Return -1 instead of out of throwing errors, update tests.

R=titzer@chromium.org, ahaas@chromium.org

Review-Url: https://codereview.chromium.org/2216443002
Cr-Commit-Position: refs/heads/master@{#38350}

Review-Url: https://codereview.chromium.org/2204703002
Cr-Commit-Position: refs/heads/master@{#38349}

R=ahaas@chromium.org,bradnelson@chromium.org
BUG=chromium:628542

Review-Url: https://codereview.chromium.org/2207183002
Cr-Commit-Position: refs/heads/master@{#38317}

The func_index parameter passed to GetWasmFunctionNameFromTable can be
user-controlled through the CallSite constructor. Catch out-of-bounds
reads and return null as the function name in such cases.

This applies to the 5.3 branch and will be reverted on TOT in a bit.

BUG=632965

Review-Url: https://codereview.chromium.org/2199333002
Cr-Commit-Position: refs/heads/master@{#38276}

A fix would be to walk the reloc info and RecordWriteIntoCode. Doing
so, however, upsets a scavenger DCHECK.

We stumbled upon this issue because we were placing wasm objects
(fixed arrays) in NEW_SPACE, rather than OLD_SPACE. These fixed
arrays were subsequently referenced from Code objects, which were
then cloned.

The current CL ensures wasm constructs are allocated in OLD_SPACE,
by pre-tenuring them (consistent with other wasm allocations). In
addition, it adds a DCHECK for CopyCode clarifying its lack of support
for references to NEW_SPACE.

We can investigate in a subsequent CL making CopyCode more robust,
pending understanding of the Scavenger's assumptions.

BUG=

Review-Url: https://codereview.chromium.org/2201663003
Cr-Commit-Position: refs/heads/master@{#38263}

R=ahaas@chromium.org,bradnelson@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2209433002
Cr-Commit-Position: refs/heads/master@{#38262}

This CL introduces a new fast flat instantiations cache for the first 1024 object templates.
After that we fall back to the existing slower dictionary cache.

Drive-by-fix: de-handlify and clean up some code in api-natives.cc

BUG=chromium:630217

Review-Url: https://codereview.chromium.org/2170743003
Cr-Commit-Position: refs/heads/master@{#38146}

This patch updates internal data structures used by V8 to support
multiple indirect function tables (WebAssembly/design#682). But, since
this feature is post-MVP, the functionality is not directly exposed and
parsing/generation of WebAssembly is left unchanged. Nevertheless, it
is being used in an experiment to implement fine-grained control flow
integrity based on C/C++ types.

BUG=

Review-Url: https://codereview.chromium.org/2174123002
Cr-Commit-Position: refs/heads/master@{#38110}

Fix failure in mjsunit/wasm/embenchen/box2d on 32-bit architectures that do not support unaligned access.

This test fails because WasmGraphBuilder::BuildCFuncInstruction allocates
space for doubles using StackSlot turbofan operator, but this space is not
guaranteed to be 8 bytes aligned if SP itself is not 8 bytes aligned (which
is the case on 32-bit architectures).

BUG=mjsunit/wasm/embenchen/box2d

Review-Url: https://codereview.chromium.org/2177863002
Cr-Commit-Position: refs/heads/master@{#38039}

R=ishell@chromium.org,bmeurer@chromium.org
TBR=rossberg@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2175233003
Cr-Commit-Position: refs/heads/master@{#38009}

R=bmeurer@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2173403002
Cr-Commit-Position: refs/heads/master@{#38007}

Revert "[wasm] Adding a convolution matrix filter test to highlight the performance advantages of JITing"

GC-Stress asserts in filter-jit.

This reverts commit ccfd224e.

BUG=v8:5044
R=bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2168343002
Cr-Commit-Position: refs/heads/master@{#37961}

This cl also fixes two bugs in the previous code:
    1) JITed functions were not allowed access to the heap because the module instance wasn't correctly synthesized. This wasn't discovered in the previous test.
    2) Decoding of functions with the JITSingleFunction opcode was off by 1 as the length of the opcode wasn't computed correctly.
BUG=5044

Review-Url: https://codereview.chromium.org/2168183002
Cr-Commit-Position: refs/heads/master@{#37957}

R=ahaas@chromium.org,rossberg@chromium.org,bradnelson@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2165633006
Cr-Commit-Position: refs/heads/master@{#37945}

R=ahaas@chromium.org, rossberg@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2170773003
Cr-Commit-Position: refs/heads/master@{#37939}

This CL more or less reverts commit https://codereview.chromium.org/2107733002/
The use of the MathPow code stub that was introduced by that commit caused
problems on arm64, and the MathPow code stub was also an obstacle in the
implementation of parallel code generation.

In addition this CL turns on the mjsunit/wasm/embenchen tests for arm64
which were turned off because of problems with MathPow on arm64.

R=titzer@chromium.org, bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2166793002
Cr-Commit-Position: refs/heads/master@{#37911}

 - Add Simd128 type to Wasm AST types
 - Decode SIMD prefix, wasm opcodes correctly
 - Add a pass that converts SIMD machine ops to runtime calls
 - Sample opcodes Int32x4Splat, Int32x4ExtractLane and test

LOG=N
BUG=v8:4124

R=bradnelson@chromium.org, bbudge@chromium.org, titzer@chromium.org

Committed: https://crrev.com/73df92fc2fdbbfadc17e8ab4e58ec56ae2b3d91a
Review-Url: https://codereview.chromium.org/1991143002
Cr-Original-Commit-Position: refs/heads/master@{#37789}
Cr-Commit-Position: refs/heads/master@{#37807}

Revert of Convert SIMD wasm ops to runtime function calls (patchset #17 id:320001 of https://codereview.chromium.org/1991143002/ )

Reason for revert:
[Sheriff] Violates msan and tsan:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/builds/9663
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/10670

Original issue's description:
> Convert SIMD machine ops to runtime function calls
>  - Add Simd128 type to Wasm AST types
>  - Add a pass that converts SIMD machine ops to runtime calls
>  - Sample opcodes Int32x4Splat, Int32x4ExtractLane and test
>  - Separate out generic SIMD Machine ops as these cannot be
>  handled by runtime functions just yet.
>
> LOG=N
> BUG=v8:4124
>
> R=bradnelson@chromium.org, bbudge@chromium.org, titzer@chromium.org
>
> Committed: https://crrev.com/73df92fc2fdbbfadc17e8ab4e58ec56ae2b3d91a
> Cr-Commit-Position: refs/heads/master@{#37789}

TBR=bbudge@chromium.org,bradnelson@chromium.org,titzer@chromium.org,gdeepti@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4124

Review-Url: https://codereview.chromium.org/2154723002
Cr-Commit-Position: refs/heads/master@{#37790}

 - Add Simd128 type to Wasm AST types
 - Add a pass that converts SIMD machine ops to runtime calls
 - Sample opcodes Int32x4Splat, Int32x4ExtractLane and test
 - Separate out generic SIMD Machine ops as these cannot be
 handled by runtime functions just yet.

LOG=N
BUG=v8:4124

R=bradnelson@chromium.org, bbudge@chromium.org, titzer@chromium.org

Review-Url: https://codereview.chromium.org/1991143002
Cr-Commit-Position: refs/heads/master@{#37789}

Implemented the WebAssembly.Module and WebAssembly.Instance
in terms of the WasmModule::CompileFunctions and
WasmModule::Instantiate APIs.

Added negative tests - for invalid module object.

BUG=

Review-Url: https://codereview.chromium.org/2121593002
Cr-Commit-Position: refs/heads/master@{#37775}

[wasm] Adding feature to JIT a wasm function at runtime and hook up the compiled code into the indirect function table

The runtime JIT function is passed in the function table to hook up the compiled code and the starting address of the memory to locate the bytes to be compiled.

BUG=5044

Review-Url: https://codereview.chromium.org/2137993003
Cr-Commit-Position: refs/heads/master@{#37735}

BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
TEST= cctest/asmjs/test-asm-typer
LOG=N
R=jpp@chromium.org

Review-Url: https://codereview.chromium.org/2146853004
Cr-Commit-Position: refs/heads/master@{#37734}

BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
TEST=mjsunit/wasm/*
LOG=N

Review-Url: https://codereview.chromium.org/2134333003
Cr-Commit-Position: refs/heads/master@{#37729}

To correctly support instantiating a compiled module multiple times, we clone the
compiled module each time we create an instance, since some of the data is specific
to the instance - e.g. export code, wasm functions, indirect table.

BUG=v8:5072

Review-Url: https://codereview.chromium.org/2134593002
Cr-Commit-Position: refs/heads/master@{#37692}

R=ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2135693002
Cr-Commit-Position: refs/heads/master@{#37642}

R=ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2130293002
Cr-Commit-Position: refs/heads/master@{#37611}

Handles are necessary in wasm::GetDebugInfo because a GC can be
triggered in this function.

R=titzer@chromium.org, mstarzinger@chromium.org

Review-Url: https://codereview.chromium.org/2132553002
Cr-Commit-Position: refs/heads/master@{#37601}

The signature of an imported function is needed to compile a wrapper in
wasm to call the imported function. The signature is stored in a heap
object which is created when the wasm module is compiled. With this CL
we do not use a pointer to the signature in the heap object but instead
copy the signature and then use a pointer to the copy. A pointer into
a heap object causes problems when a GC is happening.

R=titzer@chromium.org, mtrofin@chromium.org

Review-Url: https://codereview.chromium.org/2124743002
Cr-Commit-Position: refs/heads/master@{#37527}

If incremental GC starts before imports linking, and sees a wasm
function, it won't revisit that after the imports that function are linked.
As a result, the import code objects may be GC-ed. This change
addresses this issue.

BUG=

Review-Url: https://codereview.chromium.org/2113183002
Cr-Commit-Position: refs/heads/master@{#37507}

R=mstarzinger@chromium.org,bradnelson@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2118733003
Cr-Commit-Position: refs/heads/master@{#37478}

Directs 'use asm' traffic through asm-wasm conversion when --validate-asm is passed.

Adds a builtin that handles the fallback to JS.

BUG= https://bugs.chromium.org/p/v8/issues/detail?id=4203
TEST=asm-wasm
R=mstarzinger@chromium.org,titzer@chromium.org
LOG=N

Review-Url: https://codereview.chromium.org/2057403003
Cr-Commit-Position: refs/heads/master@{#37470}

In the current implementation of wasm an unrepresentable input of the
float32-to-int32 conversion is detected by first truncating the input, then
converting the truncated input to int32 and back to float32, and then checking
whether the result is the same as the truncated input.

This input check does not work on arm and arm64 for an input of (INT32_MAX + 1)
because on these platforms the float32-to-int32 conversion results in INT32_MAX
if the input is greater than INT32_MAX.  When INT32_MAX is converted back to
float32, then the result is (INT32_MAX + 1) again because INT32_MAX cannot be
represented precisely as float32, and rounding-to-nearest results in (INT32_MAX
+ 1). Since (INT32_MAX + 1) equals the truncated input value, the input appears
to be representable.

With the changes in this CL, the result of the float32-to-int32 conversion is
incremented by 1 if the original result was INT32_MAX. Thereby the detection of
unrepresenable inputs in wasm works. Note that since INT32_MAX cannot be
represented precisely in float32, it can also never be a valid result of the
float32-to-int32 conversion.

@v8-mips-ports, can you do a similar implementation for mips?

R=titzer@chromium.org, Rodolph.Perfetta@arm.com

Review-Url: https://codereview.chromium.org/2105313002
Cr-Commit-Position: refs/heads/master@{#37448}

This stores the wasm object and the function index in the script, and
adds functions to get the disassembled wasm code as well as the offset
table mapping from byte position to line and column in the disassembly
solely from the script.
This will be used to show "ui source code" in DevTools, and map raw
locations from the stack trace into this code view.

R=yangguo@chromium.org, ahaas@chromium.org, titzer@chromium.org
BUG=chromium:613110

patch from issue 2063013004 at patchset 80001 (http://crrev.com/2063013004#ps80001)

Review-Url: https://codereview.chromium.org/2105303002
Cr-Commit-Position: refs/heads/master@{#37430}

 - Enable grow memory tests on 32 bit windows
 - Use handles to module JSObject instead of object pointers

R=ahaas@chromium.org, bradnelson@chromium.org

Review-Url: https://codereview.chromium.org/2105013004
Cr-Commit-Position: refs/heads/master@{#37409}

Mircea and Andreas have been making changes to wasm.

R=titzer@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2103793006
Cr-Commit-Position: refs/heads/master@{#37401}

Commit d0b8e7fb introduced some functionality to allocate additional
space in the function table, filled with an "undefined" function
signature. Use -1 instead of undefined_value() as the latter can have
the top bits cleared (which happens often for arm64) and causes
intermittent test failures.

BUG=

Review-Url: https://codereview.chromium.org/2105293002
Cr-Commit-Position: refs/heads/master@{#37393}

R=ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2110053002
Cr-Commit-Position: refs/heads/master@{#37387}

R=ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2111433003
Cr-Commit-Position: refs/heads/master@{#37383}

This changes many interfaces to accept StandardFrames instead of
JavaScriptFrames, and use the StackTraceFrameIterator instead of the
JavaScriptFrameIterator.
Also, the detailed frame information array now contains the script in
addition to the function, as wasm frames are not associated to any
javascript function.

This is a rebase of (https://codereview.chromium.org/2069823003/), since clemensh's internship has ended.

R=yangguo@chromium.org,ahaas@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2109093003
Cr-Commit-Position: refs/heads/master@{#37379}

Reland of https://codereview.chromium.org/2034093002 (reverted by
https://codereview.chromium.org/2080153002).

Original commit message:
Implement WASM support on big-endian platforms. WASM has
an implicit requirement that it is running on little-endian
machine. We achieve WASM support on BE by keeping data
in memory in little-endian order, and changing data
endianness before storing to memory and after loading from
memory.

BUG=

Review-Url: https://codereview.chromium.org/2083523002
Cr-Commit-Position: refs/heads/master@{#37373}