The trap handler fallback is flaky, and was never enabled since it
never worked reliably. This CL removes
a) the --wasm-trap-handler-fallback flag,
b) the distinction between soft and hard address space limit,
c) methods to check whether memory has guard regions (it will always
have them on 64 bit architectures),
d) associated runtime functions,
e) the trap handler fallback tests,
f) recompilation logic for the fallback.
R=titzer@chromium.org
Bug: v8:8746
Change-Id: I7f4682b8cd5470906dd8579ff1fdc9b1a3c0f0e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1570023
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60904}
Those tests were wrongly reenabled in:
https://crrev.com/c/1565892
They don't fail assertOptimized, but other GC sensitive assertions.
TBR=sergiyb@chromium.org
NOTRY=true
Bug: v8:9127
Change-Id: Ic1f7838dca5c2e6917f245d84e6c1e0b9414396d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1569426
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60859}
Should no longer be flaky since bug is fixed.
BUG=v8:8964
TBR=machenbach@chromium.org
Change-Id: I3fc124aca8bcfc16ddf7560d48d84dc01d4ce332
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564069
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60833}
This enable test suites to check which test driver framework is used.
When using number fuzzer on mjsunit, we add a JS file that
switches off the optimization-state assertions.
Checking intrinsic state is not feasible on the number fuzzer and in
the past, we needed to skip tests on demand, which is a maintenance
burden. The main function of the fuzzer, to check for dcheck errors and
tsan issues, is retained.
Bug: v8:9127
Change-Id: I699b85d5f7c9aaed337a2130d9eddc160c059d7b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565892
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60816}
When getting the starting address of a data segment, you can't use
`&vector[offset]` if offset is equal to the length of the vector. This
can happen when the length of the segment is 0.
The fix is to use Vector::SubVector instead.
Bug: v8:9106
Change-Id: Icf8968cc246c6d217d8061f76fb2631c2292433c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1560405
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60755}
Drive-by fix: In ProcessFeedbackForGlobalAccess, we had forgotten to
return the feedback when it already existed.
Bug: v8:7790, v8:9094
Change-Id: Ie4be6cef5755bbdd9d8ed472caaa2e32d243893d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554680
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60705}
The test is so slow that it might have caused the test driver to hang after the
normal hard timeout.
TBR=sergiyb@chromium.org
NOTRY=true
Bug: v8:9098
Change-Id: I28ad1551f66fab989494d7a3b015d661c5ab6efb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557142
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60671}
This CL splits a specific test out the bigint.js test suite in order to
be, eventually, ignored by the wasm-bigint proposal 32-bit support CL.
Change-Id: I8ab673abfb53bac95952b11716fe4f29a4a7feaa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543352
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60510}
regress-crbug-178790 test can cause overflow on debug mode
Drive-by: clean up simulator skiped tests
Change-Id: Iec6151518fe1814e8eefcaaf09439782a2d29426
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539791
Auto-Submit: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#60485}
The target of a 'break' statement without a provided label must be a
regular block belonging to a surrounding loop or switch statement, named
blocks (i.e. the one that just define a label) on the other hand must be
targeted specifically with the provided label (and not implicitly). This
fixes the behavior by introducing a dedicated {BlockKind::kNamed} for
this purpose.
R=clemensh@chromium.org
TEST=mjsunit/regress/regress-9022
BUG=v8:9022
Change-Id: I94c3d5b1196ed94b8b1b31f6eb3b68070cf324e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538126
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60445}
Above test passes on simulator but may take up to a few mintues. Test passes normally on native PPC.
Change-Id: I89b8feca1f6f0da41a5aff7c004718f0b63f76ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532343
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#60387}
The `compiler-trace-flags.js` test just makes sure the various --trace-turbo*
flags do not cause V8 to crash. However, on builds with no snapshot, they would
generate a *lot* of output as they were tracing the compiler while generating
the snapshot.
Let's set the `--trace-turbo-filter` flag to make sure we only trace the test
functions. Sadly, WASM functions do not have a name, just an index, so we have
to split this test into two.
Bug: chromium:943064
Cq-Include-Trybots: luci.v8.try:v8_win_nosnap_shared_rel_ng
Change-Id: I30b3935f63d412ab8c96cc5156d342c428229865
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532078
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#60383}
This skips two tests not suitable for gc fuzzing. Previous tests marked
PASS,FAIL are also skipped now, since endurance fuzzing was deprecated.
NOTRY=true
Bug: v8:8959
Change-Id: I0b13212da31457ad4da32fa9c1097dc9e5e9dc11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1528433
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60356}
This piggy-backs off similar support for lite mode, which silently skips
tests that require optimization in lite (and now jitless) modes.
Bug: v8:7777,v8:8778, v8:8885
Change-Id: I666d92685ca71682224028743f02d0cce3723135
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503758
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60057}
When a function is exported from a WebAssembly module, it is implicitly
wrapped in a WasmExportedFunction. For functions that were imports into
this module, the exported function appears like other Wasm function,
e.g. can be used in tables. When that exported function was re-imported
to another module, the logic to compute the import kind mistakenly
assumed the exported function was indeed originally a Wasm function
and tried to call it directly, instead of treating it like an imported
JS function.
R=ahaas@chromium.org
BUG=v8:8947
Change-Id: Ib8fac81fbe0f49c50cfbfb2e69d9bb60aef91fcc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503632
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60031}
ee3f62fb0d
1. On Android, Skips mjsunit tests depending on setting LC_ALL env var.
2. With the cherrypick from ICU, locale "C" will no longer be
canonicalized into "en-US-POSIX" since that is not part of a
registered canonicalization. So on OS which there are no LANG,
LC_CTYPE or LC_MESSAGE env vars, we need to also map that
fallback locale "C" to "en-US".
Bug: v8:8242, v8:8260, v8:8903
Change-Id: I63e5db10e0a7453394787421f4d55418f286f67d
Reviewed-on: https://chromium-review.googlesource.com/c/1479030
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59927}
Bytecode flushing can make tests using assertOptimized flaky if the bytecode is
flushed between marking and optimization. It can also be flaky if the feedback vector
is collected before optimization. To prevent this, a new %PrepareForOptimization
runtime-test function is added that hold onto the bytecode strongly until it is
optimized after being explicitly marked for optimization by %OptimizeFunctionOnNextCall.
BUG=v8:8801,v8:8395
Change-Id: Idbd962a3a2044b915903f9c5e92d1789942b5b41
Reviewed-on: https://chromium-review.googlesource.com/c/1463525
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59914}
We somehow forgot to thread through the VectorSlotPair for the CALL_IC
based speculation feedback to CheckedTaggedToTaggedPointer. This was
showing for example with `String#concat()` where we ended up with an
endless deoptimization loop if the parameter was a Smi.
Bug: v8:8913
Change-Id: I84d90403f6fada9b435d4eb71c689edc3c34dc86
Reviewed-on: https://chromium-review.googlesource.com/c/1488770
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59871}
Template objects should be cached after they are first created and reused on
subsiquent calls to tag functions. Currently these cached objects are stored
on the feedback vector, which has appropriate lifetime, however with bytecode
flushing the feedback vector could be cleared when the bytecode is flushed,
causing the template object to be dropped.
In order to retain the cached template objects in the face of bytecode flushing,
this CL adds a weakmap for each native context that is (weakly) keyed by
shared function info, and holds a linked list of cached template objects
associated with that shared function info, indexed by feedback vector slot id.
Misses will check this weakmap, and if no entry is found, a new template object
is created and added into this weakmap alongside the feedback vector.
BUG=v8:8799,v8:8799,v8:8395
Change-Id: Ia95d5cfc394ce58dc9fe6a1e49780f05299acc17
Reviewed-on: https://chromium-review.googlesource.com/c/1477746
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59818}
This makes the asm.js validator reject source with trailing expressions
after the module exporting return statement. Most of the time trailing
statements would not affect semantics, since they are unreachable. In
some cases we might hide an expected ReferenceError tough.
R=leszeks@chromium.org
TEST=mjsunit/regress/regress-crbug-934138
BUG=chromium:934138
Change-Id: I790366204f5e9c943715a065b5229f2442e2c86e
Reviewed-on: https://chromium-review.googlesource.com/c/1481216
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59766}
Also disables tests in Lite mode that currently fail with lazy source
positions.
Bug: v8:8510
Change-Id: Id27b7cb31682559173b137ef51eaf06d517ee9ec
Reviewed-on: https://chromium-review.googlesource.com/c/1477129
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59700}
The test is sensitive to bytecode flushing.
Bug: v8:8801
Change-Id: I2e290246681c014838be7411cc0ff68fd44c3590
Reviewed-on: https://chromium-review.googlesource.com/c/1477217
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59674}
These tests were timing out because we used to miss to runtime when
storing keyed properties in lite mode. Now, the store ICs are updated to
use fast path when possible even with lite mode. So, these should no longer
timeout
Bug: v8:8293
Change-Id: I63481768cc7d12c25c7f1a20ed1fa097979f2c50
Reviewed-on: https://chromium-review.googlesource.com/c/1475754
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59652}
This is a reland of c79a63e634
Original change's description:
> [nojit] Don't expose wasm in jitless mode
>
> Wasm currently still creates executable memory even in
> interpreter-only mode, and is thus unsupported in jitless mode. This
> hides wasm completely, which will help e.g. fuzzers that attempt to
> run wasm code (and currently crash on the CHECK in AddOwnedCode).
>
> Bug: v8:7777,chromium:931068
> Change-Id: Iee692cb947d482ba16fb0f4da32490d42d5daef8
> Reviewed-on: https://chromium-review.googlesource.com/c/1470124
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59561}
Tbr: mstarzinger@chromium.org
Bug: v8:7777, chromium:931068
Change-Id: I535c3f598c90cd5c4072a73544cc33c5bf5460c1
Reviewed-on: https://chromium-review.googlesource.com/c/1470132
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59571}
This reverts commit c79a63e634.
Reason for revert: Needs addtl test skips: https://chromium-review.googlesource.com/c/1470124
Original change's description:
> [nojit] Don't expose wasm in jitless mode
>
> Wasm currently still creates executable memory even in
> interpreter-only mode, and is thus unsupported in jitless mode. This
> hides wasm completely, which will help e.g. fuzzers that attempt to
> run wasm code (and currently crash on the CHECK in AddOwnedCode).
>
> Bug: v8:7777,chromium:931068
> Change-Id: Iee692cb947d482ba16fb0f4da32490d42d5daef8
> Reviewed-on: https://chromium-review.googlesource.com/c/1470124
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59561}
TBR=mstarzinger@chromium.org,jgruber@chromium.org
Change-Id: Ic242db3efe73ef362e0f0c3efde90682db6de4a8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7777, chromium:931068
Reviewed-on: https://chromium-review.googlesource.com/c/1470131
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59570}
Wasm currently still creates executable memory even in
interpreter-only mode, and is thus unsupported in jitless mode. This
hides wasm completely, which will help e.g. fuzzers that attempt to
run wasm code (and currently crash on the CHECK in AddOwnedCode).
Bug: v8:7777,chromium:931068
Change-Id: Iee692cb947d482ba16fb0f4da32490d42d5daef8
Reviewed-on: https://chromium-review.googlesource.com/c/1470124
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59561}
This is a reland of 78ed0e3fdb
The breakage was unrelated to constant field tracking (see
the linked bugs).
Original change's description:
> Ship constant field tracking
>
> Bug: v8:8361
> Change-Id: I25c52c708517cf27add89e0c5c97e6d21abb2a9a
> Reviewed-on: https://chromium-review.googlesource.com/c/1456089
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59415}
Bug: v8:8361, v8:8799, v8:8801
Change-Id: I318768b925f3efd285cb27aa93e6de35fdcced42
Reviewed-on: https://chromium-review.googlesource.com/c/1458238
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59440}
This is a reland of 0befa6d4c3
Original change's description:
> [nojit] Check that --jitless is disabled when creating wasm code
>
> Drive-by: Amend wasm test skips for lite mode.
>
> Bug: v8:7777
> Change-Id: I23e13b65e548c19d6b24a26e0b962a9978f54ed7
> Reviewed-on: https://chromium-review.googlesource.com/c/1449616
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59314}
Tbr: mstarzinger@chromium.org
Bug: v8:7777
Change-Id: I0a076b36bb2e69b612df89b0f35067f299f27a7e
Reviewed-on: https://chromium-review.googlesource.com/c/1451819
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59325}
We noticed that almost every call site were loading both files,
the split isn't necessary anymore.
In some message tests, removed the absolute line number to allow future
changes.
Bug: v8:8726
Change-Id: I8527f0a1ecfa685aa01a5e2f5f47ddf1cb13a545
Reviewed-on: https://chromium-review.googlesource.com/c/1446452
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59220}
--jitless -> --no-opt
-> --no-validate-asm
-> --wasm-interpret-all -> --no-asm-wasm-lazy-compilation
-> --no-wasm-lazy-compilation
Note that wasm still isn't supported in jitless mode since it generates
code at runtime even with --wasm-interpret-all.
Drive-by: Fail early when trying to compile irregexp code in jitless
mode.
Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
Bug: v8:7777
Change-Id: I7f0421f71efeaaeb030ed9ec268d12a659667acf
Reviewed-on: https://chromium-review.googlesource.com/c/1406677
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58820}
This CL disables RX (read and execute) permissions for Code memory
when in jitless mode. All memory that was previously allocated RX
is now read-only.
Bug: v8:7777
Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
Change-Id: I52d6ed785d244ec33168a02293c5506d26f36fe8
Reviewed-on: https://chromium-review.googlesource.com/c/1390122
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58692}
The unwinding info writer was assuming that a block that had no initial
state must be the start or end block. It was trying to check if the
block was the start or end by asserting that the block had either
no predecessors or no successors. Loop rotation breaks this assumption,
since it can move a block from inside a loop to before the loop
header, and the block can then be the "start" block. But since
such a block has both predecessor(s) and a successor, the check was
wrong.
R=clemensh@chromium.org
BUG=chromium:913844
Change-Id: Ic24c67a822d510cb082f25608089d313c3459be8
Reviewed-on: https://chromium-review.googlesource.com/c/1373770
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58675}
