLazy runtime function, add a flag to the
LazyCompilationOrchestrator to "freeze" it, i.e. disallow any further
lazy compilation.
In tests, use this flag to first call a method, then freeze lazy
compilation, then call the method again to assert that no further lazy
compilation is triggered.

This test currently fails with --wasm-jit-to-native, so disable it for
that variant.

R=titzer@chromium.org
CC=mtrofin@chromium.org

Bug: v8:7140, chromium:788441, v8:5991
Change-Id: I18a40d302c24041740d8a54351d06ed968f4beec
Reviewed-on: https://chromium-review.googlesource.com/796430
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49734}
2017-11-30 08:54:12 +00:00
Clemens Hammacher
690ac5760c [wasm] Lazy-compilation: Support exporting an import
When exporting an imported wasm function, we generate a js-to-wasm
wrapper which calls the wasm-to-wasm wrapper (which then tail-calls
the WasmCompileLazy stub).
This wasm-to-wasm wrapper also needs to be patched.

R=titzer@chromium.org

Bug: chromium:788441, v8:5991
Change-Id: Ibf27618a0511851cb55714b720fe7299a21c2959
Reviewed-on: https://chromium-review.googlesource.com/795990
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49715}
2017-11-29 13:20:34 +00:00
Andreas Haas
e21bac5b0b [wasm] Open CodeSpaceMemoryModificationScope after imports got sanitized
Within SanitizeImports it is possible that JavaScript code gets executed
therefore we have to open the CodeSpaceMemoryModificationScope after
SanitizeImports.

R=clemensh@chromium.org

Bug: chromium:788469
Change-Id: Ide9bbd4ee4613b28380979d4a6c66d26e6a9406f
Reviewed-on: https://chromium-review.googlesource.com/789936
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49635}
2017-11-27 13:48:34 +00:00
Clemens Hammacher
0bc1b967f2 [wasm] [interpreter] Fix cross-instance indirect calls
The existing access to the signatures is plain wrong. This CL fixes
this.
Note that cross-instance indirect calls are only enabled since a few
days (https://crrev.com/c/778159), which is why this bug was not
detected before.

R=titzer@chromium.org

Bug: chromium:787910
Change-Id: Iaac4d1d85840c921eb8554c5094933ec8d987802
Reviewed-on: https://chromium-review.googlesource.com/787312
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49607}
2017-11-23 12:33:51 +00:00
Clemens Hammacher
412f1568f2 Reland "[test] Add Liftoff variant"
This is a reland of 712fa67554.

Original change's description:
> [test] Add Liftoff variant
>
> Add a variant for testing the current state of the Liftoff
> implementation.
> This variant will only run on a subset of the bots, just like the
> --future variant.
>
> R=machenbach@chromium.org, hablich@chromium.org
>
> Bug: v8:7088, v8:6600
> Change-Id: If49fad3a8ed579356504b821a787326754f24e78
> Reviewed-on: https://chromium-review.googlesource.com/779420
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49504}

TBR=machenbach@chromium.org
CC=hablich@chromium.org

Bug: v8:7088, v8:6600
Change-Id: Ieb20020f07c70acaa64bb421763a41aa163a261b
Reviewed-on: https://chromium-review.googlesource.com/781499
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49531}
2017-11-21 12:10:53 +00:00
Clemens Hammacher
3380e9a4d9 Reland "[wasm] Unify deoptimization data"
This is a reland of 236298acbf.

Original change's description:
> [wasm] Unify deoptimization data
>
> Add methods to add deoptimization data and use them from all the places
> where we currently add them manually. Also add them to wasm-to-wasm
> wrappers compiled on table set, which was missing before, leading to
> the referenced bug.
>
> R=ahaas@chromium.org
>
> Bug: chromium:779292
> Change-Id: Ib9132d9faeb1092c46e22dd8196d201ce5c0942f
> Reviewed-on: https://chromium-review.googlesource.com/774838
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49452}

Bug: chromium:779292
Change-Id: I8219305fc894c50904db57e51245733f6613dcd3
Reviewed-on: https://chromium-review.googlesource.com/778159
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49508}
2017-11-20 17:37:01 +00:00
Brad Nelson
fa268032fc [wasm] Disallow calling wasm constructors without new.
BUG=chromium:786021
R=titzer@chromium.org

Change-Id: I188ea4d639ef9d5ceeab5052e043ec1c9150bd77
Reviewed-on: https://chromium-review.googlesource.com/778282
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49506}
2017-11-20 17:34:51 +00:00
Adam Klein
16943d2d71 Revert "[wasm] Unify deoptimization data"
This reverts commit 236298acbf.

Reason for revert: suspected cause of failures on GC stress bots:

https://build.chromium.org/p/client.v8/builders/V8%20Mac%20GC%20Stress/builds/16341
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/16269

Original change's description:
> [wasm] Unify deoptimization data
> 
> Add methods to add deoptimization data and use them from all the places
> where we currently add them manually. Also add them to wasm-to-wasm
> wrappers compiled on table set, which was missing before, leading to
> the referenced bug.
> 
> Drive-by: Disable non-applicable MaybeHandle constructors to allow
> overloading functions with different Handle types.
> 
> R=​ahaas@chromium.org
> 
> Bug: chromium:779292
> Change-Id: Ib9132d9faeb1092c46e22dd8196d201ce5c0942f
> Reviewed-on: https://chromium-review.googlesource.com/774838
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49452}

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: I02fb49d2ece8e04ac5fb26f618bfe6fb2f133d06
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:779292
Reviewed-on: https://chromium-review.googlesource.com/777079
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49455}
2017-11-17 17:27:46 +00:00
Clemens Hammacher
236298acbf [wasm] Unify deoptimization data
Add methods to add deoptimization data and use them from all the places
where we currently add them manually. Also add them to wasm-to-wasm
wrappers compiled on table set, which was missing before, leading to
the referenced bug.

Drive-by: Disable non-applicable MaybeHandle constructors to allow
overloading functions with different Handle types.

R=ahaas@chromium.org

Bug: chromium:779292
Change-Id: Ib9132d9faeb1092c46e22dd8196d201ce5c0942f
Reviewed-on: https://chromium-review.googlesource.com/774838
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49452}
2017-11-17 16:28:38 +00:00
Clemens Hammacher
6802775efc Reland "[wasm] Fix importing wasm-lazy-compile stubs"
This is a reland of 77b0baa649.

Original change's description:
> [wasm] Fix importing wasm-lazy-compile stubs
>
> If two modules use lazy compilation, and one imports a function of
> another, we are unwrapping the js-to-wasm wrapper of the export. This
> was failing so far, because during unwrapping we did not find the wasm
> code.
> This CL fixes this by also recognizing WasmCompileLazy stubs as "wasm
> code".
>
> R=ahaas@chromium.org
>
> Bug: chromium:779569, v8:5991
> Change-Id: If2260c3721e3746a7635b9d0182fd520df2fb773
> Reviewed-on: https://chromium-review.googlesource.com/771672
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49405}

Bug: chromium:779569, v8:5991
Change-Id: I4818e933467bd5a040f1514b8fc18db219a092c7
Reviewed-on: https://chromium-review.googlesource.com/774538
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49426}
2017-11-16 18:50:07 +00:00
Clemens Hammacher
0d5d2a1ede Revert "[wasm] Fix importing wasm-lazy-compile stubs"
This reverts commit 77b0baa649.

Reason for revert: Breaks on win64 bot: https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Win64_-_debug%2F20172%2F%2B%2Frecipes%2Fsteps%2FCheck%2F0%2Flogs%2Flazy-compilation%2F0

Original change's description:
> [wasm] Fix importing wasm-lazy-compile stubs
> 
> If two modules use lazy compilation, and one imports a function of
> another, we are unwrapping the js-to-wasm wrapper of the export. This
> was failing so far, because during unwrapping we did not find the wasm
> code.
> This CL fixes this by also recognizing WasmCompileLazy stubs as "wasm
> code".
> 
> R=​ahaas@chromium.org
> 
> Bug: chromium:779569, v8:5991
> Change-Id: If2260c3721e3746a7635b9d0182fd520df2fb773
> Reviewed-on: https://chromium-review.googlesource.com/771672
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49405}

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: If5ab7b9de95ef662a65a6a5b919fa1f13aa492cd
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:779569, v8:5991
Reviewed-on: https://chromium-review.googlesource.com/774518
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49409}
2017-11-16 12:07:36 +00:00
Clemens Hammacher
77b0baa649 [wasm] Fix importing wasm-lazy-compile stubs
If two modules use lazy compilation, and one imports a function of
another, we are unwrapping the js-to-wasm wrapper of the export. This
was failing so far, because during unwrapping we did not find the wasm
code.
This CL fixes this by also recognizing WasmCompileLazy stubs as "wasm
code".

R=ahaas@chromium.org

Bug: chromium:779569, v8:5991
Change-Id: If2260c3721e3746a7635b9d0182fd520df2fb773
Reviewed-on: https://chromium-review.googlesource.com/771672
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49405}
2017-11-16 11:16:58 +00:00
Clemens Hammacher
22e4c4613b [wasm] [interpreter] Fix interpreter-to-wasm calls
When calling the CWasmEntry in order to call from the interpreter to a
wasm function, the given buffer must hold the arguments, and must also
have enough space to hold the return values. We were missing the second
part, hence we failed when there are no parameters, but a return.

R=ahaas@chromium.org

Bug: chromium:784125
Change-Id: I08d417cae60eea64fda8a72e898dbed9f3e88148
Reviewed-on: https://chromium-review.googlesource.com/771633
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49402}
2017-11-16 11:13:43 +00:00
Karl Schimpf
1719ecb9dc Add capability to handle CSP 'wasm-eval' in V8
Like CSP flag 'unsafe-eval', which communicates if both JS source
files and WASM binary files may be compiled, this CL adds a similar
flag for the compilation of WASM binary files.

That is, a WASM binary file will be compiled only if the new flag is
defined, or the flag for 'unsafe-eval' allows it. These flags are
implemented as callback functions on the isolate. The callbacks get a
(CSP) context, and a string, and returns the corresponding value of
the flag.

Both callbacks are initialized with the nullptr, and is used to
communicate that no CSP policy is defined. This allows this concept to
work, independent of it running in Chrome.

It also does a small clean up in api.cc to use macro CALLER_SETTERS,
instead of explicit code when appropriate.

Bug: v8:7041
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Idb3356574ae2a298057e6b7bccbd3492831952ae
Reviewed-on: https://chromium-review.googlesource.com/759162
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49243}
2017-11-09 00:40:42 +00:00
Andreas Rossberg
776d6e9d5c [wasm] Int64 lowering for return values
R=titzer@chromium.org

Change-Id: Ie8c361efb48b56dc65719f09dfc79d505e0f3459
Reviewed-on: https://chromium-review.googlesource.com/735610
Commit-Queue: Andreas Rossberg <rossberg@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49000}
2017-10-27 11:34:14 +00:00
Ben L. Titzer
17a9caf302 [wasm/test] Split test/mjsunit/wasm/user-properties.js into smaller tests.
Because this test uses heap verification, it is quite slow. Split it
into 4 smaller tests to avoid test timeout and allow them to be run
in parallel.

R=ahaas@chromium.org

Bug: 
Change-Id: Ie4ac841d1d8215019bb5cfcc335daea6b10ab789
Reviewed-on: https://chromium-review.googlesource.com/738146
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48998}
2017-10-27 10:37:55 +00:00
Clemens Hammacher
6d1522d500 [wasm] Test the --liftoff flag
This adds two tests to verify that the --liftoff flag has the indented
effect, and that Liftoff compilation is off by default.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: Ie7e13184b5068f572b78dbdf7abbcded6d859fc5
Reviewed-on: https://chromium-review.googlesource.com/733561
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48995}
2017-10-27 08:55:46 +00:00
Andreas Haas
a99423c389 Revert "[test] Refactor assertPromiseResult"
This reverts commit 361bb1a047.

Reason for revert: See https://crbug.com/v8/6981

BUG=v8:6981

Original change's description:
> [test] Refactor assertPromiseResult
>
> This patch introduces assertPromiseFulfills and assertPromiseFulfills as
> a replacement for assertPromiseResult because it’s more JavaScript-y.
>
> BUG=v8:6921
> R=ahaas@chromium.org
>
> Also-By: ahaas@chromium.org
> Change-Id: I2f865dba3992ddf3b58987bf0b376d143edb5c31
> Reviewed-on: https://chromium-review.googlesource.com/718746
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48578}

Change-Id: Ie760d2422451f16acc616aae001fe9fd18bf5cd4
Reviewed-on: https://chromium-review.googlesource.com/738249
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48936}
2017-10-25 14:42:25 +00:00
Clemens Hammacher
6d68788b88 [wasm] Speed up mjsunit/atomics.js
There is no need to test each operation on each single memory location.

R=titzer@chromium.org, binji@chromium.org

Bug: v8:6994
Change-Id: Ib401fa1dd4db2e1b9c7ee0b48bb0c1cc9e3f9139
Reviewed-on: https://chromium-review.googlesource.com/735149
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48921}
2017-10-25 11:38:46 +00:00
Clemens Hammacher
68a087f811 [wasm] [interpreter] Handle ToNumber failure on imports
We were already handling the case that a called import throws, but if
it returned an error which is not convertible to a number, we failed
with a CHECK error.
This CL fixes this.

R=titzer@chromium.org

Bug: chromium:771970
Change-Id: I6c9983459109d49c43304610b696d49de986a250
Reviewed-on: https://chromium-review.googlesource.com/735354
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48912}
2017-10-25 09:59:14 +00:00
Andreas Rossberg
06061b7ddf [wasm] Support block parameters
This adds support for parameters on block, loop, if, cf the multi-value proposal at:
https://github.com/WebAssembly/multi-value/blob/master/proposals/multi-value/Overview.md

With this CL, we ssucceed on all tests in:
https://github.com/WebAssembly/multi-value/pull/2
except those involving multiple returns from functions.

R=titzer@chromium.org

Change-Id: I14a33e86450148f6aed2b8b8cc6bebb2303625c6
Reviewed-on: https://chromium-review.googlesource.com/712578
Commit-Queue: Andreas Rossberg <rossberg@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48871}
2017-10-24 11:44:26 +00:00
Ben L. Titzer
0957bd96ac [wasm] Fix subclassing for WebAssembly.* types.
R=rossberg@chromium.org

Bug: chromium:772636
Change-Id: I885f8657eb755953be17d7bf32aef2629092b9c2
Reviewed-on: https://chromium-review.googlesource.com/733086
Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48830}
2017-10-23 13:02:09 +00:00
Ben Smith
6c8ed9cf84 Fix WebAssembly.Memory deserialization in more complex objects
The wasm memory deserialization didn't properly increment the object id, so
wouldn't work properly if the memory object (or its contained
SharedArrayBuffer) where included multiple times in the object.

Bug: v8:6895
Change-Id: I5c4c25bad2ec6152883c5a7321038aba1950480a
Reviewed-on: https://chromium-review.googlesource.com/721630
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48767}
2017-10-20 01:18:13 +00:00
Andreas Haas
50ecc42cc7 [wasm] Change the memory access offset to pointer size
TurboFan expects the offset input of a Load or Store node to be a
pointer-size input, i.e. an int32 input on 32-bit platforms, and int64
on 64-bit platforms. In WebAssembly we always provided 32-bit offset
though, which caused problems when the high word of the register which
contained the offset was not empty.

With this CL we change the offset input to int64 on 64-bit platforms.
In addition we also change the type of the memory_size_ node to int64,
so that that we do not have to adjust the type of the memory size at
every memory load.

This CL will cause performance regressions but is necessary for
correctness and to avoid crashes.

R=titzer@chromium.org

Bug: chromium:766666
Change-Id: I5301e108d05e125258d2a06d500c1b75e91697b8
Reviewed-on: https://chromium-review.googlesource.com/723379
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48689}
2017-10-18 13:41:04 +00:00
Ben Smith
e60edd9505 Support postMessage of shared WebAssembly.Memory
This is only enabled when --experimental-wasm-threads is enabled.

In addition, only shared WebAssembly.Memory may be sent, as specified
here: https://github.com/WebAssembly/design/pull/1074/files#diff-8e85308ab5cc1e83e91ef59233648be2R227

Bug: v8:6895
Change-Id: Id009a7f890d15fa6c98e93f03806f7e7eff30c2a
Reviewed-on: https://chromium-review.googlesource.com/719417
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48609}
2017-10-16 17:43:51 +00:00
Ben L. Titzer
c02f5e3ab3 [wasm] Store the globals_start in WasmContext.
This CL removes the code specialization for WASM functions that access
globals. Previously, we were embedding the start address of the globals
memory (globals_start) as a constant in the code, which required
patching for every instance. We now put this base in to the WasmContext,
which is available as a parameter to every WasmFunction.

R=ahaas@chromium.org,
CC=mtrofin@chromium.org

Bug: 
Change-Id: I04bb739e898cc5a3b7dd081cc166483022d113fd
Reviewed-on: https://chromium-review.googlesource.com/712595
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48581}
2017-10-16 09:35:47 +00:00
Mathias Bynens
361bb1a047 [test] Refactor assertPromiseResult
This patch introduces assertPromiseFulfills and assertPromiseFulfills as
a replacement for assertPromiseResult because it’s more JavaScript-y.

BUG=v8:6921
R=ahaas@chromium.org

Also-By: ahaas@chromium.org
Change-Id: I2f865dba3992ddf3b58987bf0b376d143edb5c31
Reviewed-on: https://chromium-review.googlesource.com/718746
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48578}
2017-10-16 08:39:15 +00:00
Andreas Haas
78dfed3510 [wasm][cleanup] Rename kResizableMaximumFlag kHasMaximumFlag
This flag describes that the memory defined in a wasm module has a
maximum size. Therefore I think kHasMaximumFlag is more appropriate.

R=titzer@chromium.org

Bug: v8:6921
Change-Id: Ie794d670f74e7f1f9a42822e2f774da85aaaaa4b
Reviewed-on: https://chromium-review.googlesource.com/718198
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48517}
2017-10-13 08:05:11 +00:00
Clemens Hammacher
2a5dc0b3a1 [wasm] Fix JS api for more/less arguments than expected
Missing arguments are identical to undefined, and are converted to the
integer 0 by ECMAScript {ToInteger()}.
Add more tests, and enable previously disabled tests.

There is a follow-up refactoring here: https://crrev.com/c/704586

R=titzer@chromium.org, mstarzinger@chromium.org

Change-Id: I89cc259aaf5975ec2f6f51ff002e7d1b32adba5e
Reviewed-on: https://chromium-review.googlesource.com/704658
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48373}
2017-10-09 11:47:38 +00:00
Ben L. Titzer
afbfddd75e [wasm] Honor AllowCodegenFromStrings() for all WASM compile types.
R=clemensh@chromium.org

Bug: v8:6756
Change-Id: I3b25b89f3ead5c856be5c7ba3c7c236e595ce8de
Reviewed-on: https://chromium-review.googlesource.com/695524
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48333}
2017-10-06 08:50:51 +00:00
Deepti Gandluri
06d1ffb5c9 [wasm] Compute opcode length for Atomic ops
When atomic operations are used in loops, return the correct opcode length
for loop assignment.

Bug=v8:6842,v8:6532

Change-Id: I306db704d8a0baa5d98c05702360e6dfae11cbfa
Reviewed-on: https://chromium-review.googlesource.com/699561
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48273}
2017-10-04 00:59:08 +00:00
Deepti Gandluri
b380525b3b [wasm] Implement I32AtomicLoad, I32AtomicStore ops
Bug: V8:6532
Change-Id: I6713e1c01ec669b7fa9a09bb75fbecff12f6cc22
Reviewed-on: https://chromium-review.googlesource.com/685949
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48252}
2017-10-02 05:40:59 +00:00
Enrico Bacis
6cd7a5a73a [wasm] Introduce the WasmContext
The WasmContext struct introduced in this CL is used to store the
mem_size and mem_start address of the wasm memory. These variables can
be accessed at C++ level at graph build time (e.g., initialized during
instance building). When the GrowMemory runtime is invoked, the context
variables can be changed in the WasmContext at C++ level so that the
generated code will load the correct values.

This requires to insert a relocatable pointer only in the
JSToWasmWrapper (and in the other wasm entry points), the value is then
passed from function to function as an automatically added additional
parameter. The WasmContext is then dropped when creating an Interpreter
Entry or when invoking a JavaScript function. This removes the need of
patching the generated code at runtime (i.e., when the memory grows)
with respect to WASM_MEMORY_REFERENCE and WASM_MEMORY_SIZE_REFERENCE.
However, we still need to patch the code at instance build time to patch
the JSToWasmWrappers; in fact the address of the WasmContext is not
known during compilation, but only when the instance is built.

The WasmContext address is passed as the first parameter. This has the
advantage of not having to move the WasmContext around if the function
does not use many registers. This CL also changes the wasm calling
convention so that the first parameter register is different from the
return value register. The WasmContext is attached to every
WasmMemoryObject, to share the same context with multiple instances
sharing the same memory. Moreover, the nodes representing the
WasmContext variables are cached in the SSA environment, similarly to
other local variables that might change during execution.  The nodes are
created when initializing the SSA environment and refreshed every time a
grow_memory or a function call happens, so that we are sure that they
always represent the correct mem_size and mem_start variables.

This CL also removes the WasmMemorySize runtime (since it's now possible
to directly retrieve mem_size from the context) and simplifies the
GrowMemory runtime (since every instance now has a memory_object).

R=ahaas@chromium.org,clemensh@chromium.org
CC=gdeepti@chromium.org

Change-Id: I3f058e641284f5a1bbbfc35a64c88da6ff08e240
Reviewed-on: https://chromium-review.googlesource.com/671008
Commit-Queue: Enrico Bacis <enricobacis@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48209}
2017-09-28 16:14:03 +00:00
Clemens Hammacher
8f0cd1c244 [turbofan] Fix passing float parameters on the stack
There was an issue with passing float32 parameters, if the value was
spilled on the stack and passed as stack parameter.
First, we sometimes reduced the stack pointer by 8 bytes instead of 4,
and second, there was a mismatch between movsd and movss.

R=titzer@chromium.org

Bug: chromium:718858
Change-Id: Ia884df369ddd95adeff3733f9715f589996f0b65
Also-By: ahaas@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/684738
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48181}
2017-09-27 13:49:55 +00:00
Eric Holk
71655f47a0 [wasm] Enable trap handlers by default in D8 on Linux x64
Bug: v8:5277
Change-Id: I5887e2ac3742350c6cb4e5780e2c1c5d02baa34d
Reviewed-on: https://chromium-review.googlesource.com/673548
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48149}
2017-09-25 17:43:33 +00:00
Karl Schimpf
49106e4858 Add capability of throwing values in WASM
This is a second attempt at landing CL 644866 which was reverted by
CL 667019.

Extends the current implementation of WASM exceptions to be able to
throw exceptions with values (not just tags).

A JS typed (uint_16) array is used to hold the thrown values. This
allows all WASM types to be stored (i32, i64, f32, and f64) as well as
be inspected in JS.

The previous CL was reverted because the WASM compiler made calls to
run time functions with tagged objects, which must not be done. To fix
this, all run time calls use the thread-level isolate to hold the
exception being processed.

Bug: v8:6577
Change-Id: I4b1ef7e2847b71a2fab8e9934a0531057db9de63
Reviewed-on: https://chromium-review.googlesource.com/677056
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48148}
2017-09-25 16:58:19 +00:00