1. 18 Jun, 2021 2 commits
  2. 19 Apr, 2021 1 commit
    • Daniel Lehmann's avatar
      [wasm] Allow execution while modifying code space · 8fffd56f
      Daniel Lehmann authored
      The --wasm-write-protect-code-memory flag previously enforced W^X, that
      is the WebAssembly code space was either writable or executable, but
      never both at the same time. With compilation in background threads
      concurrent to execution in the main thread, this simple scheme is no
      longer viable because the same memory page can indeed be written to and
      executed at the same time. Hence, this flag is currently broken and
      disabled and the code space is always writable AND executable.
      
      As a first step towards more security, we at least want to
      write-protect the code space (when not required writable by compilation
      threads) but at the same time keep it always executable (because of
      concurrent execution in the main thread). That is, we no longer switch
      between RX and RW (W^X), but rather between RX and RWX
      (write-protection only).
      
      This CL starts to change from W^X (which was broken) to
      write-protection only when enabling --wasm-write-protect-code-memory.
      This is the first of two CLs, where the followup CL will fix the
      feature, and this CL merely prepares and cleans up the code. In
      particular, this CL changes the permissions from RW to RWX (due to
      concurrent execution) and renames `WasmCodeAllocator::SetExecutable()`
      to `WasmCodeAllocator::SetWritable()` (and similarly named callers) to
      be consistent with that change. Since the code space is now always
      executable, this CL also removes now unneeded calls to
      `SetExecutable(true)` in tests.
      
      R=clemensb@chromium.org
      CC=​​jkummerow@chromium.org
      
      Bug: v8:11663
      Change-Id: I2065eed6770215892b81daefbddf74a349e783cc
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2835237Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Commit-Queue: Daniel Lehmann <dlehmann@google.com>
      Cr-Commit-Position: refs/heads/master@{#74041}
      8fffd56f
  3. 17 Dec, 2020 1 commit
  4. 15 Oct, 2020 1 commit
  5. 30 Sep, 2020 1 commit
  6. 16 Sep, 2020 1 commit
  7. 06 Aug, 2020 1 commit
    • Clemens Backes's avatar
      [wasm] Remove ExecutionTier::kInterpreter · 0c918bd8
      Clemens Backes authored
      The interpreter is not an execution tier in production any more. It's
      only used in tests.
      Thus, remove {ExecutionTier::kInterpreter} and instead add a
      {TestExecutionTier} that still has {kInterpreter}.
      
      If needed (in {TestingModuleBuilder::execution_tier()}), we translate
      back from {TestExecutionTier} to {ExecutionTier} (for {kLiftoff} and
      {kTurboFan} only).
      
      The {TraceMemoryOperation} method, which is shared between interpreter
      and production code, now receives a {base::Optional<ExecutionTier>}, and
      we will just pass en empty optional if called from the interpreter.
      
      R=thibaudm@chromium.org
      
      Bug: v8:10389
      Change-Id: Ibe133b91e8dca6d6edbfaee5ffa0d7fe72ed6d64
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335186Reviewed-by: 's avatarThibaud Michaud <thibaudm@chromium.org>
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69260}
      0c918bd8
  8. 16 Jun, 2020 1 commit
  9. 10 Jun, 2020 1 commit
  10. 09 Jun, 2020 1 commit
  11. 27 Feb, 2020 1 commit
  12. 27 Jun, 2019 1 commit
  13. 23 May, 2019 1 commit
  14. 21 May, 2019 1 commit
  15. 03 Apr, 2019 1 commit
  16. 01 Feb, 2019 1 commit
    • Clemens Hammacher's avatar
      [test] Modernize value helpers · f0d69fc9
      Clemens Hammacher authored
      This CL changes the usage pattern from
      FOR_XXX_VALUES(i) { Use(*i); }
      to
      FOR_XXX_VALUES(i) { Use(i); }
      which is way more intuitive.
      
      Note that the replacement in the uses was done via regular expression,
      so it's purely mechanical. In two locations I removed unneeded braces
      around the macro, because they confused clang-format.
      I plan to do more cleanups (remove redundant assignments within the
      FOR_XXX_VALUES body) in a follow-up CL.
      
      R=mstarzinger@chromium.org
      
      Bug: v8:8562
      Change-Id: I4329bfcf34e5b077d19b50f4204ceb3b4340fe61
      Reviewed-on: https://chromium-review.googlesource.com/c/1449615
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#59287}
      f0d69fc9
  17. 10 Jan, 2019 1 commit
  18. 26 Dec, 2018 1 commit
  19. 14 Sep, 2018 1 commit
  20. 21 Aug, 2018 1 commit
  21. 02 Aug, 2018 1 commit
    • Ben L. Titzer's avatar
      [cleanup] Remove redundant wasm:: namespace prefixes · 99de47f1
      Ben L. Titzer authored
      The wasm/ directory is inconsistent in many places, often within the
      same file. For all code that exists in a v8::internal::wasm namespace,
      this CL removes any wasm:: qualifiers, which is especially helpful
      since most types are already Wasm-named, such as WasmCode, WasmModule,
      etc. Namespace qualifiers are redundant inside the wasm:: namespace and
      thus go against the main point of using namespaces. Removing the
      qualifiers for non Wasm-named classes also makes the code somewhat more
      future-proof, should we move some things that are not really WASM-specific
      (such as ErrorThrower and Decoder) into a higher namespace.
      
      R=clemensh@chromium.org,mstarzinger@chromium.org
      
      Change-Id: Ibff3e1e93c64c12dcb53c46c03d1bfb2fb0b7586
      Reviewed-on: https://chromium-review.googlesource.com/1160232
      Commit-Queue: Ben Titzer <titzer@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54862}
      99de47f1
  22. 27 Apr, 2018 2 commits
    • Michael Starzinger's avatar
      [wasm] Make {NativeModule} independent of instance. · d71bcfcb
      Michael Starzinger authored
      This removes the last reference from {NativeModule} that made it
      specific to a concrete WebAssembly instance, by only referencing the
      {WasmSharedModuleData} instead of a {WasmCompiledModule}. Note that
      eventually we want to remove this reference completely to become even
      independent of the underlying Isolate soon.
      
      R=clemensh@chromium.org
      BUG=v8:7424
      
      Change-Id: I29b8cde8beadeef75c90e90fbff1830f2bf4e636
      Reviewed-on: https://chromium-review.googlesource.com/1032433
      Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
      Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52853}
      d71bcfcb
    • Clemens Hammacher's avatar
      [wasm] Split off wasm-linkage.h · 8466b71a
      Clemens Hammacher authored
      Linkage-related methods were declared in wasm-compiler.h and
      implemented in wasm-linkage.cc. This required all users of e.g. wasm
      call descriptors to include the whole wasm compiler header. Also, some
      wasm linkage information is independent of turbofan and also used
      outside of the compiler directory.
      
      This CL splits off wasm-linkage.h (with minimal includes) and puts it
      in src/wasm. This allows to use that information without including
      compiler headers (will clean up several uses in follow-up CLs).
      
      R=mstarzinger@chromium.org, titzer@chromium.org
      
      Bug: v8:7570
      Change-Id: Ifcae70b4ea7932cda30953b325c2b87c4176c598
      Reviewed-on: https://chromium-review.googlesource.com/1013701Reviewed-by: 's avatarBen Titzer <titzer@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52849}
      8466b71a
  23. 16 Apr, 2018 1 commit
  24. 14 Apr, 2018 1 commit
    • Jakob Kummerow's avatar
      [ubsan] Change Address typedef to uintptr_t · 2459046c
      Jakob Kummerow authored
      The "Address" type is V8's general-purpose type for manipulating memory
      addresses. Per the C++ spec, pointer arithmetic and pointer comparisons
      are undefined behavior except within the same array; since we generally
      don't operate within a C++ array, our general-purpose type shouldn't be
      a pointer type.
      
      Bug: v8:3770
      Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
      Change-Id: Ib96016c24a0f18bcdba916dabd83e3f24a1b5779
      Reviewed-on: https://chromium-review.googlesource.com/988657
      Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52601}
      2459046c
  25. 06 Apr, 2018 1 commit
  26. 04 Apr, 2018 2 commits
    • Ben Titzer's avatar
      Revert "[wasm] Merge the WasmContext into WasmInstanceObject" · 8adb94fc
      Ben Titzer authored
      This reverts commit 57bf0bfe.
      
      Reason for revert: <INSERT REASONING HERE>
      
      Original change's description:
      > [wasm] Merge the WasmContext into WasmInstanceObject
      > 
      > This change makes lifetime management of WasmCode much simpler.
      > By using the WasmInstanceObject as the context for WASM code execution,
      > including the pointer to the memory base and indirect function tables,
      > this keeps the instance alive when WASM code is on the stack, since
      > the instance object is passed as a parameter and spilled onto the stack.
      > This is in preparation of sharing the code between instances and
      > isolates.
      > 
      > Bug: v8:7424
      > 
      > Change-Id: Ic2e4b7bcc2feb20001d0553a615a8a9dff36317e
      > Reviewed-on: https://chromium-review.googlesource.com/958520
      > Commit-Queue: Ben Titzer <titzer@chromium.org>
      > Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
      > Reviewed-by: Andreas Haas <ahaas@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#52361}
      
      TBR=mstarzinger@chromium.org,titzer@chromium.org,ahaas@chromium.org,clemensh@chromium.org
      
      Change-Id: I653e27b46dbc43ad773eda4292d521a508f42d79
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:7424
      Reviewed-on: https://chromium-review.googlesource.com/995418Reviewed-by: 's avatarBen Titzer <titzer@chromium.org>
      Commit-Queue: Ben Titzer <titzer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52364}
      8adb94fc
    • Ben L. Titzer's avatar
      [wasm] Merge the WasmContext into WasmInstanceObject · 57bf0bfe
      Ben L. Titzer authored
      This change makes lifetime management of WasmCode much simpler.
      By using the WasmInstanceObject as the context for WASM code execution,
      including the pointer to the memory base and indirect function tables,
      this keeps the instance alive when WASM code is on the stack, since
      the instance object is passed as a parameter and spilled onto the stack.
      This is in preparation of sharing the code between instances and
      isolates.
      
      Bug: v8:7424
      
      Change-Id: Ic2e4b7bcc2feb20001d0553a615a8a9dff36317e
      Reviewed-on: https://chromium-review.googlesource.com/958520
      Commit-Queue: Ben Titzer <titzer@chromium.org>
      Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52361}
      57bf0bfe
  27. 15 Mar, 2018 1 commit
  28. 14 Mar, 2018 1 commit
  29. 12 Mar, 2018 1 commit
  30. 22 Feb, 2018 1 commit
    • Clemens Hammacher's avatar
      [wasm][interpreter] Fix indirect calls to other instances · 537885e8
      Clemens Hammacher authored
      When calling a function through a function table, check whether the
      instance of the called function differs from the current instance, and
      in that case call the other function via a c-wasm-entry instead of
      interpreting it.
      The c-wasm-entry needs to pass the wasm context, so this CL changes
      this to receive the wasm context as parameter instead of embedding the
      context of the calling instance.
      
      R=titzer@chromium.org
      
      Bug: chromium:814562, v8:7400
      Change-Id: Iea93f270542169f8aac4f8c81aacec559c716368
      Reviewed-on: https://chromium-review.googlesource.com/930966Reviewed-by: 's avatarBen Titzer <titzer@chromium.org>
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51485}
      537885e8
  31. 04 Dec, 2017 1 commit
  32. 28 Nov, 2017 3 commits
    • Mircea Trofin's avatar
      Revert "Revert "[wasm] JIT using WasmCodeManager"" · b03b1bd9
      Mircea Trofin authored
      This reverts commit b301203e.
      
      Reason for revert: Fixed issues on arm.
      
      Original change's description:
      > Revert "[wasm] JIT using WasmCodeManager"
      > 
      > This reverts commit d4c8393c.
      > 
      > Reason for revert: Breaks ARM hardware:
      > https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm%20-%20debug/builds/5268
      > 
      > Original change's description:
      > > [wasm] JIT using WasmCodeManager
      > > 
      > > This is the first step towards wasm code sharing. This CL moves wasm
      > > code generation outside the JavaScript GC heap using the previously -
      > > introduced WasmCodeManager (all this, behind the --wasm-jit-to-native
      > > flag).
      > > 
      > > See design document: go/wasm-on-native-heap-stage-1
      > > 
      > > This CL doesn't change other wasm architectural invariants. We still
      > > have per-Isolate wasm code generation, and per-wasm module instance
      > > code specialization.
      > > 
      > > Bug:v8:6876
      > > 
      > > Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      > > Change-Id: I1e08cecad75f93fb081545c31228a4568be276d3
      > > Reviewed-on: https://chromium-review.googlesource.com/674086
      > > Reviewed-by: Ben Titzer <titzer@chromium.org>
      > > Reviewed-by: Eric Holk <eholk@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#49689}
      > 
      > TBR=bradnelson@chromium.org,titzer@chromium.org,mtrofin@chromium.org,eholk@chromium.org
      > 
      > Change-Id: I89af1ea5decd841bc12cd2ceaf74d32bc4433885
      > No-Presubmit: true
      > No-Tree-Checks: true
      > No-Try: true
      > Bug: v8:6876
      > Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      > Reviewed-on: https://chromium-review.googlesource.com/794690
      > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
      > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#49691}
      
      TBR=bradnelson@chromium.org,machenbach@chromium.org,titzer@chromium.org,mtrofin@chromium.org,eholk@chromium.org
      
      Change-Id: I1b07638d1bb2ba0664305b4b2dcfc1342dc8444f
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:6876
      Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      Reviewed-on: https://chromium-review.googlesource.com/794434
      Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
      Reviewed-by: 's avatarMircea Trofin <mtrofin@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#49692}
      b03b1bd9
    • Michael Achenbach's avatar
      Revert "[wasm] JIT using WasmCodeManager" · b301203e
      Michael Achenbach authored
      This reverts commit d4c8393c.
      
      Reason for revert: Breaks ARM hardware:
      https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm%20-%20debug/builds/5268
      
      Original change's description:
      > [wasm] JIT using WasmCodeManager
      > 
      > This is the first step towards wasm code sharing. This CL moves wasm
      > code generation outside the JavaScript GC heap using the previously -
      > introduced WasmCodeManager (all this, behind the --wasm-jit-to-native
      > flag).
      > 
      > See design document: go/wasm-on-native-heap-stage-1
      > 
      > This CL doesn't change other wasm architectural invariants. We still
      > have per-Isolate wasm code generation, and per-wasm module instance
      > code specialization.
      > 
      > Bug:v8:6876
      > 
      > Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      > Change-Id: I1e08cecad75f93fb081545c31228a4568be276d3
      > Reviewed-on: https://chromium-review.googlesource.com/674086
      > Reviewed-by: Ben Titzer <titzer@chromium.org>
      > Reviewed-by: Eric Holk <eholk@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#49689}
      
      TBR=bradnelson@chromium.org,titzer@chromium.org,mtrofin@chromium.org,eholk@chromium.org
      
      Change-Id: I89af1ea5decd841bc12cd2ceaf74d32bc4433885
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:6876
      Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      Reviewed-on: https://chromium-review.googlesource.com/794690Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#49691}
      b301203e
    • Mircea Trofin's avatar
      [wasm] JIT using WasmCodeManager · d4c8393c
      Mircea Trofin authored
      This is the first step towards wasm code sharing. This CL moves wasm
      code generation outside the JavaScript GC heap using the previously -
      introduced WasmCodeManager (all this, behind the --wasm-jit-to-native
      flag).
      
      See design document: go/wasm-on-native-heap-stage-1
      
      This CL doesn't change other wasm architectural invariants. We still
      have per-Isolate wasm code generation, and per-wasm module instance
      code specialization.
      
      Bug:v8:6876
      
      Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
      Change-Id: I1e08cecad75f93fb081545c31228a4568be276d3
      Reviewed-on: https://chromium-review.googlesource.com/674086Reviewed-by: 's avatarBen Titzer <titzer@chromium.org>
      Reviewed-by: 's avatarEric Holk <eholk@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#49689}
      d4c8393c
  33. 25 Oct, 2017 1 commit
  34. 19 Oct, 2017 1 commit
  35. 18 Oct, 2017 1 commit
    • Clemens Hammacher's avatar
      Revert "[test] Avoid unnecessary std::vector allocations" · ab639e4a
      Clemens Hammacher authored
      This reverts commit e737b4ce.
      
      Reason for revert: On windows, V8_INFINITY is not constexpr
      
      Original change's description:
      > [test] Avoid unnecessary std::vector allocations
      > 
      > Instead of copying an array of fixed values into an std::vector for
      > each usage of the FOR_INPUTS macro, just iterate the constant data
      > directly.
      > This also makes the <type>_vector() functions return {constexpr Vector}
      > instead of {std::vector}.
      > 
      > R=​tebbi@chromium.org
      > 
      > Change-Id: Ifc3e5509b2fbf5e383c967c2f46acf2b07f7b5b4
      > Reviewed-on: https://chromium-review.googlesource.com/725427
      > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
      > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#48688}
      
      TBR=clemensh@chromium.org,tebbi@chromium.org
      
      Change-Id: Iccb52941d4efe71b49b41572c3d922a5d78bdfd2
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Reviewed-on: https://chromium-review.googlesource.com/725899Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#48691}
      ab639e4a