This patch updates internal data structures used by V8 to support
multiple indirect function tables (WebAssembly/design#682). But, since
this feature is post-MVP, the functionality is not directly exposed and
parsing/generation of WebAssembly is left unchanged. Nevertheless, it
is being used in an experiment to implement fine-grained control flow
integrity based on C/C++ types.

BUG=

Review-Url: https://codereview.chromium.org/2174123002
Cr-Commit-Position: refs/heads/master@{#38110}

Revert "[wasm] Adding a convolution matrix filter test to highlight the performance advantages of JITing"

GC-Stress asserts in filter-jit.

This reverts commit ccfd224e.

BUG=v8:5044
R=bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2168343002
Cr-Commit-Position: refs/heads/master@{#37961}

This cl also fixes two bugs in the previous code:
    1) JITed functions were not allowed access to the heap because the module instance wasn't correctly synthesized. This wasn't discovered in the previous test.
    2) Decoding of functions with the JITSingleFunction opcode was off by 1 as the length of the opcode wasn't computed correctly.
BUG=5044

Review-Url: https://codereview.chromium.org/2168183002
Cr-Commit-Position: refs/heads/master@{#37957}

 - Add Simd128 type to Wasm AST types
 - Decode SIMD prefix, wasm opcodes correctly
 - Add a pass that converts SIMD machine ops to runtime calls
 - Sample opcodes Int32x4Splat, Int32x4ExtractLane and test

LOG=N
BUG=v8:4124

R=bradnelson@chromium.org, bbudge@chromium.org, titzer@chromium.org

Committed: https://crrev.com/73df92fc2fdbbfadc17e8ab4e58ec56ae2b3d91a
Review-Url: https://codereview.chromium.org/1991143002
Cr-Original-Commit-Position: refs/heads/master@{#37789}
Cr-Commit-Position: refs/heads/master@{#37807}

Revert of Convert SIMD wasm ops to runtime function calls (patchset #17 id:320001 of https://codereview.chromium.org/1991143002/ )

Reason for revert:
[Sheriff] Violates msan and tsan:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/9663
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/10670

Original issue's description:
> Convert SIMD machine ops to runtime function calls
>  - Add Simd128 type to Wasm AST types
>  - Add a pass that converts SIMD machine ops to runtime calls
>  - Sample opcodes Int32x4Splat, Int32x4ExtractLane and test
>  - Separate out generic SIMD Machine ops as these cannot be
>  handled by runtime functions just yet.
>
> LOG=N
> BUG=v8:4124
>
> R=bradnelson@chromium.org, bbudge@chromium.org, titzer@chromium.org
>
> Committed: https://crrev.com/73df92fc2fdbbfadc17e8ab4e58ec56ae2b3d91a
> Cr-Commit-Position: refs/heads/master@{#37789}

TBR=bbudge@chromium.org,bradnelson@chromium.org,titzer@chromium.org,gdeepti@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2154723002
Cr-Commit-Position: refs/heads/master@{#37790}

 - Add Simd128 type to Wasm AST types
 - Add a pass that converts SIMD machine ops to runtime calls
 - Sample opcodes Int32x4Splat, Int32x4ExtractLane and test
 - Separate out generic SIMD Machine ops as these cannot be
 handled by runtime functions just yet.

LOG=N
BUG=v8:4124

R=bradnelson@chromium.org, bbudge@chromium.org, titzer@chromium.org

Review-Url: https://codereview.chromium.org/1991143002
Cr-Commit-Position: refs/heads/master@{#37789}

Implemented the WebAssembly.Module and WebAssembly.Instance
in terms of the WasmModule::CompileFunctions and
WasmModule::Instantiate APIs.

Added negative tests - for invalid module object.

BUG=

Review-Url: https://codereview.chromium.org/2121593002
Cr-Commit-Position: refs/heads/master@{#37775}

[wasm] Adding feature to JIT a wasm function at runtime and hook up the compiled code into the indirect function table

The runtime JIT function is passed in the function table to hook up the compiled code and the starting address of the memory to locate the bytes to be compiled.

BUG=5044

Review-Url: https://codereview.chromium.org/2137993003
Cr-Commit-Position: refs/heads/master@{#37735}

BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
TEST=mjsunit/wasm/*
LOG=N

Review-Url: https://codereview.chromium.org/2134333003
Cr-Commit-Position: refs/heads/master@{#37729}

R=mstarzinger@chromium.org,bradnelson@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2118733003
Cr-Commit-Position: refs/heads/master@{#37478}

This stores the wasm object and the function index in the script, and
adds functions to get the disassembled wasm code as well as the offset
table mapping from byte position to line and column in the disassembly
solely from the script.
This will be used to show "ui source code" in DevTools, and map raw
locations from the stack trace into this code view.

R=yangguo@chromium.org, ahaas@chromium.org, titzer@chromium.org
BUG=chromium:613110

patch from issue 2063013004 at patchset 80001 (http://crrev.com/2063013004#ps80001)

Review-Url: https://codereview.chromium.org/2105303002
Cr-Commit-Position: refs/heads/master@{#37430}

R=yangguo@chromium.org,ahaas@chromium.org
BUG=chromium:624713
LOG=Y

Review-Url: https://codereview.chromium.org/2111843002
Cr-Commit-Position: refs/heads/master@{#37428}

Mircea and Andreas have been making changes to wasm.

R=titzer@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2103793006
Cr-Commit-Position: refs/heads/master@{#37401}

This changes many interfaces to accept StandardFrames instead of
JavaScriptFrames, and use the StackTraceFrameIterator instead of the
JavaScriptFrameIterator.
Also, the detailed frame information array now contains the script in
addition to the function, as wasm frames are not associated to any
javascript function.

This is a rebase of (https://codereview.chromium.org/2069823003/), since clemensh's internship has ended.

R=yangguo@chromium.org,ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2109093003
Cr-Commit-Position: refs/heads/master@{#37379}

BUG=617526
R=bradnelson@chromium.org
TEST=regress-617526.js

Review-Url: https://codereview.chromium.org/2101923003
Cr-Commit-Position: refs/heads/master@{#37354}

Comparisons were allowing asm 'int' values in places
that require strict 'signed' or 'unsigned' but not both.

Fixes crash when these make it to asm-wasm.

BUG=599413
BUG=v8:4203
R=aseemgarg@chromium.org

Review-Url: https://codereview.chromium.org/2106683003
Cr-Commit-Position: refs/heads/master@{#37353}

asm.js forbids mixing signed and unsigned % or /.
We had been allowing these.

Fixes crash.

BUG=618602
BUG=v8:4203
R=aseemgarg@chromium.org

Review-Url: https://codereview.chromium.org/2107683002
Cr-Commit-Position: refs/heads/master@{#37350}

We were not checking that the string passed to instantiateFromAsm
contains a function declaration (any declaration was allowed).

Fixes crash.

BUG=620649
BUG=v8:4203
R=aseemgarg@chromium.org

Review-Url: https://codereview.chromium.org/2109533002
Cr-Commit-Position: refs/heads/master@{#37349}

  - GrowMemory runtime function, tests added to checks if memory can be grown
  and relocation information is updated correctly

R=titzer@chromium.org, bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2051043002
Cr-Commit-Position: refs/heads/master@{#37338}

Add a flag to gate experimental support for dynamic code loading and JITing (at runtime in a wasm module).

Enhancing functionality of the indirect function table to support JITing and dynamic linking by allowing additional space to be filled with an "undefined" function signature.

BUG=v8:5044
LOG=N
TEST=None
R=mtrofin@chromium.org,bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2049513003
Cr-Commit-Position: refs/heads/master@{#37159}

- Use ES6 classes and other goodies.
- Make some names match design/spec.
- Remove obsolete generation of END section.

R=bradnelson@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2081973003
Cr-Commit-Position: refs/heads/master@{#37155}

Implements:
- WebAssembly object,
- WebAssembly.Module constructor,
- WebAssembly.Instance constructor,
- WebAssembly.compile async method,
- and Module and Instance instance objects.

Also, changes ErrorThrower to support capturing errors in a promise reject.

Since we cannot yet compile without fixing the Wasm memory, and cannot validate a module without compiling, the Module constructor and compile method don't do anything yet but checking that their argument is a suitable BufferSource. Instead of a compiled module, the hidden state of a Module object currently is just that buffer.

BUG=

Review-Url: https://codereview.chromium.org/2084573002
Cr-Commit-Position: refs/heads/master@{#37143}

With the tail call, pointers to the JS heap could be pushed on a
js-to-wasm frame. On the js-to-wasm frame, however, this pointer would
not be updated by the GC.

R=bmeurer@chromium.org, v8-arm-ports@googlegroups.com, v8-mips-ports@googlegroups.com
BUG=617084
TEST=mjsunit/wasm/gc-frame.js:GCInJSToWasmTest()

Review-Url: https://codereview.chromium.org/2079393003
Cr-Commit-Position: refs/heads/master@{#37132}

Without this check, instantiation of the wasm module would fail on
DefineOwnProperty on the exports object for the duplicate export.
Now we detect this as validation error.

R=rossberg@chromium.org, titzer@chromium.org, ahaas@chromium.org

Review-Url: https://codereview.chromium.org/2065043002
Cr-Commit-Position: refs/heads/master@{#37038}

Intersection of types is used in several places,
if it yields the empty set, this indicates a type mismatch.
We should emit an error in this case.

Add the RECURSE() macro around IntersectResult to allow errors to propagate immediately.

BUG=614291
R=ahaas@chromium.org
TEST=asm-wasm
LOG=N

Review-Url: https://codereview.chromium.org/2011873002
Cr-Commit-Position: refs/heads/master@{#36525}

R=titzer@chromium.org, yangguo@chromium.org

Review-Url: https://codereview.chromium.org/1961453002
Cr-Commit-Position: refs/heads/master@{#36354}

Empty function names are allowed and are output as such, unnamed
functions or functions with no valid UTF-8 name are output as
"<WASM UNNAMED>", while the CallSite object returns null as the
function name.

R=titzer@chromium.org, yangguo@chromium.org

Review-Url: https://codereview.chromium.org/1970503004
Cr-Commit-Position: refs/heads/master@{#36348}

Names passed for imports and exports are checked during decoding,
leading to errors if they are no valid UTF-8. Function names are not
checked during decode, but rather lead to undefined being returned at
runtime if they are not UTF-8.

We need to do these checks on the Wasm side, since the factory
methods assume to get valid UTF-8 strings.

R=titzer@chromium.org, yangguo@chromium.org

Review-Url: https://codereview.chromium.org/1967023004
Cr-Commit-Position: refs/heads/master@{#36208}

With this CL it is possible to compile a wasm module with multiple
threads in parallel. Parallel compilation works as follows:

1)   The main thread allocates a compilation unit for each wasm function.
2)   The main thread spawns WasmCompilationTasks which run on the
     background threads.
3.a) The background threads and the main thread pick one compilation unit
     at a time and execute the parallel phase of the compilation unit.
     After finishing the execution of the parallel phase, the compilation
     unit is stored in a result queue.
3.b) If the result queue contains a compilation unit, the main thread
     dequeues it and finishes its compilation.
4)   After the execution of the parallel phase of all compilation units has
     started, the main thread waits for all WasmCompilationTasks to finish.
5)   The main thread finalizes the compilation of the module.

I'm going to add some additional tests before committing this CL.

R=titzer@chromium.org, bmeurer@chromium.org, mlippautz@chromium.org, mstarzinger@chromium.org

Committed: https://crrev.com/17215438659d8ff2d7d55f95226bf8a1477ccd79
Cr-Commit-Position: refs/heads/master@{#36178}

Review-Url: https://codereview.chromium.org/1961973002
Cr-Commit-Position: refs/heads/master@{#36207}

And add more tests for traps at different locations.

R=titzer@chromium.org, yangguo@chromium.org

Review-Url: https://codereview.chromium.org/1924253002
Cr-Commit-Position: refs/heads/master@{#36202}

Revert of [wasm] Implement parallel compilation. (patchset #6 id:100001 of https://codereview.chromium.org/1961973002/ )

Reason for revert:
The ThreadSanitizer finds data races.

Original issue's description:
> [wasm] Implement parallel compilation.
>
> With this CL it is possible to compile a wasm module with multiple
> threads in parallel. Parallel compilation works as follows:
>
> 1)   The main thread allocates a compilation unit for each wasm function.
> 2)   The main thread spawns WasmCompilationTasks which run on the
>      background threads.
> 3.a) The background threads and the main thread pick one compilation unit
>      at a time and execute the parallel phase of the compilation unit.
>      After finishing the execution of the parallel phase, the compilation
>      unit is stored in a result queue.
> 3.b) If the result queue contains a compilation unit, the main thread
>      dequeues it and finishes its compilation.
> 4)   After the execution of the parallel phase of all compilation units has
>      started, the main thread waits for all WasmCompilationTasks to finish.
> 5)   The main thread finalizes the compilation of the module.
>
> I'm going to add some additional tests before committing this CL.
>
> R=titzer@chromium.org, bmeurer@chromium.org, mlippautz@chromium.org, mstarzinger@chromium.org
>
> Committed: https://crrev.com/17215438659d8ff2d7d55f95226bf8a1477ccd79
> Cr-Commit-Position: refs/heads/master@{#36178}

TBR=bmeurer@chromium.org,mlippautz@chromium.org,mstarzinger@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/1965243003
Cr-Commit-Position: refs/heads/master@{#36182}

With this CL it is possible to compile a wasm module with multiple
threads in parallel. Parallel compilation works as follows:

1)   The main thread allocates a compilation unit for each wasm function.
2)   The main thread spawns WasmCompilationTasks which run on the
     background threads.
3.a) The background threads and the main thread pick one compilation unit
     at a time and execute the parallel phase of the compilation unit.
     After finishing the execution of the parallel phase, the compilation
     unit is stored in a result queue.
3.b) If the result queue contains a compilation unit, the main thread
     dequeues it and finishes its compilation.
4)   After the execution of the parallel phase of all compilation units has
     started, the main thread waits for all WasmCompilationTasks to finish.
5)   The main thread finalizes the compilation of the module.

I'm going to add some additional tests before committing this CL.

R=titzer@chromium.org, bmeurer@chromium.org, mlippautz@chromium.org, mstarzinger@chromium.org

Review-Url: https://codereview.chromium.org/1961973002
Cr-Commit-Position: refs/heads/master@{#36178}

This changes different locations to extract the reference to the wasm
object and the function index from the stack trace, and make it
available through all the APIs which process stack traces.
The javascript CallSite object now has the new methods isWasm(),
getWasmObject() and getWasmFunctionIndex(); the byte offset is
available via getPosition().

Function names of wasm frames should be fully functional with this
commit, position information works reliably for calls, but not for
traps like unreachable or out-of-bounds accesses.

R=titzer@chromium.org, yangguo@chromium.org

Review-Url: https://codereview.chromium.org/1909353002
Cr-Commit-Position: refs/heads/master@{#36067}

[wasm] Binary 11: Swap the order of section name / section length.
[wasm] Binary 11: Shorter section names.
[wasm] Binary 11: Add a prefix for function type declarations.
[wasm] Binary 11: Function types encoded as pcount, p*, rcount, r*
[wasm] Fix numeric names for functions.

R=rossberg@chromium.org,jfb@chromium.org,ahaas@chromium.org
BUG=chromium:575167
LOG=Y

Review-Url: https://codereview.chromium.org/1896863003
Cr-Commit-Position: refs/heads/master@{#35897}

[wasm] Binary 11: br_table takes a value.
[wasm] Binary 11: Add implicit blocks to if arms.
[wasm] Binary 11: Add arities to call, return, and breaks
[wasm] Binary 11: Add experimental version.

This CL changes the encoder, decoder, and tests to use a postorder
encoding of the AST, which is more efficient in decode time and
space.

R=bradnelson@chromium.org,rossberg@chromium.org,binji@chromium.org
BUG=chromium:575167
LOG=Y

Review-Url: https://codereview.chromium.org/1830663002
Cr-Commit-Position: refs/heads/master@{#35896}

R=jfb@chromium.org,rossberg@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1900153002

Cr-Commit-Position: refs/heads/master@{#35698}

Since traps now throw real Error objects, we get stack traces
containing <WASM> functions on top-level. The additional tests check
for two traps: unreachable and memory out-of-bounds.

R=ahaas@chromium.org, jfb@chromium.org, titzer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1878563003

Cr-Commit-Position: refs/heads/master@{#35691}

This extends the wasm test case which only checks the "simple"
string-variant of the stack trace.
It checks the return values of the getFunctionName, getLineNumber,
getFileName and toString methods.

R=machenbach@chromium.org, jfb@chromium.org, titzer@chromium.org

Review URL: https://codereview.chromium.org/1875153002

Cr-Commit-Position: refs/heads/master@{#35687}

Revert of [wasm] Also test structured stack trace (patchset #4 id:60001 of https://codereview.chromium.org/1875153002/ )

Reason for revert:
Breaks:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20custom%20snapshot%20-%20debug/builds/6322

Original issue's description:
> [wasm] Also test structured stack trace
>
> This extends the wasm test case which only checks the "simple"
> string-variant of the stack trace.
> It checks the return values of the getFunctionName, getLineNumber,
> getFileName and toString methods.
>
> R=ahaas@chromium.org, jfb@chromium.org, titzer@chromium.org
> BUG=

TBR=ahaas@chromium.org,jfb@chromium.org,titzer@chromium.org,clemensh@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review URL: https://codereview.chromium.org/1903293002

Cr-Commit-Position: refs/heads/master@{#35670}

This extends the wasm test case which only checks the "simple"
string-variant of the stack trace.
It checks the return values of the getFunctionName, getLineNumber,
getFileName and toString methods.

R=ahaas@chromium.org, jfb@chromium.org, titzer@chromium.org
BUG=

Review URL: https://codereview.chromium.org/1875153002

Cr-Commit-Position: refs/heads/master@{#35666}