Commit Graph

465 Commits

Author SHA1 Message Date
Clemens Hammacher
3ced15cb03 [wasm] [fuzzer] Fix segfault
Even though we were generating additional arguments with default value
in the case that the caller was not providing enough, we then passed
the original pointer, leading to potential out-of-bounds accesses.

R=ahaas@chromium.org

Bug: chromium:763294,chromium:763297
Change-Id: Id18622d0d40e0408e26a5fc6f97494b5f9e18d17
Reviewed-on: https://chromium-review.googlesource.com/657699
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47930}
2017-09-08 19:12:27 +00:00
Andreas Haas
7b53a0e010 [wasm] Avoid executing infinite loops in the wasm fuzzers
The wasm-async fuzzer uses the bytes provided by the fuzzer engine
directly as wasm module bytes, compiles them with async compilation, and
then tries to execute the "main" function of the module. This "main"
can have an infinite loop which causes a timeout in the fuzzer. With
this CL the "main" function is first executed with the interpreter. If
the execution in the interpreter finishes within 16k steps, which means
that there is no infinite loop, also the compiled code is executed.

I added the raw fuzzer input as a test case because in this case I
really want to test the fuzzer and not V8.

R=clemensh@chromium.org

Bug: chromium:761784
Change-Id: Id1fe5da0da8670ec821ab9979fdb9454dbde1162
Reviewed-on: https://chromium-review.googlesource.com/651046
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47874}
2017-09-07 12:35:45 +00:00
Ben L. Titzer
6377519f2e [asmjs] --validate-asm should not expose the WASM API.
R=mstarzinger@chromium.org

Bug: v8:6756
Change-Id: Ic748a4848f66dfcd9b8577d615669b61670e5431
Reviewed-on: https://chromium-review.googlesource.com/647757
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47799}
2017-09-04 13:31:32 +00:00
Ben L. Titzer
c35c54bb20 [wasm] Naming consistency for min/max pages and sizes in wasm-module.h
This is a pure renaming CL; no functionality changes.

R=mtrofin@chromium.org

Bug: 
Change-Id: I2f8262bdb17b9256d5b66fad56a7e51063f6f0d9
Reviewed-on: https://chromium-review.googlesource.com/610007
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47282}
2017-08-10 15:43:10 +00:00
Mircea Trofin
3f1e32b336 [wasm] Clarify source of runtime information for interpreter.
This is part of the effort to consolidate the ownership of
wasm instantiation/specialization parameters.

This change is focused solely on the interpreter part of that effort, to
verify we're not regressing performance in interpreter benchmarks.

There are two aspects being addressed:
- dataflow-wise, we always fetch the interpreter's memory view from the
runtime objects (i.e. WasmInstanceObject/WasmCompiledModule). This is
consistent with how other instance-specific information is obtained
(e.g. code, indirect functions).

- representation-wise, we do not reuse ModuleEnv/WasmInstance just for
the memory view, because it is surprising that other instance info isn't
accessed from there. 

Bug: 
Change-Id: I536fbffd8e1f142a315fa1770ba9b08319f56a8e
Reviewed-on: https://chromium-review.googlesource.com/602083
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47205}
2017-08-07 18:14:23 +00:00
Clemens Hammacher
1bf5ac8cd9 [wasm] Extract WasmVal to own header and rename to WasmValue
This allows to reuse the class e.g. in the baseline compiler.

R=titzer@chromium.org

Change-Id: I7251af16e8c74f267834a9cefb676edf3c9f3a07
Reviewed-on: https://chromium-review.googlesource.com/570020
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46735}
2017-07-18 13:12:56 +00:00
Clemens Hammacher
b53141eca3 Reland "[wasm] Don't store global handles in the interpreter"
This is a reland of 5648aad553.
Previous compile error should be fixed by disabling strict aliasing
assumptions on gyp: https://chromium-review.googlesource.com/c/571806

Original change's description:
> [wasm] Don't store global handles in the interpreter
> 
> Storing global handles in the interpreter is dangerous, because the
> global handles are strong roots into the heap. The interpreter itself is
> referenced from the heap via a Managed. Hence the interpreter keeps the
> instance alive, while the instance keeps the Managed alive. So the GC
> will never collect them.
> 
> This CL refactors this to only store the handle to the instance object
> while executing in the interpreter, and clearing it when returning.
> It also removes the cache of import wrappers, as it should not be
> performance critical, but keeps lots of objects alive. If it turns out
> to be performance critical, we will have to reintroduce such a cache
> stored in the WasmDebugInfo object.
> 
> R=titzer@chromium.org
> CC=ahaas@chromium.org
> 
> Bug: chromium:610330
> Change-Id: I54b489dadc16685887c0c1a98da6fd0df5ad7cbb
> Reviewed-on: https://chromium-review.googlesource.com/567058
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46629}

TBR=titzer@chromium.org

Bug: chromium:610330
Change-Id: Ic7836b1b1a044a89f2138f0c76f92acd3a1b2f2b
Reviewed-on: https://chromium-review.googlesource.com/570578
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46679}
2017-07-14 14:37:22 +00:00
Clemens Hammacher
199a26f735 Revert "[wasm] Don't store global handles in the interpreter"
This reverts commit 5648aad553.

Reason for revert: Compile error on mips:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Mips%20-%20builder/builds/10732

Original change's description:
> [wasm] Don't store global handles in the interpreter
> 
> Storing global handles in the interpreter is dangerous, because the
> global handles are strong roots into the heap. The interpreter itself is
> referenced from the heap via a Managed. Hence the interpreter keeps the
> instance alive, while the instance keeps the Managed alive. So the GC
> will never collect them.
> 
> This CL refactors this to only store the handle to the instance object
> while executing in the interpreter, and clearing it when returning.
> It also removes the cache of import wrappers, as it should not be
> performance critical, but keeps lots of objects alive. If it turns out
> to be performance critical, we will have to reintroduce such a cache
> stored in the WasmDebugInfo object.
> 
> R=​titzer@chromium.org
> CC=ahaas@chromium.org
> 
> Bug: chromium:610330
> Change-Id: I54b489dadc16685887c0c1a98da6fd0df5ad7cbb
> Reviewed-on: https://chromium-review.googlesource.com/567058
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46629}

TBR=titzer@chromium.org,clemensh@chromium.org

Change-Id: Ifadfb885f937f37bb3eab4732a97f20ff40c2583
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:610330
Reviewed-on: https://chromium-review.googlesource.com/569962
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46630}
2017-07-13 11:04:36 +00:00
Clemens Hammacher
5648aad553 [wasm] Don't store global handles in the interpreter
Storing global handles in the interpreter is dangerous, because the
global handles are strong roots into the heap. The interpreter itself is
referenced from the heap via a Managed. Hence the interpreter keeps the
instance alive, while the instance keeps the Managed alive. So the GC
will never collect them.

This CL refactors this to only store the handle to the instance object
while executing in the interpreter, and clearing it when returning.
It also removes the cache of import wrappers, as it should not be
performance critical, but keeps lots of objects alive. If it turns out
to be performance critical, we will have to reintroduce such a cache
stored in the WasmDebugInfo object.

R=titzer@chromium.org
CC=ahaas@chromium.org

Bug: chromium:610330
Change-Id: I54b489dadc16685887c0c1a98da6fd0df5ad7cbb
Reviewed-on: https://chromium-review.googlesource.com/567058
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46629}
2017-07-13 10:56:34 +00:00
jgruber
14e80e5c91 Add Smi::ToInt helper method
This adds a convenience method for the common Smi to int conversion
pattern.

Bug: 
Change-Id: I7d7b171c36cfec5f6d10c60f1d9c3e06e3aed0fa
Reviewed-on: https://chromium-review.googlesource.com/563205
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46516}
2017-07-10 13:33:03 +00:00
Clemens Hammacher
d6aed4435f [wasm] Use pending exceptions consistently
In our internal code, we should only use pending exceptions. They will
be converted to scheduled exceptions on the API boundary.
Hence, the ErrorThrower just sets a pending exception; it should never
have to think about scheduled exceptions. The new
ScheduledErrorThrower inherits from ErrorThrower and reschedules any
pending exceptions in its destructor (turning them into scheduled
exceptions).
In some situations, there might already be a scheduled exception, e.g.
when calling other API methods (v8::Value::Get). In this case, the
ErrorThrower should also not set another pending exception. For the
reasons mentioned above, this can only be handled in the
ScheduledErrorThrower, which is used the API methods.

This fixes one DCHECK failure and one TODO about scheduled exceptions
if no instance can be created, because the start function throws.

R=mtrofin@chromium.org, mstarzinger@chromium.org
BUG=v8:6232,chromium:736256

Change-Id: I4905be04c565df9495de18fb26adbb5c05d193d2
Reviewed-on: https://chromium-review.googlesource.com/548641
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46314}
2017-06-29 10:23:45 +00:00
Karl Schimpf
ab52ddaa3e Fix reverted PR for making histogram timers thread safe.
Removes from CL https://codereview.chromium.org/2929853003 code to fix
histogram timers in class WasmCompilationUnit. This was done because
the CL was reverted due to errors caused by background compiles that
updated UMA histogram timers.

The goal of this CL is to reland the remaining portion of the reverted
CL.

Bug:v8:6361

Change-Id: Ic03ceb118734bd55c463a843521bcd5b09342afe
Reviewed-on: https://chromium-review.googlesource.com/550196
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Karl Schimpf <kschimpf@google.com>
Cr-Commit-Position: refs/heads/master@{#46268}
2017-06-27 20:03:12 +00:00
Michael Achenbach
f7d60ab798 Revert "Remove DCHECK for isolate->counters()"
This reverts commit ee0e295d8e.

Suspect for http://crbug.com/736676
Another dcheck fails, starting after the reverted CL, e.g.:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064%20%28dbg%29/builds/8666

BUG=chromium:736676,v8:6361
TBR=kschimpf@chromium.org,mtrofin@chromium.org
NOTRY=true
NOPRESUBMIT=true

Change-Id: I160b996a07d77f90a96864f3ae84f861f495ed42
Reviewed-on: https://chromium-review.googlesource.com/547425
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46196}
2017-06-26 06:41:57 +00:00
kschimpf
ee0e295d8e Remove DCHECK for isolate->counters()
This is a fix to https://codereview.chromium.org/2929853003 that got
reverted. The DCHECK checked to see that it was not in a background
thread. While this is a property we want for v8, it is also used
by blink, and blink violates this property.

Therefore, this CL removes the DCHECK for now.

BUG=v8:6361

Review-Url: https://codereview.chromium.org/2961443002
Cr-Commit-Position: refs/heads/master@{#46190}
2017-06-23 20:17:03 +00:00
Michael Achenbach
e65aeada27 Revert "Fix use of history timers in background threads."
This reverts commit d4a108078d.

Reason:
Fails on gpu bots:
https://build.chromium.org/p/client.v8.fyi/builders/Linux%20Release%20%28NVIDIA%29/builds/2145

# Fatal error in ../../v8/src/isolate.h, line 878
# Check failed: !IsIsolateInBackground().

BUG=v8:6361
TBR=kschimpf@chromium.org,cbruni@chromium.org,mtrofin@chromium.org,jochen@chromium.org,ulan@chromium.org

NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true

Change-Id: I5cf0241b3932b3c500598207b684a4b37936d0f8
Reviewed-on: https://chromium-review.googlesource.com/544825
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46154}
2017-06-23 06:36:19 +00:00
kschimpf
d4a108078d Fix use of history timers in background threads.
HistoryTimer's can't run in the background because they use a timer
with a simple api of Start() and Stop(). This CL fixes this problem
by building a base class TimedHistogram that doesn't have a timer.

The class HistoryTimer is modified to use this base class so that
uses that run on the foreground thread do not need to be modified.

It also adds a new class TimedHistogramScope that defines the timer
in this class. This allows the corresopnding TimedHistogram class to
be type safe.

BUG=v8:6361

Review-Url: https://codereview.chromium.org/2929853003
Cr-Commit-Position: refs/heads/master@{#46150}
2017-06-22 22:14:24 +00:00
Andreas Haas
6828887b85 [wasm] Remove the wasm-asmjs fuzzer
The fuzzer has already been removed from chromium. In addition I removed
code which was only used by this fuzzer.

BUG=chromium:734550
R=clemensh@chromium.org
CC=mstarzinger@chromium.org

Change-Id: I2ff4614e4d64131412ead759318e5c38e38f5d3d
Reviewed-on: https://chromium-review.googlesource.com/542816
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46078}
2017-06-21 10:59:35 +00:00
Andreas Haas
9240b556c2 [cleanup] Templatize the EnableFlagScope
The EnableFlagScope is useful also for non-boolean flags. With the
template we can use if for example in the wasm fuzzers to reduce the
maximum memory size of a wasm module.

In addition I put the EnableFlagScope into the v8::internal namespace,
and I fixed a small typo.

BUG=v8:6474
R=clemensh@chromium.org

Change-Id: Iae5d5c058c334cd0f9e09d20adfd229fc2d6c585
Reviewed-on: https://chromium-review.googlesource.com/531005
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45862}
2017-06-12 15:26:12 +00:00
Clemens Hammacher
2e59227006 [wasm] [cleanup] Remove InstantiateModuleForTesting
This method is dead now (after
https://chromium-review.googlesource.com/529844 and
https://chromium-review.googlesource.com/529210).

R=ahaas@chromium.org
BUG=v8:6474

Change-Id: Icd355283312bfae712c0db61bb5049925762060b
Reviewed-on: https://chromium-review.googlesource.com/530312
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45861}
2017-06-12 13:37:52 +00:00
Clemens Hammacher
6a36b2a040 [wasm] [cleanup] Remove CompileInstantiateWasmModuleForTesting
This is a testing-only function, which is semantically equivalent to a
SyncCompile followed by SyncInstantiate.
We add a new SyncCompileAndInstantiate function to do those two steps
in one go, and use this method instead.
For AsmJs modules, a new testing function CompileAndRunAsmWasmModule is
introduced.

This is part of our effort to reduce the number of special paths for
testing. It is connected with
https://chromium-review.googlesource.com/529210, but should not
conflict with it.
After landing both CLs, we can later also get rid of
InstantiateModuleForTesting.

R=ahaas@chromium.org, mtrofin@chromium.org
BUG=v8:6474

Change-Id: I7891e968370d5eb68803076ce2639c65a2799dcc
Reviewed-on: https://chromium-review.googlesource.com/529844
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45852}
2017-06-12 11:52:13 +00:00
Andreas Haas
1d0a582440 [wasm][cleanup] Use the normal production pipeline for the fuzzers
This CL removes unnecessary code duplication in the fuzzer code. Instead
of having special testing functions to compile and instantiate a
WebAssembly module, we now just call SyncCompile and SyncInstantiate.

This also fixed a problem when the fuzzer generated a GrowMemory
instruction.

BUG=v8:6474
R=clemensh@chromium.org

Change-Id: I5f2f23349b5866ea67be20a0826271791e1a013e
Reviewed-on: https://chromium-review.googlesource.com/529210
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45851}
2017-06-12 11:42:02 +00:00
Clemens Hammacher
be1135132a [wasm] [cleanup] Avoid shouting WASM
This CL removes most occurences of "WASM" from outputs and comments in
the code. They are replaced either by "WebAssembly" or (especially in
comments) "wasm". These are the spellings officially proposed on
http://webassembly.org/.

R=ahaas@chromium.org
BUG=v8:6474

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Id39fa5e25591678263745a4eab266db546e65983
Reviewed-on: https://chromium-review.googlesource.com/529085
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45824}
2017-06-09 16:24:19 +00:00
Clemens Hammacher
45618a9ab5 [wasm] Make prototype flags experimental
Most prototype implementations are not fully supported in the
interpreter. This is the case at least for exception handling, simd, and
atomics. Any function can be redirected to the interpreter though,
either by passing --wasm-interpret-all, or by dynamically redirecting to
the interpreter for debugging.
Making the flags experimental keeps the fuzzer from playing around with
these flags.

Drive-by: Refactor tests which explicitly set the prototype flag to use
a new scope for that.

R=ahaas@chromium.org
BUG=chromium:727584

Change-Id: I67da79f579f1ac93c67189afef40c6524bdd4430
Reviewed-on: https://chromium-review.googlesource.com/519402
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45639}
2017-05-31 14:18:08 +00:00
Wiktor Garbacz
9a8efd8a4e [cleanup] Remove return after UNREACHABLE
Change-Id: I20ed35a7fb5104a9cc66bb54fa8966589c43d7f9
Reviewed-on: https://chromium-review.googlesource.com/507287
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Cr-Commit-Position: refs/heads/master@{#45458}
2017-05-22 13:10:01 +00:00
Clemens Hammacher
da172451c6 [wasm] Fix memory management for Result types
Make ModuleResult and FunctionResult return Result<std::unique_ptr<X>>.
This makes memory ownership and transfer of ownership more clear and
avoids a lot of manual releases of the referenced native heap object.

R=ahaas@chromium.org

Change-Id: I7a3f5bd7761b6ae1ebdc7d17ff1b96a8df599871
Reviewed-on: https://chromium-review.googlesource.com/498352
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45160}
2017-05-08 14:26:57 +00:00
Clemens Hammacher
af85b62fc8 [wasm] [cleanup] Extract base class for Result<T>
This avoids generating redundant code for different template
instantiations.
I also introduce getters instead of accessing the fields directly.

R=ahaas@chromium.org
BUG=v8:6325

Change-Id: I3e0eca9ef6a01e0a3ebb73f4f357bcb59e120f43
Reviewed-on: https://chromium-review.googlesource.com/490166
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44976}
2017-04-28 12:32:15 +00:00
Clemens Hammacher
9deed4095d [wasm] [cleanup] Always use macros for memory operations
The only users of the LoadStoreOpcodeOf function were a number of
macros in wasm-macro-gen.h, and three test functions using it directly.
This CL refactors those functions to also use the macros.
In one case, this requires storing the value in a local variable first.

R=ahaas@chromium.org

Change-Id: Ia2fbf67a3831fafc9345e155eb240cf1bf6feb5d
Reviewed-on: https://chromium-review.googlesource.com/486842
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44885}
2017-04-26 11:49:50 +00:00
Clemens Hammacher
fc6d4a1f08 [wasm] Move wasm-macro-gen.h to test/common/wasm
This header file is only used from tests.
Also, move the LoadStoreOpcodeOf method (only used in tests) from
wasm-opcodes.h to wasm-macro-gen.h.

R=ahaas@chromium.org

Change-Id: I8d4691be494b5c1fbe3084441329850930bad647
Reviewed-on: https://chromium-review.googlesource.com/486861
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44845}
2017-04-25 11:59:48 +00:00
Clemens Hammacher
d50ebde72d [wasm] Refactor wasm::Result type
- Store std::string instead of std::unique_ptr<char[]> for the error
  message.
- Remove ErrorCode, which was just kSuccess and kError anyway. Error is
  now detected on whether error_msg_ is empty or not.
- Refactor constructors for perfect forwarding; this will allow us to
  implement Result<std::unique_ptr<X*>>.
- Refactor Decoder::toResult for perfect forwarding.
- Remove output operators (operator<<) for Result; it was only used in
  the error case anyway. Print error message directly instead.
  The operator was problematic since it assumed the existence of an
  output operator for every T which is used in Result<T>.
- Remove ModuleError and FunctionError, introduce general static
  Result<T>::Error method instead.

R=ahaas@chromium.org

Change-Id: I1e0f602a61ee9780fee2a3ed33147d431fb092ba
Reviewed-on: https://chromium-review.googlesource.com/472748
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44518}
2017-04-10 12:26:51 +00:00
Clemens Hammacher
95c5c76fe3 [wasm] [fuzzer] Bound the number of steps to execute
To avoid running infinitely or hitting the stack size limit, bound the
number of steps to execute in the interpreter to 16k.

R=ahaas@chromium.org
BUG=chromium:708457

Change-Id: Ib101bbbc06627641dae2fd1cd1a8d950aa504eaf
Reviewed-on: https://chromium-review.googlesource.com/469609
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44446}
2017-04-06 14:20:18 +00:00
Clemens Hammacher
b8f8860161 [wasm] [interpreter] Implement indirect function calls
This CL adds support for indirect function calls to the interpreter. It
can indirectly call other wasm function in the same instance, which are
then executed in the interpreter, or call imported functions.

Implementing this required some refactoring:
- The wasm interpreter now unwraps import wrappers on demand, instead
  of unwrapping all of them on instantiation and storing a vector of
  handles. This also avoids the DeferredHandleScope completely, instead
  we just store two global handles in the code map.
- The interpreter gets the code table, function tables and signature
  tables directly from the attached wasm instance object. This ensures
  that the interpreter sees all updates to tables that might have been
  performed by external code.
- There is now common functionality for calling a code object. This is
  used for direct calls to imported functions and for all indirect
  calls. As these code objects can also be wasm functions which should
  be executed in the interpreter itself, I introduce a struct to hold
  the outcome of calling the code object, or a pointer to
  InterpreterCode to be called in the interpreter.

R=ahaas@chromium.org
BUG=v8:5822

Change-Id: I20fb2ea007e79e5fcff9afb4b1ca31739ebcb83f
Reviewed-on: https://chromium-review.googlesource.com/458417
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44059}
2017-03-23 10:54:58 +00:00
Clemens Hammacher
0a4c5c4411 [wasm] Cleanup wasm interpreter
This is a cleanup in preparation to implement calling imported
functions via the wasm interpreter.
For imported functions, we do not create entries in the
interpreter_code_ vector any more.

I also simplified the interface and removed unused or redundant return
values. More things are now DCHECKed instead of bailing out.

Also, we previously had two PushFrame methods: One is supposed to
initialize the interpreter from external code (i.e. adds the first
frame to the stack), the other one is used to push new frames on the
frame stack for called functions. This CL renames the first to
InitFrame, and makes it use the second one. The other remaining user is
the DoCall method.

R=titzer@chromium.org
BUG=v8:5822

Change-Id: Id09ff1e3256428fbd8c955e4664507a0c3167e53
Reviewed-on: https://chromium-review.googlesource.com/453482
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43793}
2017-03-14 16:18:18 +00:00
titzer
df834f3ff2 [wasm] Split the compilation and instantiation API into sync and async methods.
This makes it easier to implement asynchronous compilation by hiding all the implementation details of both synchronous and asynchronous compilation within wasm-module.cc, whereas before the code in wasm-js.cc actually implemented asynchronous compilation in terms of synchronous.

BUG=

Review-Url: https://codereview.chromium.org/2695813005
Cr-Commit-Position: refs/heads/master@{#43310}
2017-02-20 10:41:57 +00:00
Marja Hölttä
2d9b9faf17 [iwyu, wasm] Remove unallowed includes to objects-inl.h from wasm.
R=mstarzinger@chromium.org
BUG=v8:5294

Change-Id: If2cdb4d38829e69ddd8aecb99c99c3a03050f57c
Reviewed-on: https://chromium-review.googlesource.com/441824
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43158}
2017-02-13 15:05:37 +00:00
marja
92f36954bb [iwyu] Include handles.h less.
These headers only need forward declarations.

BUG=v8:5294

Review-Url: https://codereview.chromium.org/2654253002
Cr-Commit-Position: refs/heads/master@{#42740}
2017-01-27 13:53:13 +00:00
mtrofin
8da82d30b8 [wasm] No need to use multiple inheritance for ModuleBytesEnv
Chromium coding standard
(https://chromium.googlesource.com/chromium/src/+/master/styleguide/c++/c++.md#Multiple-inheritance)

In this case, a structure associating the 2 values is sufficient.

BUG=

Review-Url: https://codereview.chromium.org/2651903002
Cr-Commit-Position: refs/heads/master@{#42618}
2017-01-24 07:11:01 +00:00
gdeepti
ca03447cae [wasm] Internal Instantiate function should not take memory as an arg from wasm
BUG=5823

R=bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2636803002
Cr-Commit-Position: refs/heads/master@{#42355}
2017-01-16 08:58:25 +00:00
rossberg
022635bf0d Implement Instance instances correctly; fix a few error cases
R=titzer@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2620263003
Cr-Commit-Position: refs/heads/master@{#42288}
2017-01-12 20:32:27 +00:00
titzer
55fc5c0c32 [wasm] Rename wasm::LocalType to wasm::ValueType and kAst* to kWasm*
This is more renaming work to comply with the naming in the public
design repository. E.g. types are called "value types" and we no longer
refer to ASTs.

R=clemensh@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2594993002
Cr-Commit-Position: refs/heads/master@{#41891}
2016-12-21 13:43:00 +00:00
clemensh
081ac37048 [wasm] Introduce WasmSharedModuleData and refactor other objects
The new object will hold information which is shared by all clones of a
WasmCompiledModule, e.g. the decoded asm.js offset table, and in the
future also breakpoints. From there, we can set them on each new
instantiation of any clone.

While already changing lots of the code base, I also renamed all
getters from "get_foo" to "foo", to conform to the style guide.

R=titzer@chromium.org, yangguo@chromium.org
BUG=v8:5732

Review-Url: https://codereview.chromium.org/2591653002
Cr-Commit-Position: refs/heads/master@{#41862}
2016-12-20 14:34:07 +00:00
clemensh
6572b5622e [wasm] Remove raw byte pointers from WasmModule
These byte pointers (module_start and module_end) were only valid
during decoding. During instantiation or execution, they can get
invalidated by garbage collection.
This CL removes them from the WasmModule struct, and introduces a new
ModuleStorage struct as interface to the wasm wire bytes.
Since the storage is often needed together with the ModuleEnv, a new
ModuleStorageEnv struct holds both a ModuleEnv and a ModuleStorage.
The pointers in the ModuleStorage should never escape the live range of
this struct, as they might point into a SeqOneByteString or ArrayBuffer.
Therefore, the WasmInterpreter needs to create its own copy of the
whole module.
Runtime functions that previously used the raw pointers in WasmModule
(leading to memory errors) now have to use the SeqOneByteString in the
WasmCompiledModule.

R=titzer@chromium.org
BUG=chromium:669518

Review-Url: https://codereview.chromium.org/2540133002
Cr-Commit-Position: refs/heads/master@{#41388}
2016-11-30 15:03:06 +00:00
titzer
72c3732f0f [wasm] Use more precise types for some WASM objects.
R=clemensh@chromium.org,mtrofin@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2510673002
Cr-Commit-Position: refs/heads/master@{#41043}
2016-11-16 16:18:10 +00:00
ahaas
1bde83046e [wasm] Reimplement function verification in the module decoder.
This CL adds the function verification option to the module decoder.
Therefore we can remove the verification in wasm-module-runner.cc

R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2496203002
Cr-Commit-Position: refs/heads/master@{#40977}
2016-11-14 19:46:19 +00:00
titzer
fa9c25cebf [wasm] Move all heap-allocated WASM structures into wasm-objects.h.
This CL moves all heap-allocated WASM data structures, both ones
that are bonafide JSObjects and ones that are FixedArrays only, into a
consistent place with consistent layout. Note that not all accessors are complete, and I haven't fully spread the new static typing goodness
to all places in the code.

R=ahaas@chromium.org,rossberg@chromium.org
CC=gdeepti@chromium.org,mtrofin@chromium.org,clemensh@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2490663002
Cr-Commit-Position: refs/heads/master@{#40913}
2016-11-11 11:13:17 +00:00
ahaas
ac183d492f [wasm] Fix bounds check in LoadDataSegments.
The bounds check in LoadDataSegment was off by one. I also improved the
error message, and fixed an issue where data was initialized even if
the bounds check failed.

In InstantiateModuleForTesting I allow instantiation of modules without
exports. This check was legacy code from the time where instantiation
and execution was still combined in a single function.

R=titzer@chromium.org, rossberg@chromium.org
TEST=cctest/test-run-wasm-module/InitDataAtTheUpperLimit

Review-Url: https://codereview.chromium.org/2486183002
Cr-Commit-Position: refs/heads/master@{#40856}
2016-11-09 11:41:23 +00:00
ahaas
1fe7a91751 [wasm] Fix memory leak in wasm-module-runner.cc
BUG=chromium:658057
R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2446593002
Cr-Commit-Position: refs/heads/master@{#40586}
2016-10-26 12:08:50 +00:00
ahaas
57b14b0606 [wasm] Track in the interpreter if a NaN could have been produced.
The wasm specification does not fully specify the binary representation
of NaN: the sign bit can be non-deterministic. The wasm-code fuzzer
found a test case where the wasm interpreter and the compiled code
produce a different sign bit for a NaN, and as a consequence they
produce different results.

With this CL the interpreter tracks whether it executed an instruction
which can produce a NaN, which are div and sqrt instructions. The
fuzzer uses this information and compares the result of the interpreter
with the result of the compiled code only if there was no instruction
which could have produced a NaN.

R=titzer@chromium.org

TEST=cctest/test-run-wasm-interpreter/TestMayProduceNaN
BUG=chromium:657481

Review-Url: https://chromiumcodereview.appspot.com/2438603003
Cr-Commit-Position: refs/heads/master@{#40474}
2016-10-20 14:27:45 +00:00
titzer
418b239f0b [wasm] Use a Managed<WasmModule> to hold metadata about modules.
This CL refactors the handling of metadata associated with WebAssembly
modules to reduce the duplicate marshalling of data from the C++ world
to the JavaScript world. It does this by wrapping the C++ WasmModule*
object in a Foreign that is rooted from the on-heap WasmCompiledModule
(which is itself just a FixedArray). Upon serialization, the C++ object
is ignored and the original WASM wire bytes are serialized. Upon
deserialization, the C++ object is reconstituted by reparsing the bytes.

This is motivated by increasing complications in implementing the JS
API, in particular WebAssembly.Table, which must perform signature
canonicalization across instances.

Additionally, this CL implements the proper base + offset initialization
behavior for tables.

R=rossberg@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org,yangguo@chromium.org
BUG=v8:5507, chromium:575167, chromium:657316

Review-Url: https://chromiumcodereview.appspot.com/2424623002
Cr-Commit-Position: refs/heads/master@{#40434}
2016-10-19 13:07:22 +00:00
heimbuef
e7fa9b0129 Named all zones in the project
This adds more useful information to the v8-heap-stats tool.

BUG=v8:5489

Review-Url: https://codereview.chromium.org/2394213003
Cr-Commit-Position: refs/heads/master@{#40361}
2016-10-17 12:12:42 +00:00
rossberg
fb5b2f5241 [wasm] Implement {Compile,Runtime}Error; fix traps from start function
R=ahaas@chromium.org, titzer@chromium.org
BUG=v8:5507

Review-Url: https://codereview.chromium.org/2421453002
Cr-Commit-Position: refs/heads/master@{#40280}
2016-10-13 16:18:10 +00:00
ahaas
e7dc517748 [wasm] Add stack checks to loops.
Stack checks in loops allows to interrupt loops.

BUG=cctest/test-run-wasm-module/TestInterruptLoop
R=titzer@chromium.org, bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2405293002
Cr-Commit-Position: refs/heads/master@{#40251}
2016-10-13 10:56:59 +00:00
titzer
34459d50a6 [wasm] Rename WasmModuleInstance to WasmInstance.
R=clemensh@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2415533003
Cr-Commit-Position: refs/heads/master@{#40224}
2016-10-12 13:57:25 +00:00
clemensh
5d9fa102a7 [wasm] Provide better stack traces for asm.js code
For the asm.js to WASM pipeline, the current stack traces only show
low-level WASM information.
This CL maps this back to asm.js source positions.
It does so by attaching the asm.js source Script to the compiled WASM
module, and emitting a delta-encoded table which maps from WASM byte
offsets to positions within that Script. As asm.js code does not throw
exceptions, we only store a mapping for call instructions.

The new AsmJsWasmStackFrame implementation inherits from
WasmStackFrame, but contains the logic to provide the source script and
the position inside of it.
What is still missing is the JSFunction object returned by
CallSite.getFunction(). We currently return null.

R=jgruber@chromium.org, titzer@chromium.org
BUG=v8:4203

Review-Url: https://codereview.chromium.org/2404253002
Cr-Commit-Position: refs/heads/master@{#40205}
2016-10-12 09:17:28 +00:00
ahaas
90080f2a6b [wasm] Move test-signatures.h from test/cctest to test/common
R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2395743003
Cr-Commit-Position: refs/heads/master@{#39988}
2016-10-05 12:00:03 +00:00
gdeepti
64e43be959 Fix bounds check of a store instruction after a grow_memory instruction
- Store instruction with an offset bigger than GrowMemory offset should handle out of bounds correctly
 - Refactor to separate runnning from compile so arguments can be passed in to module builder tests.

BUG=chromium:644670

R=ahaas@chromium.org, titzer@chromium.org

Review-Url: https://codereview.chromium.org/2373613004
Cr-Commit-Position: refs/heads/master@{#39840}
2016-09-28 20:56:01 +00:00
titzer
28392ab196 [wasm] Master CL for Binary 0xC changes.
[0xC] Convert to stack machine semantics.
[0xC] Use section codes instead of names.
[0xC] Add elements section decoding.
[0xC] Decoding of globals section.
[0xC] Decoding of memory section.
[0xC] Decoding of imports section.
[0xC] Decoding of exports section.
[0xC] Decoding of data section.
[0xC] Remove CallImport bytecode.
[0xC] Function bodies have an implicit block.
[0xC] Remove the bottom label from loops.
[0xC] Add signatures to blocks.
[0xC] Remove arities from branches.
Add tests for init expression decoding.
Rework compilation of import wrappers and how they are patched.
Rework function indices in debugging.
Fix ASM->WASM builder for stack machine.
Reorganize asm.js foreign functions due to import indices change.

R=ahaas@chromium.org,rossberg@chromium.org,bradnelson@chromium.org
BUG=chromium:575167
LOG=Y

Committed: https://crrev.com/76eb976a67273b8c03c744f64ad850b0432554b9
Review-Url: https://codereview.chromium.org/2345593003
Cr-Original-Commit-Position: refs/heads/master@{#39678}
Cr-Commit-Position: refs/heads/master@{#39795}
2016-09-27 20:46:30 +00:00
machenbach
e1eee748dd Revert of [wasm] Master CL for Binary 0xC changes. (patchset #26 id:490001 of https://codereview.chromium.org/2345593003/ )
Reason for revert:
Main suspect for tsan:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/11893

Also changes layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/10036

+mips builder:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Mips%20-%20builder/builds/4032

Original issue's description:
> [wasm] Master CL for Binary 0xC changes.
>
> [0xC] Convert to stack machine semantics.
> [0xC] Use section codes instead of names.
> [0xC] Add elements section decoding.
> [0xC] Decoding of globals section.
> [0xC] Decoding of memory section.
> [0xC] Decoding of imports section.
> [0xC] Decoding of exports section.
> [0xC] Decoding of data section.
> [0xC] Remove CallImport bytecode.
> [0xC] Function bodies have an implicit block.
> [0xC] Remove the bottom label from loops.
> [0xC] Add signatures to blocks.
> [0xC] Remove arities from branches.
> Add tests for init expression decoding.
> Rework compilation of import wrappers and how they are patched.
> Rework function indices in debugging.
> Fix ASM->WASM builder for stack machine.
> Reorganize asm.js foreign functions due to import indices change.
>
> R=ahaas@chromium.org,rossberg@chromium.org,bradnelson@chromium.org
> BUG=chromium:575167
> LOG=Y
>
> Committed: https://crrev.com/76eb976a67273b8c03c744f64ad850b0432554b9
> Cr-Commit-Position: refs/heads/master@{#39678}

TBR=ahaas@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org,rossberg@chromium.org,bradnelson@google.com,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:575167

Review-Url: https://codereview.chromium.org/2361053004
Cr-Commit-Position: refs/heads/master@{#39685}
2016-09-23 17:58:24 +00:00
titzer
76eb976a67 [wasm] Master CL for Binary 0xC changes.
[0xC] Convert to stack machine semantics.
[0xC] Use section codes instead of names.
[0xC] Add elements section decoding.
[0xC] Decoding of globals section.
[0xC] Decoding of memory section.
[0xC] Decoding of imports section.
[0xC] Decoding of exports section.
[0xC] Decoding of data section.
[0xC] Remove CallImport bytecode.
[0xC] Function bodies have an implicit block.
[0xC] Remove the bottom label from loops.
[0xC] Add signatures to blocks.
[0xC] Remove arities from branches.
Add tests for init expression decoding.
Rework compilation of import wrappers and how they are patched.
Rework function indices in debugging.
Fix ASM->WASM builder for stack machine.
Reorganize asm.js foreign functions due to import indices change.

R=ahaas@chromium.org,rossberg@chromium.org,bradnelson@chromium.org
BUG=chromium:575167
LOG=Y

Review-Url: https://codereview.chromium.org/2345593003
Cr-Commit-Position: refs/heads/master@{#39678}
2016-09-23 15:56:54 +00:00
ahaas
447de9ae5b [wasm] Correctly handle the result of WasmModule::Instantiate in the wasm-module-runner
WasmModule::Instantiate can return an empty handle if it is not possible
to instantiate the module. With this change the wasm-module-runner does
not assume anymore that WasmModule::Instantiate produces a valid handle.

BUG=chromium:648078
R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2365493003
Cr-Commit-Position: refs/heads/master@{#39629}
2016-09-22 14:23:46 +00:00
ahaas
698bbe418a [wasm] Set up Table and Memory constructors
Set up Wasm Table and Memory constructors

This only provides skeletons so far: the constructors work, but the
types are not wired up with the import/export mechanism yet; methods are
still nops.

Also, fix errors generated from Wasm to be proper Error/TypeError
instances instead of just strings.

I took over this CL from rossberg@chromium.org. The original CL is
https://codereview.chromium.org/2342623002

R=titzer@chromium.org, rossberg@chromium.org

Review-Url: https://codereview.chromium.org/2350643003
Cr-Commit-Position: refs/heads/master@{#39588}
2016-09-21 10:40:32 +00:00
heimbuef
7a4f8e4d83 Moved zones and zone related stuff in its own directory.
This is some initial cleanup to keep /src clean. The
AccountingAllocator is actually exclusively used by zones and this
common subfolder makes that more clear.

BUG=v8:5409

Review-Url: https://codereview.chromium.org/2344143003
Cr-Commit-Position: refs/heads/master@{#39558}
2016-09-20 16:08:07 +00:00
gdeepti
dd3b14b7b4 [wasm] Fix test-run-wasm-module tests in debug mode.
test-run-wasm-module cctests broken in debug since recent refactoring changes for moving Compilation/Instantiation off the module object (https://codereview.chromium.org/2320723005). The problem here is that SetupIsolateForWasm tries to add the same property to a module_object multiple times and hits a DCHECK when this property is found on a lookup.
 - Fixed to use the setup method only once when CcTest::InitIsolateOnce is used.
 - Move setup method to test as this is only used for cctests/fuzzers. The install method should take care of this in the regular JS pipeline.

 R=mtrofin@chromium.org, ahaas@chromium.org

Review-Url: https://codereview.chromium.org/2342263002
Cr-Commit-Position: refs/heads/master@{#39484}
2016-09-17 01:31:07 +00:00
mtrofin
f87dfb8135 [wasm] C++ style: ErrorThrower& -> ErrorThrower*
All parameters passed by reference must be labeled const.
If the object is mutable, then we pass by pointer.

BUG=

Review-Url: https://codereview.chromium.org/2336233006
Cr-Commit-Position: refs/heads/master@{#39451}
2016-09-15 16:20:07 +00:00
ahaas
6d89f8a7fc [wasm] Allocate memory for the wasm interpreter in the fuzzer.
R=titzer@chromium.org
BUG=chromium:646258

Review-Url: https://codereview.chromium.org/2341673002
Cr-Commit-Position: refs/heads/master@{#39419}
2016-09-14 12:56:35 +00:00
ahaas
cc7926d672 [wasm] Move the wasm-module-runner from test/cctest to test/common
The wasm-module-runner is used both in cctests and in fuzzers. As
discussed offline, it is weird to include cctest header files in
fuzzers, so I introduce a new test/common directory which contains the
common files.

R=titzer@chromium.org, jochen@chromium.org

Review-Url: https://codereview.chromium.org/2335193002
Cr-Commit-Position: refs/heads/master@{#39411}
2016-09-14 10:31:53 +00:00