1. 10 Jun, 2021 1 commit
  2. 01 Jun, 2021 2 commits
  3. 19 May, 2021 1 commit
  4. 13 May, 2021 1 commit
  5. 11 May, 2021 1 commit
  6. 10 May, 2021 1 commit
  7. 15 Apr, 2021 1 commit
    • Thibaud Michaud's avatar
      [wasm][x64] Fix OSR shadow stack violation · 06a2c2e0
      Thibaud Michaud authored
      We currently allow OSR (On-Stack Replacement) of arbitrarily deep return
      addresses. This is in direct violation of Intel CET's shadow stack,
      which we plan to enable eventually.
      
      This change works around this by postponing OSR until after we return to
      the old code. The main changes are:
      - Reserve a slot in Liftoff frames to store the OSR target,
      - Skip the return address modification, and instead store the new code
      pointer in the dedicated slot,
      - Upon returning to the old code, check the slot and do an indirect jump
      to the new code if needed.
      
      CET also prevents indirect jumps to arbitrary locations, so the last
      point is also a CET violation. Valid indirect jump targets must be
      marked with the ENDBRANCH instruction, which I will do in a follow-up
      CL.
      
      Bug: v8:11654
      Change-Id: I6925005211aa95d60803b9409e3c07c7c226b25c
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2826127
      Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
      Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#73977}
      06a2c2e0
  8. 08 Apr, 2021 1 commit
    • Thibaud Michaud's avatar
      Reland "[liftoff][arm64] Use 64 bit offset reg in mem op" · cb4faa90
      Thibaud Michaud authored
      This is a reland of f645d0b8
      
      The issue was that converting an i64 to an i32 didn't clear the upper
      bits on arm64. This was not necessary before because we did the zero
      extension as part of the load operand, but this is required now that
      we use the full register.
      
      Original change's description:
      > [liftoff][arm64] Use 64 bit offset reg in mem op
      >
      > Accessing the Wasm memory with a 64 bit offset was truncated to 32 bit,
      > which is fine if we check bounds first, but not if we rely on the
      > trap handler to catch the OOB.
      >
      > R=clemensb@chromium.org
      >
      > Bug: v8:11587
      > Change-Id: I82a3a2906e55d9d640c30e770a5c93532e3a442c
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808942
      > Reviewed-by: Clemens Backes <clemensb@chromium.org>
      > Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#73829}
      
      Bug: v8:11587
      Change-Id: Ibc182475745c6f697a0ba6d75c260b74ddf8fe52
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810846Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#73853}
      cb4faa90
  9. 07 Apr, 2021 2 commits
  10. 24 Mar, 2021 1 commit
  11. 22 Mar, 2021 1 commit
  12. 15 Mar, 2021 1 commit
  13. 10 Mar, 2021 1 commit
  14. 08 Mar, 2021 1 commit
  15. 05 Mar, 2021 1 commit
    • Bill Budge's avatar
      Reland "Reland "[wasm][liftoff] Respect CallDescriptor linkage"" · c2a1d633
      Bill Budge authored
      This is a reland of 36a7cba2
      
      Unchanged, so:
      
      tbr=clemensb@chromium.org
      
      Original change's description:
      > Reland "[wasm][liftoff] Respect CallDescriptor linkage"
      >
      > This is a reland of 94283811
      >
      > Patchset #2 fixes the Arm bug. A vpush is used to push the slot,
      > so subtract kSimd128Size from the stack decrement to get padding.
      >
      > Original change's description:
      > > [wasm][liftoff] Respect CallDescriptor linkage
      > >
      > > - Adds the actual stack slot location to LiftoffStackSlots::Slot.
      > > - Adds SortInPushedOrder method for architectures that push
      > >   parameters.
      > > - Changes the LiftoffStackSlots::Construct signature to take the
      > >   number of parameter slots in total, and changes implementations
      > >   to insert padding when slots aren't contiguous.
      > > - Changes Arm MacroAssembler::AllocateStackSpace to check the
      > >   immediate value, and to be a nop when it's zero.
      > >
      > > Bug: v8:9198
      > > Change-Id: Ibd5775dbed3a40051fa9e345556231a1c07cf4e9
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2717120
      > > Reviewed-by: Andreas Haas <ahaas@chromium.org>
      > > Reviewed-by: Clemens Backes <clemensb@chromium.org>
      > > Commit-Queue: Bill Budge <bbudge@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#73191}
      >
      > Bug: v8:9198
      > Change-Id: Iae4930e28dd7fc634e3709a5726379c6b37e5195
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2735984
      > Reviewed-by: Bill Budge <bbudge@chromium.org>
      > Reviewed-by: Clemens Backes <clemensb@chromium.org>
      > Reviewed-by: Andreas Haas <ahaas@chromium.org>
      > Commit-Queue: Bill Budge <bbudge@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#73195}
      
      Bug: v8:9198
      Change-Id: I45c2b6fc8c38ef864a0bd7a7be5b431c7b8855a3
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739737
      Commit-Queue: Bill Budge <bbudge@chromium.org>
      Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#73235}
      c2a1d633
  16. 04 Mar, 2021 7 commits
    • Ng Zhi An's avatar
      Reland "[wasm-simd][liftoff] Compile double precision conversions" · 5300b26d
      Ng Zhi An authored
      This is a reland of fe00fbd9
      
      Original change's description:
      > [wasm-simd][liftoff] Compile double precision conversions
      >
      > I missed actually handling these instructions in liftoff-compiler, so
      > even though the assembler functions were implemented for all archs, we
      > weren't running them.
      >
      > This properly handles the instructions and a couple of fixes:
      >
      > - for arm64, typos in using signed instructions for unsigned Wasm ops
      > - for arm, handle the case where dst == src, which leads to us
      > overwriting src and then reading junk from the overwritten portions to
      > convert
      >
      > Bug: v8:11265
      > Change-Id: I7919280bdf395137e95075deb30ed815100df222
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2728382
      > Reviewed-by: Clemens Backes <clemensb@chromium.org>
      > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
      > Commit-Queue: Zhi An Ng <zhin@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#73178}
      
      Bug: v8:11265
      Change-Id: Ib854b526e74710f03e83d5007e3a3f501363ce86
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2733661Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarDeepti Gandluri <gdeepti@chromium.org>
      Commit-Queue: Zhi An Ng <zhin@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#73206}
      5300b26d
    • Shu-yu Guo's avatar
      Revert "Reland "[wasm][liftoff] Respect CallDescriptor linkage"" · 81bb9cc8
      Shu-yu Guo authored
      This reverts commit 36a7cba2.
      
      Reason for revert: On suspicion of making breakpoints fail more reliably: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux/41129/overview
      
      Original change's description:
      > Reland "[wasm][liftoff] Respect CallDescriptor linkage"
      >
      > This is a reland of 94283811
      >
      > Patchset #2 fixes the Arm bug. A vpush is used to push the slot,
      > so subtract kSimd128Size from the stack decrement to get padding.
      >
      > Original change's description:
      > > [wasm][liftoff] Respect CallDescriptor linkage
      > >
      > > - Adds the actual stack slot location to LiftoffStackSlots::Slot.
      > > - Adds SortInPushedOrder method for architectures that push
      > >   parameters.
      > > - Changes the LiftoffStackSlots::Construct signature to take the
      > >   number of parameter slots in total, and changes implementations
      > >   to insert padding when slots aren't contiguous.
      > > - Changes Arm MacroAssembler::AllocateStackSpace to check the
      > >   immediate value, and to be a nop when it's zero.
      > >
      > > Bug: v8:9198
      > > Change-Id: Ibd5775dbed3a40051fa9e345556231a1c07cf4e9
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2717120
      > > Reviewed-by: Andreas Haas <ahaas@chromium.org>
      > > Reviewed-by: Clemens Backes <clemensb@chromium.org>
      > > Commit-Queue: Bill Budge <bbudge@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#73191}
      >
      > Bug: v8:9198
      > Change-Id: Iae4930e28dd7fc634e3709a5726379c6b37e5195
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2735984
      > Reviewed-by: Bill Budge <bbudge@chromium.org>
      > Reviewed-by: Clemens Backes <clemensb@chromium.org>
      > Reviewed-by: Andreas Haas <ahaas@chromium.org>
      > Commit-Queue: Bill Budge <bbudge@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#73195}
      
      Bug: v8:9198
      Change-Id: I5e72a1f765eb49ec72198abd44798a6153e3dace
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2737796
      Auto-Submit: Shu-yu Guo <syg@chromium.org>
      Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Cr-Commit-Position: refs/heads/master@{#73202}
      81bb9cc8
    • Bill Budge's avatar
      Reland "[wasm][liftoff] Respect CallDescriptor linkage" · 36a7cba2
      Bill Budge authored
      This is a reland of 94283811
      
      Patchset #2 fixes the Arm bug. A vpush is used to push the slot,
      so subtract kSimd128Size from the stack decrement to get padding.
      
      Original change's description:
      > [wasm][liftoff] Respect CallDescriptor linkage
      >
      > - Adds the actual stack slot location to LiftoffStackSlots::Slot.
      > - Adds SortInPushedOrder method for architectures that push
      >   parameters.
      > - Changes the LiftoffStackSlots::Construct signature to take the
      >   number of parameter slots in total, and changes implementations
      >   to insert padding when slots aren't contiguous.
      > - Changes Arm MacroAssembler::AllocateStackSpace to check the
      >   immediate value, and to be a nop when it's zero.
      >
      > Bug: v8:9198
      > Change-Id: Ibd5775dbed3a40051fa9e345556231a1c07cf4e9
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2717120
      > Reviewed-by: Andreas Haas <ahaas@chromium.org>
      > Reviewed-by: Clemens Backes <clemensb@chromium.org>
      > Commit-Queue: Bill Budge <bbudge@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#73191}
      
      Bug: v8:9198
      Change-Id: Iae4930e28dd7fc634e3709a5726379c6b37e5195
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2735984Reviewed-by: 's avatarBill Budge <bbudge@chromium.org>
      Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Commit-Queue: Bill Budge <bbudge@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#73195}
      36a7cba2
    • Maya Lekova's avatar
      Revert "[wasm][liftoff] Respect CallDescriptor linkage" · 3dbb84c5
      Maya Lekova authored
      This reverts commit 94283811.
      
      Reason for revert: Breaks arm simulator - https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim/27651/overview
      
      Original change's description:
      > [wasm][liftoff] Respect CallDescriptor linkage
      >
      > - Adds the actual stack slot location to LiftoffStackSlots::Slot.
      > - Adds SortInPushedOrder method for architectures that push
      >   parameters.
      > - Changes the LiftoffStackSlots::Construct signature to take the
      >   number of parameter slots in total, and changes implementations
      >   to insert padding when slots aren't contiguous.
      > - Changes Arm MacroAssembler::AllocateStackSpace to check the
      >   immediate value, and to be a nop when it's zero.
      >
      > Bug: v8:9198
      > Change-Id: Ibd5775dbed3a40051fa9e345556231a1c07cf4e9
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2717120
      > Reviewed-by: Andreas Haas <ahaas@chromium.org>
      > Reviewed-by: Clemens Backes <clemensb@chromium.org>
      > Commit-Queue: Bill Budge <bbudge@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#73191}
      
      Bug: v8:9198
      Change-Id: I59b4e84b5a54bcda65a9e96f75e5682713adbfd8
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2735639
      Auto-Submit: Maya Lekova <mslekova@chromium.org>
      Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Cr-Commit-Position: refs/heads/master@{#73192}
      3dbb84c5
    • Bill Budge's avatar
      [wasm][liftoff] Respect CallDescriptor linkage · 94283811
      Bill Budge authored
      - Adds the actual stack slot location to LiftoffStackSlots::Slot.
      - Adds SortInPushedOrder method for architectures that push
        parameters.
      - Changes the LiftoffStackSlots::Construct signature to take the
        number of parameter slots in total, and changes implementations
        to insert padding when slots aren't contiguous.
      - Changes Arm MacroAssembler::AllocateStackSpace to check the
        immediate value, and to be a nop when it's zero.
      
      Bug: v8:9198
      Change-Id: Ibd5775dbed3a40051fa9e345556231a1c07cf4e9
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2717120Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Commit-Queue: Bill Budge <bbudge@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#73191}
      94283811
    • Zhi An Ng's avatar
      Revert "[wasm-simd][liftoff] Compile double precision conversions" · 67be7dea
      Zhi An Ng authored
      This reverts commit fe00fbd9.
      
      Reason for revert: Broke on noavx https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20debug/36175/overview
      
      Original change's description:
      > [wasm-simd][liftoff] Compile double precision conversions
      >
      > I missed actually handling these instructions in liftoff-compiler, so
      > even though the assembler functions were implemented for all archs, we
      > weren't running them.
      >
      > This properly handles the instructions and a couple of fixes:
      >
      > - for arm64, typos in using signed instructions for unsigned Wasm ops
      > - for arm, handle the case where dst == src, which leads to us
      > overwriting src and then reading junk from the overwritten portions to
      > convert
      >
      > Bug: v8:11265
      > Change-Id: I7919280bdf395137e95075deb30ed815100df222
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2728382
      > Reviewed-by: Clemens Backes <clemensb@chromium.org>
      > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
      > Commit-Queue: Zhi An Ng <zhin@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#73178}
      
      Bug: v8:11265
      Change-Id: I9bce3418c5321ded38e339cd96a9e7e399190c96
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2733660
      Auto-Submit: Zhi An Ng <zhin@chromium.org>
      Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
      Cr-Commit-Position: refs/heads/master@{#73179}
      67be7dea
    • Ng Zhi An's avatar
      [wasm-simd][liftoff] Compile double precision conversions · fe00fbd9
      Ng Zhi An authored
      I missed actually handling these instructions in liftoff-compiler, so
      even though the assembler functions were implemented for all archs, we
      weren't running them.
      
      This properly handles the instructions and a couple of fixes:
      
      - for arm64, typos in using signed instructions for unsigned Wasm ops
      - for arm, handle the case where dst == src, which leads to us
      overwriting src and then reading junk from the overwritten portions to
      convert
      
      Bug: v8:11265
      Change-Id: I7919280bdf395137e95075deb30ed815100df222
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2728382Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarDeepti Gandluri <gdeepti@chromium.org>
      Commit-Queue: Zhi An Ng <zhin@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#73178}
      fe00fbd9
  17. 26 Feb, 2021 1 commit
  18. 25 Feb, 2021 1 commit
  19. 24 Feb, 2021 3 commits
  20. 23 Feb, 2021 2 commits
  21. 22 Feb, 2021 3 commits
  22. 19 Feb, 2021 1 commit
  23. 16 Feb, 2021 1 commit
    • Clemens Backes's avatar
      [liftoff] Cache the instance in a register · adf035fb
      Clemens Backes authored
      This CL avoids redundant loads of the instance from the frame by caching
      it in a register if possible. This register will be the first one to be
      cleared once we run out of registers (hence it's called a "volatile
      register"). On local tests, this seems to reduce most redundant loads
      within a function, and it also reduces the load for the stack check in
      the function prologue.
      After the stack check, we need to discard the cached instance though,
      since the potential runtime call for the stack check might clobber it.
      This will be addressed in a follow-up CL by re-loading the cached
      instance after the stack check. This is expected to remove another good
      chunk of instance loads, because the instance would initially be
      available in a register when starting the function code.
      
      R=thibaudm@chromium.org
      
      Bug: v8:11336
      Change-Id: Ie65ab81263fb9d972f4b7a6daaef86cf704874ef
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695401
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarThibaud Michaud <thibaudm@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#72779}
      adf035fb
  24. 12 Feb, 2021 2 commits
  25. 11 Feb, 2021 2 commits