Also, remove {FunctionBodyForTesting}, which is only being used once.
Use the constructor directly instead.
R=ahaas@chromium.org
Change-Id: Ieceac41bf62ec2accf1bb39d8334563557c0dbbd
Reviewed-on: https://chromium-review.googlesource.com/847514
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50397}
Bug: v8:7217
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I97b067254355eb91e12b92eba92631cbc3ce8000
Reviewed-on: https://chromium-review.googlesource.com/839280
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50395}
As noted in the attached bug, accurately counting this would require
significant changes to the parser and is thus infeasible.
Bug: v8:7211
Change-Id: I61f14c948f50e0f97e596a9696d72a3570ad588a
Reviewed-on: https://chromium-review.googlesource.com/853214
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50393}
This reverts commit 9c79b37aa7.
Reason for revert: breaks TSAN
https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Linux64_TSAN%2F18959%2F%2B%2Frecipes%2Fsteps%2FCheck%2F0%2Flogs%2Finstance-gc%2F0
Original change's description:
> [wasm] use allocation tracker to track reserved address space
>
> This is a step towards falling back on bounds checks when there are too many
> guarded Wasm memories.
>
> Bug: v8:7143
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I01916cbdd5ddb08fe1d946ab83b801f37a8fe1c6
> Reviewed-on: https://chromium-review.googlesource.com/832944
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50390}
TBR=bbudge@chromium.org,gdeepti@chromium.org,eholk@chromium.org,eholk@google.com
Change-Id: I207b9466377ba50be17794e71407b0ebc8eb88e2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7143
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/853140
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50392}
These tests are gone from upstream.
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ie69be268d493a52e0d64b7bb216f3135dd111188
Reviewed-on: https://chromium-review.googlesource.com/853195
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50391}
This is a step towards falling back on bounds checks when there are too many
guarded Wasm memories.
Bug: v8:7143
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I01916cbdd5ddb08fe1d946ab83b801f37a8fe1c6
Reviewed-on: https://chromium-review.googlesource.com/832944
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50390}
Turns out gclient calls download_from_google_storage, which needs to be
included in PATH.
TBR=machenbach@chromium.org
Bug: v8:6105
Change-Id: I15d44d67152f6fa0d20ae7bc7e44bc5e0393b519
Reviewed-on: https://chromium-review.googlesource.com/852616
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50389}
Fixes nits found by @clemensh after
CL https://chromium-review.googlesource.com/c/v8/v8/+/834670
was committed. That is, the code uses static asserts instead of
assert.
Bug: v8:7226
Change-Id: I5488ec4609d1bee3aafa61a3ff2505f71b06d80d
Reviewed-on: https://chromium-review.googlesource.com/847687
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50388}
Otherwise dynamic linking with dlopen, as is the case with Node.js
addons, would not work.
R=fhinkel@chromium.org
Bug: v8:6105
Change-Id: I5a884afc003fdfdb9de7e9b0c736f1894ba0019a
Reviewed-on: https://chromium-review.googlesource.com/850112
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50384}
This CL removes some magic numbers used to convert floating values into
integer values, and the corresponding comments describing how they were
computed. It replaces these tests with template function is_inbounds()
that makes the compiler automatically generate the appropriate constants
and tests.
Note: This CL only changes the WASM interpreter to use is_inbounds(). Tests
have not yet been updated to guarantee that this change did not break anything.
Note: This change was initialed by a comment by @clemensh in
CL https://chromium-review.googlesource.com/c/v8/v8/+/834670.
Bug: v8:7226
Change-Id: I14c0962eb6ae20cf6647787c006924a208f7ce4a
Reviewed-on: https://chromium-review.googlesource.com/846280
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50383}
This adds the gn flag 'v8_untrusted_code_mitigations', which defaults to
true. If false, the DISABLE_UNTRUSTED_CODE_MITIGATIONS preprocessor
macro will be defined, which sets the default for the
--untrusted-code-mitigations runtime flag to false.
R=machenbach@chromium.org, hablich@chromium.org
CC=bmeurer@chromium.org
Bug: chromium:798964
Change-Id: Ief037e194dc9eeb7fe224b5d414a4ea8e69beb20
Reviewed-on: https://chromium-review.googlesource.com/852074
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50380}
Flags can be passed as "--any_flag" or "--any-flag". It seems that
people generally prefer the second form, but our help outputs the first
one. Avoid confusion by outputting the second form.
R=bmeurer@chromium.org
Change-Id: I21e07a7d2484ae78ccd27736f8373d53eb312818
Reviewed-on: https://chromium-review.googlesource.com/850692
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50376}
Even though kSpecMaxWasmMemoryPages == WasmModule::kPageSize, the
computation {wasm::kV8MaxWasmMemoryPages *
wasm::kSpecMaxWasmMemoryPages} is semantically wrong.
R=titzer@chromium.org
Change-Id: If4a875c714f1ca3c1fc928ec79b8be8aab62e8d0
Reviewed-on: https://chromium-review.googlesource.com/850072
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50375}
This makes the bitcasts that change pointerness effectful so that
they are not accidentally reordered with memory allocation.
Change-Id: I70e820fc0de1adb2a81b52a43bce4d47f2c304b9
Reviewed-on: https://chromium-review.googlesource.com/852052
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50374}
Remove the --extra-masking and --mask-array-index flags. Instead, use
--untrusted-code-mitigations directly.
This also changes the default for these flags: There were off by
default so far, but --untrusted_code_mitigations is on by default.
Store the value of the untrusted_code_mitigations flag in the
CompilationInfo in order to ensure that it stays consistent during the
compilation of one function.
R=jarin@chromium.org, bmeurer@chromium.org, hablich@chromium.orgCC=rmcilroy@chromium.org
Bug: chromium:798964
Change-Id: I15a919e741f0628afa6a6ea1e8274ad0c4399929
Reviewed-on: https://chromium-review.googlesource.com/850412
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50373}
Previously the Promise builtins would always use a runtime function to
schedule a new microtask, which is unnecessarily expensive. Since the
runtime function only adds the microtask to a FixedArray (potentially
growing that array) and increments the number of pending microtasks, it
is fairly straight-forward to do this in CSA land instead.
This change improves the Bluebird benchmarks by 2-4% on average.
Bug: v8:7253
Change-Id: I77e96b9e5afbb4bdbe129b6bb289d9905ed581bf
Reviewed-on: https://chromium-review.googlesource.com/851972
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50372}
WasmGraphBuilder contains fields which store state which is modified
during graph construction, other fields store information which is
never modified. Make the latter fields const.
R=mtrofin@chromium.org
Change-Id: I3ea57fbca6b24247989f5ae7260ffed2013ad82a
Reviewed-on: https://chromium-review.googlesource.com/850396
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50371}
Add a flag which controls our mitigations for executing untrusted code,
in particular mitigations against speculative side channel attacks.
The new flag (--untrusted-code-mitigations) is enabled by default, and
currently only controls the mitigations we do in wasm.
In the future, it should also replace the --extra-masking flag
controlling our javascript mitigations.
R=bradnelson@chromium.org, bmeurer@chromium.org
CC=hablich@chromium.org
Bug: chromium:798964
Change-Id: I94a008fdb95b6bce07d547a8b81ec9f23f392496
Reviewed-on: https://chromium-review.googlesource.com/850212
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50370}
Create a new function kind for initializer functions and ban arguments
if used in such a function.
Bug: v8:5367, v8:7183
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Id3089e587b3d6a25f27224045f250e032b831818
Reviewed-on: https://chromium-review.googlesource.com/850547
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50369}
These APIs have been marked as deprecated for more than 6 months.
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I4f05a8904c367f335be7e159709f564362c8bbd9
Reviewed-on: https://chromium-review.googlesource.com/848782
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50368}
This changes the names of the builtins on the Promise.prototype to match
the general naming convention and make it easier to tell what the
builtin is about just by looking at its name.
Bug: v8:7253
Change-Id: I906cc6fc14a6b9d8ffe9c0dcfd94b50439c4cfcf
Reviewed-on: https://chromium-review.googlesource.com/850698
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50367}
This is a simple refactoring to make the code dealing with the marker
symbols for the default resolve/reject handlers more readable.
Bug: v8:7253
Change-Id: Ife279e77007d52ad11fed3726009d60d7c352c33
Reviewed-on: https://chromium-review.googlesource.com/850696
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50366}
This patch breaks out bailout reasons into two enum classes.
This helps save 3 bits on the SharedFunctionInfo as we don't have to
track the abort reasons.
Change-Id: Ic2e7e7e32b0fa31491f1c6f0003a61390d68fd97
Reviewed-on: https://chromium-review.googlesource.com/848244
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50364}
The initial fast array may change, invalidating assumptions.
Bug: chromium:798026
Change-Id: Iddcc40867221a2a58aef33b64e7399e0f2784e89
Reviewed-on: https://chromium-review.googlesource.com/850356
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50363}
I added additional exception logging in the execution.py since
errors in processing results were really difficult to debug.
There is a problem on Windows with class serialization when
it comes from dynamically loaded module. To fix it I moved all
output processors to the tools/testrunner/outproc/ and import
them in test/*/testcfg.py.
Bug: v8:6917
Change-Id: Ida604641d659b006e91faf1d56a37769ec47f5f3
Reviewed-on: https://chromium-review.googlesource.com/842784
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50361}
DeadValue was a constant node of type None. This is unsound in the
presence of re-scheduling. This CL adds a value input to DeadValue,
which preserves the dependency on the original node of type None.
This reland addresses the bug that the EffectControlLinearizer could destroy dependencies of DeadValue by attaching DeadValue nodes to the effect chain in the EffectControlLinearizer.
Bug: chromium:796041 chromium:798938
Change-Id: If47b54a7986d257eb63b437f855769b503679ff5
Reviewed-on: https://chromium-review.googlesource.com/850392
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50360}
The Promise builtins call out to arbitrary JavaScript a lot, but always
use the generic Call builtin with the "any" mode, which means that the
builtin has to dispatch based on the type of receiver. Yet these
builtins always know for sure that the receiver is either undefined or
definitely not null or undefined. So this changes the builtins to pass
the correct ConvertReceiverMode and thus save a couple of checks.
Bug: v8:7253
Change-Id: I4efbc1e379169cbeefc40e5455713cd7fbe947ed
Reviewed-on: https://chromium-review.googlesource.com/850000
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50359}
Array.prototype.{forEach, filter, map, every} get this support
with the help of a new opcode NumberIsFloat64Hole.
Bug: v8:1956
Change-Id: Ic6a785590cec66bae4c1462c19d6843c0aa5473b
Reviewed-on: https://chromium-review.googlesource.com/847435
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50358}
This adds support for get_local and set_local to the wasm compile
fuzzer. Each function will have between 0 and 32 locals of random type.
For set_local, we generate a value of the respective type and store it
in the local. For get_local, we load any local and convert it to the
wanted type.
Note that with get_local, we now also check that parameters are passed
correctly between functions.
Drive-by: Fix parameters passed to the main function (was [1,2,3] for
the interpreter, but [1,1,1] for compiled code).
R=ahaas@chromium.org, eholk@chromium.org
Change-Id: I38e85fe25b1fb4ac298fa81ec8e33711294e78bb
Reviewed-on: https://chromium-review.googlesource.com/847535
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50355}
These checks seem to be redundant, since the relevant information of
both Array.prototype and Object.prototype is already guarded by the
NoElements protector, which guarantees no indexed data and accessor
properties.
Bug: v8:7127, v8:7205
Change-Id: I0785c31670c04a3db29eefdc2f75cc63971fed3b
Reviewed-on: https://chromium-review.googlesource.com/848780
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50354}
This removes a stability check from CanInlineArrayResizeOperation. This
is safe, since all prototype maps are either stable or in dictionary
mode, where the latter is ruled out separately.
Bug: v8:7127, v8:7205
Change-Id: I3a07805cb89f41adf031c6c2a6dd5b2defcb87a8
Reviewed-on: https://chromium-review.googlesource.com/848778
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50353}
This reverts commit 1685b5d27a.
Reason for revert: Was probably caused by infra change:
https://crrev.com/c/845781
Original change's description:
> Revert "[test] Move has unexpected output to outproc."
>
> This reverts commit 71605b3ea4.
>
> Reason for revert: Seems to break static-initializers step:
> https://build.chromium.org/p/client.v8/builders/V8%20Linux64/builds/22156
>
> Original change's description:
> > [test] Move has unexpected output to outproc.
> >
> > Expected outcomes optimized to serialize [PASS] as None.
> >
> > Keeping expected outcomes inside output processors should be
> > optimized in the future. Few possible optimizations:
> > - separate classes for tests that are expected to PASS - done as
> > an example in mozilla test suite.
> > - cache output processors inside testcase.
> > - share output processors between copies of the same test - needs
> > some updates to the create_variant to update outproc only if
> > expected outcomes changed.
> >
> > Bug: v8:6917
> > Change-Id: Ie73f1dcdf17fdfc65bce27228f818b1dd1e420c9
> > Reviewed-on: https://chromium-review.googlesource.com/843025
> > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#50347}
>
> TBR=machenbach@chromium.org,sergiyb@chromium.org,majeski@google.com
>
> Change-Id: Ice1f3aee0a26f7f38996459d38fd6e0bd964113d
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: v8:6917
> Reviewed-on: https://chromium-review.googlesource.com/849572
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50348}
TBR=bbudge@chromium.org,machenbach@chromium.org,sergiyb@chromium.org,majeski@google.com
Change-Id: I7a522b6487de6e96985d223524533493eb9171f0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6917
Reviewed-on: https://chromium-review.googlesource.com/848975
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50350}
This reverts commit 71605b3ea4.
Reason for revert: Seems to break static-initializers step:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64/builds/22156
Original change's description:
> [test] Move has unexpected output to outproc.
>
> Expected outcomes optimized to serialize [PASS] as None.
>
> Keeping expected outcomes inside output processors should be
> optimized in the future. Few possible optimizations:
> - separate classes for tests that are expected to PASS - done as
> an example in mozilla test suite.
> - cache output processors inside testcase.
> - share output processors between copies of the same test - needs
> some updates to the create_variant to update outproc only if
> expected outcomes changed.
>
> Bug: v8:6917
> Change-Id: Ie73f1dcdf17fdfc65bce27228f818b1dd1e420c9
> Reviewed-on: https://chromium-review.googlesource.com/843025
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50347}
TBR=machenbach@chromium.org,sergiyb@chromium.org,majeski@google.com
Change-Id: Ice1f3aee0a26f7f38996459d38fd6e0bd964113d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6917
Reviewed-on: https://chromium-review.googlesource.com/849572
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50348}
