- 22 Nov, 2016 1 commit
-
-
ahaas authored
With this CL the regexp-parser-fuzzer uses the first byte of the fuzzer input to select the regexp flag instead of executing each input with all possible flags. Thereby the fuzzer can explore more inputs and with its coverage metric will explore all flags only for interesting inputs. I updated all files in test/fuzzer/regexp and added a random byte at the beginning. This byte is used by the fuzzer to determine the flag. BUG=chromium:664436 R=yangguo@chromium.org Review-Url: https://codereview.chromium.org/2511373002 Cr-Commit-Position: refs/heads/master@{#41176}
-
- 21 Nov, 2016 1 commit
-
-
ahaas authored
R=titzer@chromium.org CC=mtrofin@chromium.org Review-Url: https://codereview.chromium.org/2520853003 Cr-Commit-Position: refs/heads/master@{#41155}
-
- 18 Nov, 2016 1 commit
-
-
Miran.Karic authored
In component build, fuzzer did not link with icu libraries, causing errors. By adding icu libraries to dependencies fuzzer links correctly. BUG= TEST=fuzzer/* Review-Url: https://codereview.chromium.org/2510063002 Cr-Commit-Position: refs/heads/master@{#41098}
-
- 14 Nov, 2016 1 commit
-
-
ahaas authored
This CL adds the function verification option to the module decoder. Therefore we can remove the verification in wasm-module-runner.cc R=titzer@chromium.org Review-Url: https://codereview.chromium.org/2496203002 Cr-Commit-Position: refs/heads/master@{#40977}
-
- 10 Nov, 2016 1 commit
-
-
ulan authored
BUG=v8:5614 Review-Url: https://codereview.chromium.org/2487673004 Cr-Commit-Position: refs/heads/master@{#40891}
-
- 24 Oct, 2016 2 commits
-
-
ahaas authored
I committed https://codereview.chromium.org/2447643002 prematurely, this is a cleanup. R=titzer@chromium.org Review-Url: https://codereview.chromium.org/2444863002 Cr-Commit-Position: refs/heads/master@{#40533}
-
ahaas authored
Depending on the inputs the fuzzer creates multiple functions. These functions can have signatures with an int32 return value and up to three parameters of type int32, int64, float32, or float64. R=titzer@chromium.org, clemensh@chromium.org Review-Url: https://codereview.chromium.org/2447643002 Cr-Commit-Position: refs/heads/master@{#40530}
-
- 20 Oct, 2016 1 commit
-
-
ahaas authored
The wasm specification does not fully specify the binary representation of NaN: the sign bit can be non-deterministic. The wasm-code fuzzer found a test case where the wasm interpreter and the compiled code produce a different sign bit for a NaN, and as a consequence they produce different results. With this CL the interpreter tracks whether it executed an instruction which can produce a NaN, which are div and sqrt instructions. The fuzzer uses this information and compares the result of the interpreter with the result of the compiled code only if there was no instruction which could have produced a NaN. R=titzer@chromium.org TEST=cctest/test-run-wasm-interpreter/TestMayProduceNaN BUG=chromium:657481 Review-Url: https://chromiumcodereview.appspot.com/2438603003 Cr-Commit-Position: refs/heads/master@{#40474}
-
- 19 Oct, 2016 1 commit
-
-
titzer authored
This CL refactors the handling of metadata associated with WebAssembly modules to reduce the duplicate marshalling of data from the C++ world to the JavaScript world. It does this by wrapping the C++ WasmModule* object in a Foreign that is rooted from the on-heap WasmCompiledModule (which is itself just a FixedArray). Upon serialization, the C++ object is ignored and the original WASM wire bytes are serialized. Upon deserialization, the C++ object is reconstituted by reparsing the bytes. This is motivated by increasing complications in implementing the JS API, in particular WebAssembly.Table, which must perform signature canonicalization across instances. Additionally, this CL implements the proper base + offset initialization behavior for tables. R=rossberg@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org,yangguo@chromium.org BUG=v8:5507, chromium:575167, chromium:657316 Review-Url: https://chromiumcodereview.appspot.com/2424623002 Cr-Commit-Position: refs/heads/master@{#40434}
-
- 17 Oct, 2016 1 commit
-
-
heimbuef authored
This adds more useful information to the v8-heap-stats tool. BUG=v8:5489 Review-Url: https://codereview.chromium.org/2394213003 Cr-Commit-Position: refs/heads/master@{#40361}
-
- 14 Oct, 2016 2 commits
-
-
jgruber authored
Now that all accesses to the last match info are in C++ and TF code, we can finally turn the last match info into a FixedArray. Similar to the ArrayList, it uses its first field to store its length and grows dynamically in amortized O(1) time. Unlike previously, this means that the last match info pointer stored on the context can actually change (in case the FixedArray needs to grow). BUG=v8:5339 Review-Url: https://codereview.chromium.org/2415103002 Cr-Commit-Position: refs/heads/master@{#40308}
-
jochen authored
R=machenbach@chromium.org,jgruber@chromium.org CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_win_dbg,v8_mac_dbg;master.tryserver.chromium.android:android_arm64_dbg_recipe Review-Url: https://codereview.chromium.org/2417703003 Cr-Commit-Position: refs/heads/master@{#40297}
-
- 13 Oct, 2016 1 commit
-
-
jochen authored
Instead of suppressing the linker warnings and disallowing incremental linking, just fix the annotations.. R=machenbach@chromium.org,jgruber@chromium.org BUG= Review-Url: https://codereview.chromium.org/2420603002 Cr-Commit-Position: refs/heads/master@{#40260}
-
- 11 Oct, 2016 1 commit
-
-
clemensh authored
This is needed for the asm.js -> WASM pipeline. A single exported function is exported as __single_function__, but we still want to see the correct function name on the stack, so the underlying wasm function has to carry the original name. R=ahaas@chromium.org, titzer@chromium.org BUG=v8:4203 Review-Url: https://codereview.chromium.org/2406133003 Cr-Commit-Position: refs/heads/master@{#40159}
-
- 07 Oct, 2016 2 commits
-
-
mstarzinger authored
R=marja@chromium.org Review-Url: https://codereview.chromium.org/2392303004 Cr-Commit-Position: refs/heads/master@{#40070}
-
jochen authored
Reland of land "Turn libbase into a component" (patchset #1 id:1 of https://codereview.chromium.org/2396933002/ ) Reason for revert: let's see whether it sticks this time Original issue's description: > Revert of Reland "Turn libbase into a component" (patchset #1 id:1 of https://codereview.chromium.org/2395553002/ ) > > Reason for revert: > Speculative revert due to very strange-looking win/dbg failures > which reference SignedDivisionByConstant: > > https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/12736 > > Original issue's description: > > Reland "Turn libbase into a component" > > > > Original issue's description: > > > Turn libbase into a component > > > > > > This is a precondition for turning libplatform into a component > > > > > > BUG=v8:5412 > > > R=jgruber@chromium.org,machenbach@chromium.org > > > CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_ > > dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe > > > > > > Committed: https://crrev.com/614e615775f732d71b5ee94ed29737d8de687104 > > > Cr-Commit-Position: refs/heads/master@{#39950} > > > > BUG=v8:5412 > > TBR=jgruber@chromium.org,machenbach@chromium.org > > CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe;master.tryserver.chromium.mac:mac_chromium_compile_dbg_ng > > > > Committed: https://crrev.com/17cb51254cafa932025e9980b60f89f756d411cb > > Cr-Commit-Position: refs/heads/master@{#39969} > > TBR=jgruber@chromium.org,machenbach@chromium.org,jochen@chromium.org > # Skipping CQ checks because original CL landed less than 1 days ago. > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG=v8:5412 > > Committed: https://crrev.com/e75b9f6ed5da39e6c7a8d70cf48afbc9958afc85 > Cr-Commit-Position: refs/heads/master@{#40009} TBR=jgruber@chromium.org,machenbach@chromium.org,adamk@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=v8:5412 Review-Url: https://codereview.chromium.org/2399323002 Cr-Commit-Position: refs/heads/master@{#40068}
-
- 05 Oct, 2016 3 commits
-
-
adamk authored
Revert of Reland "Turn libbase into a component" (patchset #1 id:1 of https://codereview.chromium.org/2395553002/ ) Reason for revert: Speculative revert due to very strange-looking win/dbg failures which reference SignedDivisionByConstant: https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/12736 Original issue's description: > Reland "Turn libbase into a component" > > Original issue's description: > > Turn libbase into a component > > > > This is a precondition for turning libplatform into a component > > > > BUG=v8:5412 > > R=jgruber@chromium.org,machenbach@chromium.org > > CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_ > dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe > > > > Committed: https://crrev.com/614e615775f732d71b5ee94ed29737d8de687104 > > Cr-Commit-Position: refs/heads/master@{#39950} > > BUG=v8:5412 > TBR=jgruber@chromium.org,machenbach@chromium.org > CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe;master.tryserver.chromium.mac:mac_chromium_compile_dbg_ng > > Committed: https://crrev.com/17cb51254cafa932025e9980b60f89f756d411cb > Cr-Commit-Position: refs/heads/master@{#39969} TBR=jgruber@chromium.org,machenbach@chromium.org,jochen@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:5412 Review-Url: https://codereview.chromium.org/2396933002 Cr-Commit-Position: refs/heads/master@{#40009}
-
ahaas authored
R=titzer@chromium.org Review-Url: https://codereview.chromium.org/2395743003 Cr-Commit-Position: refs/heads/master@{#39988}
-
jochen authored
Original issue's description: > Turn libbase into a component > > This is a precondition for turning libplatform into a component > > BUG=v8:5412 > R=jgruber@chromium.org,machenbach@chromium.org > CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_ dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe > > Committed: https://crrev.com/614e615775f732d71b5ee94ed29737d8de687104 > Cr-Commit-Position: refs/heads/master@{#39950} BUG=v8:5412 TBR=jgruber@chromium.org,machenbach@chromium.org CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe;master.tryserver.chromium.mac:mac_chromium_compile_dbg_ng Review-Url: https://codereview.chromium.org/2395553002 Cr-Commit-Position: refs/heads/master@{#39969}
-
- 04 Oct, 2016 3 commits
-
-
machenbach authored
Revert of Turn libbase into a component (patchset #10 id:180001 of https://codereview.chromium.org/2381273002/ ) Reason for revert: Main suspect for roll block: https://codereview.chromium.org/2387403002/ Original issue's description: > Turn libbase into a component > > This is a precondition for turning libplatform into a component > > BUG=v8:5412 > R=jgruber@chromium.org,machenbach@chromium.org > CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe > > Committed: https://crrev.com/614e615775f732d71b5ee94ed29737d8de687104 > Cr-Commit-Position: refs/heads/master@{#39950} TBR=jgruber@chromium.org,jochen@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=v8:5412 Review-Url: https://codereview.chromium.org/2393603002 Cr-Commit-Position: refs/heads/master@{#39960}
-
ahaas authored
The correctness fuzzer executes the input array in two different execution engines and compares the results. If the results don't match, the correctness fuzzer crashes. Since the crash signature is always the same if the results don't match, cluster fuzz would group all inputs which lead to non-matching results. To avoid the grouping a base64 hash has to be appended to the crash signature. This CL changes the text which is appended to the crash signature to a base64 hash. Note that I do not create a base64 hash directly because the base64 class is not available in V8. Instead I create a string which looks like a base64 hash. R=mmoroz@chromium.org, aarya@chromium.org, titzer@chromium.org Review-Url: https://codereview.chromium.org/2390233002 Cr-Commit-Position: refs/heads/master@{#39953}
-
jochen authored
This is a precondition for turning libplatform into a component BUG=v8:5412 R=jgruber@chromium.org,machenbach@chromium.org CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe Review-Url: https://codereview.chromium.org/2381273002 Cr-Commit-Position: refs/heads/master@{#39950}
-
- 29 Sep, 2016 1 commit
-
-
titzer authored
R=bradnelson@chromium.org,mtrofin@chromium.org,mstarzinger@chromium.org BUG= Review-Url: https://codereview.chromium.org/2383463002 Cr-Commit-Position: refs/heads/master@{#39861}
-
- 27 Sep, 2016 1 commit
-
-
titzer authored
[0xC] Convert to stack machine semantics. [0xC] Use section codes instead of names. [0xC] Add elements section decoding. [0xC] Decoding of globals section. [0xC] Decoding of memory section. [0xC] Decoding of imports section. [0xC] Decoding of exports section. [0xC] Decoding of data section. [0xC] Remove CallImport bytecode. [0xC] Function bodies have an implicit block. [0xC] Remove the bottom label from loops. [0xC] Add signatures to blocks. [0xC] Remove arities from branches. Add tests for init expression decoding. Rework compilation of import wrappers and how they are patched. Rework function indices in debugging. Fix ASM->WASM builder for stack machine. Reorganize asm.js foreign functions due to import indices change. R=ahaas@chromium.org,rossberg@chromium.org,bradnelson@chromium.org BUG=chromium:575167 LOG=Y Committed: https://crrev.com/76eb976a67273b8c03c744f64ad850b0432554b9 Review-Url: https://codereview.chromium.org/2345593003 Cr-Original-Commit-Position: refs/heads/master@{#39678} Cr-Commit-Position: refs/heads/master@{#39795}
-
- 26 Sep, 2016 1 commit
-
-
jgruber authored
V8 is collecting a growing amount of fuzzers, all of which take substantial space on the bots and in chromium build archives. This CL improves that situation by allowing component (shared library) builds for almost all fuzzers. The parser fuzzer is handled as an exception since it would require exporting a large number of additional functions. A component build results in about a 50-100x improvement in file size for each fuzzer (~50M-100M to around 1.1M). BUG=chromium:648864 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_compile_dbg_ng;master.tryserver.chromium.android:android_clang_dbg_recipe Review-Url: https://codereview.chromium.org/2360983002 Cr-Commit-Position: refs/heads/master@{#39709}
-
- 23 Sep, 2016 2 commits
-
-
machenbach authored
Revert of [wasm] Master CL for Binary 0xC changes. (patchset #26 id:490001 of https://codereview.chromium.org/2345593003/ ) Reason for revert: Main suspect for tsan: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/11893 Also changes layout tests: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/10036 +mips builder: https://build.chromium.org/p/client.v8.ports/builders/V8%20Mips%20-%20builder/builds/4032 Original issue's description: > [wasm] Master CL for Binary 0xC changes. > > [0xC] Convert to stack machine semantics. > [0xC] Use section codes instead of names. > [0xC] Add elements section decoding. > [0xC] Decoding of globals section. > [0xC] Decoding of memory section. > [0xC] Decoding of imports section. > [0xC] Decoding of exports section. > [0xC] Decoding of data section. > [0xC] Remove CallImport bytecode. > [0xC] Function bodies have an implicit block. > [0xC] Remove the bottom label from loops. > [0xC] Add signatures to blocks. > [0xC] Remove arities from branches. > Add tests for init expression decoding. > Rework compilation of import wrappers and how they are patched. > Rework function indices in debugging. > Fix ASM->WASM builder for stack machine. > Reorganize asm.js foreign functions due to import indices change. > > R=ahaas@chromium.org,rossberg@chromium.org,bradnelson@chromium.org > BUG=chromium:575167 > LOG=Y > > Committed: https://crrev.com/76eb976a67273b8c03c744f64ad850b0432554b9 > Cr-Commit-Position: refs/heads/master@{#39678} TBR=ahaas@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org,rossberg@chromium.org,bradnelson@google.com,titzer@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:575167 Review-Url: https://codereview.chromium.org/2361053004 Cr-Commit-Position: refs/heads/master@{#39685}
-
titzer authored
[0xC] Convert to stack machine semantics. [0xC] Use section codes instead of names. [0xC] Add elements section decoding. [0xC] Decoding of globals section. [0xC] Decoding of memory section. [0xC] Decoding of imports section. [0xC] Decoding of exports section. [0xC] Decoding of data section. [0xC] Remove CallImport bytecode. [0xC] Function bodies have an implicit block. [0xC] Remove the bottom label from loops. [0xC] Add signatures to blocks. [0xC] Remove arities from branches. Add tests for init expression decoding. Rework compilation of import wrappers and how they are patched. Rework function indices in debugging. Fix ASM->WASM builder for stack machine. Reorganize asm.js foreign functions due to import indices change. R=ahaas@chromium.org,rossberg@chromium.org,bradnelson@chromium.org BUG=chromium:575167 LOG=Y Review-Url: https://codereview.chromium.org/2345593003 Cr-Commit-Position: refs/heads/master@{#39678}
-
- 22 Sep, 2016 1 commit
-
-
ahaas authored
The hash in the crash message is necessary to keep cluster fuzz from grouping all result mismatches. R=titzer@chromium.org, mmoroz@chromium.org Review-Url: https://codereview.chromium.org/2363663002 Cr-Commit-Position: refs/heads/master@{#39625}
-
- 20 Sep, 2016 1 commit
-
-
heimbuef authored
This is some initial cleanup to keep /src clean. The AccountingAllocator is actually exclusively used by zones and this common subfolder makes that more clear. BUG=v8:5409 Review-Url: https://codereview.chromium.org/2344143003 Cr-Commit-Position: refs/heads/master@{#39558}
-
- 19 Sep, 2016 1 commit
-
-
jochen authored
Remove files that were removed from the build files but never deleted. R=machenbach@chromium.org BUG= Review-Url: https://codereview.chromium.org/2346103002 Cr-Commit-Position: refs/heads/master@{#39499}
-
- 17 Sep, 2016 1 commit
-
-
gdeepti authored
test-run-wasm-module cctests broken in debug since recent refactoring changes for moving Compilation/Instantiation off the module object (https://codereview.chromium.org/2320723005). The problem here is that SetupIsolateForWasm tries to add the same property to a module_object multiple times and hits a DCHECK when this property is found on a lookup. - Fixed to use the setup method only once when CcTest::InitIsolateOnce is used. - Move setup method to test as this is only used for cctests/fuzzers. The install method should take care of this in the regular JS pipeline. R=mtrofin@chromium.org, ahaas@chromium.org Review-Url: https://codereview.chromium.org/2342263002 Cr-Commit-Position: refs/heads/master@{#39484}
-
- 15 Sep, 2016 1 commit
-
-
mtrofin authored
All parameters passed by reference must be labeled const. If the object is mutable, then we pass by pointer. BUG= Review-Url: https://codereview.chromium.org/2336233006 Cr-Commit-Position: refs/heads/master@{#39451}
-
- 14 Sep, 2016 3 commits
-
-
ahaas authored
This CL adds fuzzers for the wasm module sections 'types', 'names', 'globals', 'imports', 'function signatures', 'memory', and 'data', one fuzzer per section. No fuzzers are added for the other sections because either there already exists a fuzzer (e.g. wasm-code), or there exist inter-section dependencies. To avoid introducing a bunch executables which would make compilation with make slow, I introduce a single executable 'v8_simple_wasm_section_fuzzer' which calls the fuzzers mentioned above. This executable is run by the trybots and ensures that the fuzzers actually compile. For debugging I introduce commandline parameters which allow to execute the specific fuzzers from 'v8_simple_wasm_section_fuzzer'. R=titzer@chromium.org, jochen@chromium.org, mstarzinger@chromium.org Review-Url: https://codereview.chromium.org/2336603002 Cr-Commit-Position: refs/heads/master@{#39413}
-
ahaas authored
The wasm-module-runner is used both in cctests and in fuzzers. As discussed offline, it is weird to include cctest header files in fuzzers, so I introduce a new test/common directory which contains the common files. R=titzer@chromium.org, jochen@chromium.org Review-Url: https://codereview.chromium.org/2335193002 Cr-Commit-Position: refs/heads/master@{#39411}
-
ahaas authored
BUG=chromium:646564 R=titzer@chromium.org Review-Url: https://codereview.chromium.org/2336363003 Cr-Commit-Position: refs/heads/master@{#39405}
-
- 12 Sep, 2016 2 commits
-
-
mtrofin authored
Moved the compilation/instantiation pipeline to work off the module object (JSObject), making the compiled module data (the FixedArray) an implementation detail. This: - simplifies the code by removing duplicate decode->compile->instantiate sequences - sets up the stage for "dressing up" the runtime model with stronger typed APIs - helps relanding this CL: https://codereview.chromium.org/2305903002/. It turns out that GCs during the cloning/instantiation events cause trouble, and centering the source of truth on the module object helps address this issue. In the process, clarified cctest setup for wasm-capable isolates, and changed signatures for consistency (using ModuleOrigin througout). BUG= Review-Url: https://codereview.chromium.org/2320723005 Cr-Commit-Position: refs/heads/master@{#39360}
-
ahaas authored
With this CL the wasm-code-fuzzer first decodes and interprets the test case generated by the fuzzer. It then compiles the test case, but only executes the compiled instance if the interpretation of the test case was successful. If the compiled instance is executed, then the result of the execution is compared with the result of the interpretation. Additionally this CL refactors the CompileAndRunWasmModule function in wasm-module.cc to resuse code in the call to the interpreter. R=titzer@chromium.org Review-Url: https://codereview.chromium.org/2321443002 Cr-Commit-Position: refs/heads/master@{#39351}
-
- 29 Aug, 2016 3 commits
-
-
bradnelson authored
BUG=None TEST=None R=mtrofin@chromium.org Review-Url: https://codereview.chromium.org/2290803002 Cr-Commit-Position: refs/heads/master@{#38989}
-
bradnelson authored
This adds: * A script (tools/update-wasm-fuzzers.sh), which creates a new fuzzing seed corpus and uploads to google storage (you must have the right credentials). * A new pair of DEPS entries to pull in the current version of the corpus based on a checked in pair of hash files. BUG=None TEST=None R=ahaas@chromium.org,kcc@chromium.org,mvstanton@chromium.org Review-Url: https://codereview.chromium.org/2273303002 Cr-Commit-Position: refs/heads/master@{#38987}
-
ahaas authored
The new fuzzer constructs a dummy module header and uses the fuzzer data only as function code. R=titzer@chromium.org, jochen@chromium.org Review-Url: https://codereview.chromium.org/2280623002 Cr-Commit-Position: refs/heads/master@{#38983}
-