- 12 Jun, 2017 2 commits
-
-
Mircea Trofin authored
Avoid constructing zones and large zone objects when initializing WasmCompilationUnit. The main reason we did that is so we can cache the CEntryStub node, which requires a code object, obtainable only on the main thread. We need that value, however, on background threads, which is also where we need the aforementioned large objects. We only need that for the WasmCompilationUnits being currently compiled, which is a number proportional to the number of background threads provided by the embedder. Specifically, one zone is needed only for the duration of the background compilation, while the second zone needs to survive past that, so the compilation results may be committed to the GC heap as Code objects. The problem with these large objects is that the first allocation in a Zone is at minimum 8KB. We used to allocate 2 zones. For modules with 200K functions, that means 3.2GB of memory pre-allocated before any of it is actually needed. This change attaches a Handle to the CEntryStub on the WasmCompilationUnits, and delays zone creation to when needed. The change also adds a way to cache CEntryStubs in a JSGraph from a given Code handle - limited to the scenario needed by wasm (and removable once we get wasm off the GC heap, which subsumes removing this dependency on CEntryStubs) An additional constraint for this change is that we want it to be easily back-mergeable to address chromium:723899. For the wasm payload in question, collecting the max memory used by d8 using /usr/bin/time --format='(%Xtext+%Ddata %Mmax)', we get the following numbers (in KB): - unchanged: 3307480 - patch 1: 1807140 (45% reduction) - patch 3: 1230320 (62% reduction from first) - patch 5/6: 519368 (84% reduction from first) Bug: chomium:732010, chromium:723899 Change-Id: I45b96792daf8a9c8dc47d45fb52da75945a41401 Reviewed-on: https://chromium-review.googlesource.com/530193 Commit-Queue: Mircea Trofin <mtrofin@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#45880}
-
Clemens Hammacher authored
In many places in WasmModule and contained structs we store references into the wire bytes as pairs of offset and length. This CL introduces a WireBytesRef struct which encapsulates these two connected fields. This makes it easier to pass them and assign them as one unit. R=ahaas@chromium.org, mtrofin@chromium.org BUG=v8:6474 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: I4f2a40d848a51dc6f6f599f9253c3c6ed6e51627 Reviewed-on: https://chromium-review.googlesource.com/530687 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#45859}
-
- 09 Jun, 2017 1 commit
-
-
Clemens Hammacher authored
This CL removes most occurences of "WASM" from outputs and comments in the code. They are replaced either by "WebAssembly" or (especially in comments) "wasm". These are the spellings officially proposed on http://webassembly.org/. R=ahaas@chromium.org BUG=v8:6474 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng Change-Id: Id39fa5e25591678263745a4eab266db546e65983 Reviewed-on: https://chromium-review.googlesource.com/529085Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#45824}
-
- 31 May, 2017 1 commit
-
-
Clemens Hammacher authored
Most prototype implementations are not fully supported in the interpreter. This is the case at least for exception handling, simd, and atomics. Any function can be redirected to the interpreter though, either by passing --wasm-interpret-all, or by dynamically redirecting to the interpreter for debugging. Making the flags experimental keeps the fuzzer from playing around with these flags. Drive-by: Refactor tests which explicitly set the prototype flag to use a new scope for that. R=ahaas@chromium.org BUG=chromium:727584 Change-Id: I67da79f579f1ac93c67189afef40c6524bdd4430 Reviewed-on: https://chromium-review.googlesource.com/519402 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#45639}
-
- 28 Apr, 2017 2 commits
-
-
Clemens Hammacher authored
This avoids generating redundant code for different template instantiations. I also introduce getters instead of accessing the fields directly. R=ahaas@chromium.org BUG=v8:6325 Change-Id: I3e0eca9ef6a01e0a3ebb73f4f357bcb59e120f43 Reviewed-on: https://chromium-review.googlesource.com/490166Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#44976}
-
Clemens Hammacher authored
This reduces the amount of special paths for testing. Setup the memory used for testing exactly the same way as in real world. Also, always connect the interpreter to the instance being executed, and to the existing WasmInstance struct. This keeps information synchronized between interpreter and test runner. These changes allow us to execute e.g. GrowMemory from cctests either in the interpreter or in compiled code. R=ahaas@chromium.org Change-Id: Id4726d061f3cdba789275350f500d769d27d2d63 Reviewed-on: https://chromium-review.googlesource.com/488561 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44966}
-
- 26 Apr, 2017 2 commits
-
-
Eric Holk authored
This reverts commit d7cdea6f. Reason for revert: Flakiness on bots Original change's description: > [wasm] Add guard pages before Wasm Memory > > Although Wasm memory indices are all unsigned, they sometimes get assembled > as 32-bit signed immediates. Values in the top half of the Wasm memory space > will then get sign extended, causing Wasm to access in front of its memory > buffer. > > Usually this region is not mapped anyway, so faults still happen as they are > supposed to. This change protects this region with guard pages so we are > guaranteed to always fault when this happens. > > Bug: v8:5277 > Change-Id: Id791fbe2a5ac1b1d75460e65c72b5b9db2a47ee7 > Reviewed-on: https://chromium-review.googlesource.com/484747 > Commit-Queue: Eric Holk <eholk@chromium.org> > Reviewed-by: Mircea Trofin <mtrofin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#44905} TBR=bradnelson@chromium.org,gdeepti@chromium.org,mtrofin@chromium.org,eholk@chromium.org,mseaborn@chromium.org,adamk@chromium.org,v8-reviews@googlegroups.com,wasm-v8@google.com NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Change-Id: Ia1d3e5dbf4f518815a9fd4197047077bc8e42816 Reviewed-on: https://chromium-review.googlesource.com/487828Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#44907}
-
Eric Holk authored
Although Wasm memory indices are all unsigned, they sometimes get assembled as 32-bit signed immediates. Values in the top half of the Wasm memory space will then get sign extended, causing Wasm to access in front of its memory buffer. Usually this region is not mapped anyway, so faults still happen as they are supposed to. This change protects this region with guard pages so we are guaranteed to always fault when this happens. Bug: v8:5277 Change-Id: Id791fbe2a5ac1b1d75460e65c72b5b9db2a47ee7 Reviewed-on: https://chromium-review.googlesource.com/484747 Commit-Queue: Eric Holk <eholk@chromium.org> Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Cr-Commit-Position: refs/heads/master@{#44905}
-
- 25 Apr, 2017 2 commits
-
-
Clemens Hammacher authored
This header file is only used from tests. Also, move the LoadStoreOpcodeOf method (only used in tests) from wasm-opcodes.h to wasm-macro-gen.h. R=ahaas@chromium.org Change-Id: I8d4691be494b5c1fbe3084441329850930bad647 Reviewed-on: https://chromium-review.googlesource.com/486861 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44845}
-
Clemens Hammacher authored
wasm-macro-gen.h is mainly used from tests, but LocalDeclEncoder is also used from various other places. This CL moves the LocalDeclEncoder to an own compilation unit. We want to later move wasm-macro-gen.h to the tests folder. It also refactors the LocalDeclEncoder to reuse the LEBHelper::write_u32v and LEBHelper::sizeof_u32v methods instead of reimplementing it. R=ahaas@chromium.org Change-Id: Ia4651436f0544578da7c1c43596d343571942e97 Reviewed-on: https://chromium-review.googlesource.com/486724Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#44838}
-
- 10 Apr, 2017 2 commits
-
-
Clemens Hammacher authored
- Store std::string instead of std::unique_ptr<char[]> for the error message. - Remove ErrorCode, which was just kSuccess and kError anyway. Error is now detected on whether error_msg_ is empty or not. - Refactor constructors for perfect forwarding; this will allow us to implement Result<std::unique_ptr<X*>>. - Refactor Decoder::toResult for perfect forwarding. - Remove output operators (operator<<) for Result; it was only used in the error case anyway. Print error message directly instead. The operator was problematic since it assumed the existence of an output operator for every T which is used in Result<T>. - Remove ModuleError and FunctionError, introduce general static Result<T>::Error method instead. R=ahaas@chromium.org Change-Id: I1e0f602a61ee9780fee2a3ed33147d431fb092ba Reviewed-on: https://chromium-review.googlesource.com/472748 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44518}
-
Andreas Haas authored
Instead of storing {start} and {error_pc} we now store the {error_offset}, which is anyways the only value we use. R=clemensh@chromium.org Change-Id: Ifd9791eff5c9efce2e7e2a1989bf3b5eaa464a02 Reviewed-on: https://chromium-review.googlesource.com/471527 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#44510}
-
- 07 Apr, 2017 1 commit
-
-
Clemens Hammacher authored
The format of the name section changed recently. It now contains subsections of different type (currently for function names or local variable names). This CL changes our internal wasm module builders (in JS and C++) to emit this new format, and changes the decoder to understand it. We currently only parse the function name section, and ignore names of local variables. I will later extend this to parse local variable names when needed for debugging. R=ahaas@chromium.org, rossberg@chromium.org BUG=v8:6222 Change-Id: I2627160c25c9209a3f09abe0b88941ec48b24434 Reviewed-on: https://chromium-review.googlesource.com/470247 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Rossberg <rossberg@chromium.org> Cr-Commit-Position: refs/heads/master@{#44492}
-
- 05 Apr, 2017 2 commits
-
-
Clemens Hammacher authored
Both methods decoded a LEB128 encoded integer, but only consume_leb incremented the pc pointer accordingly. This CL implements consume_leb by using checked_read_leb. It also refactors a few things: 1) It removes error_pt, which was only avaible in checked_read_leb. 2) It renames the error method to errorf, since it receives a format string. This also avoids a name clash. 3) It implements sign extension directly in checked_read_leb instead of doing this in the caller. R=ahaas@chromium.org BUG=v8:5822 Change-Id: I8058f57418493861e5df26d4949041f6766d5138 Reviewed-on: https://chromium-review.googlesource.com/467150 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44405}
-
mtrofin authored
Better demarcation between what's mutable because it is code- specialization specific, and what is provided at initialization. BUG= Review-Url: https://codereview.chromium.org/2784233004 Cr-Commit-Position: refs/heads/master@{#44395}
-
- 25 Mar, 2017 1 commit
-
-
kschimpf authored
Besides adding accessors get_origin() and set_origin(), it creates easier test accessors is_wasm() and is_asm_js(). This allows the possibility of caching boolean flags for is_wasm() and is_asm_js() without having to change any code except for the files containing the class definition for WasmModule. BUG= v8:6152 R=bbudge@chromium.org,mtrofin@chromium.org Review-Url: https://codereview.chromium.org/2771803005 Cr-Commit-Position: refs/heads/master@{#44130}
-
- 23 Mar, 2017 1 commit
-
-
Clemens Hammacher authored
This CL adds support for indirect function calls to the interpreter. It can indirectly call other wasm function in the same instance, which are then executed in the interpreter, or call imported functions. Implementing this required some refactoring: - The wasm interpreter now unwraps import wrappers on demand, instead of unwrapping all of them on instantiation and storing a vector of handles. This also avoids the DeferredHandleScope completely, instead we just store two global handles in the code map. - The interpreter gets the code table, function tables and signature tables directly from the attached wasm instance object. This ensures that the interpreter sees all updates to tables that might have been performed by external code. - There is now common functionality for calling a code object. This is used for direct calls to imported functions and for all indirect calls. As these code objects can also be wasm functions which should be executed in the interpreter itself, I introduce a struct to hold the outcome of calling the code object, or a pointer to InterpreterCode to be called in the interpreter. R=ahaas@chromium.org BUG=v8:5822 Change-Id: I20fb2ea007e79e5fcff9afb4b1ca31739ebcb83f Reviewed-on: https://chromium-review.googlesource.com/458417 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#44059}
-
- 17 Mar, 2017 2 commits
-
-
Michael Starzinger authored
This is a first stab at extending the existing early lowering approach to property access operations. Currently we only handle the case where named property loads are lowered to a soft deoptimize operation, due to insufficient type feedback. R=jarin@chromium.org Change-Id: I779ffb99978023237da5ad9eaf0241fe74243882 Reviewed-on: https://chromium-review.googlesource.com/456316 Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#43899}
-
Andreas Haas authored
Since TrapIf has been implemented on all platforms, there is no need anymore for the old WasmTrapHelper code. This CL also removes TrapIf-specific tests. R=titzer@chromium.org, clemensh@chromium.org Change-Id: Ic069598441b7bd63bde2e66f4e536abea5ecebe6 Reviewed-on: https://chromium-review.googlesource.com/452380 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#43887}
-
- 15 Mar, 2017 2 commits
-
-
gdeepti authored
- Added: Int32x4Mul, Int32x4Min, Int32x4Max, Int32x4Equal, Int32x4NotEqual Uint32x4Min, Uint32x4Max - Fix I32x4Splat R=bbudge@chromium.org, bradnelson@chromium.org, mtrofin@chromium.org Review-Url: https://codereview.chromium.org/2719953002 Cr-Commit-Position: refs/heads/master@{#43827}
-
Eric Holk authored
Change-Id: I47f0d5578a7c26aa7a30c97175eefc1a9c935d77 Reviewed-on: https://chromium-review.googlesource.com/455318 Commit-Queue: Eric Holk <eholk@chromium.org> Commit-Queue: Brad Nelson <bradnelson@chromium.org> Reviewed-by: Brad Nelson <bradnelson@chromium.org> Cr-Commit-Position: refs/heads/master@{#43808}
-
- 14 Mar, 2017 1 commit
-
-
Clemens Hammacher authored
This is a cleanup in preparation to implement calling imported functions via the wasm interpreter. For imported functions, we do not create entries in the interpreter_code_ vector any more. I also simplified the interface and removed unused or redundant return values. More things are now DCHECKed instead of bailing out. Also, we previously had two PushFrame methods: One is supposed to initialize the interpreter from external code (i.e. adds the first frame to the stack), the other one is used to push new frames on the frame stack for called functions. This CL renames the first to InitFrame, and makes it use the second one. The other remaining user is the DoCall method. R=titzer@chromium.org BUG=v8:5822 Change-Id: Id09ff1e3256428fbd8c955e4664507a0c3167e53 Reviewed-on: https://chromium-review.googlesource.com/453482 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#43793}
-
- 13 Mar, 2017 3 commits
-
-
eholk authored
This is basically the minimum viable signal handler for Wasm bounds checks. It includes the TLS check and the fine grained instructions checks. These two checks provide most of the safety for the signal handler. Future CLs will add code range and data range checks for more robustness. The trap handling code and data structures are all in src/trap-handler, with the code that actually runs in the signal handler confined to src/trap-handler/signal-handler.cc. This changes adds a new V8 API that the embedder should call from a signal handler that will give V8 the chance to handle the fault first. For hosts that do not want to implement their own signal handler, we include the option to install a simple one. This simple handler is also used for the tests. When a Wasm module is instantiated, information about each function is passed to the trap handler, which is used to classify faults. These are removed during the instance finalizer. Several future enhancements are planned before turning this on by default. Obviously, the additional checks will be added to MaybeHandleFault. We are also planning to add a two-level CodeObjectData table that is grouped by isolates to make cleanup easier and also reduce potential for contending on a single data structure. BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277 Review-Url: https://codereview.chromium.org/2371833007 Cr-Original-Original-Commit-Position: refs/heads/master@{#43523} Committed: https://chromium.googlesource.com/v8/v8/+/a5af7fe9ee388a636675f4a6872b1d34fa7d1a7a Review-Url: https://codereview.chromium.org/2371833007 Cr-Original-Commit-Position: refs/heads/master@{#43755} Committed: https://chromium.googlesource.com/v8/v8/+/338622d7cae787a63cece1f2e79a8b030023940b Review-Url: https://codereview.chromium.org/2371833007 Cr-Commit-Position: refs/heads/master@{#43759}
-
eholk authored
Revert of [wasm] Initial signal handler (patchset #60 id:1170001 of https://codereview.chromium.org/2371833007/ ) Reason for revert: ASAN breakage, such as https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/19111/steps/Check/logs/grow-memory Original issue's description: > [wasm] Initial signal handler > > This is basically the minimum viable signal handler for Wasm bounds checks. > It includes the TLS check and the fine grained instructions checks. These > two checks provide most of the safety for the signal handler. Future CLs will > add code range and data range checks for more robustness. > > The trap handling code and data structures are all in src/trap-handler, with > the code that actually runs in the signal handler confined to > src/trap-handler/signal-handler.cc. > > This changes adds a new V8 API that the embedder should call from a signal > handler that will give V8 the chance to handle the fault first. For hosts that > do not want to implement their own signal handler, we include the option to > install a simple one. This simple handler is also used for the tests. > > When a Wasm module is instantiated, information about each function is passed > to the trap handler, which is used to classify faults. These are removed during > the instance finalizer. > > Several future enhancements are planned before turning this on by default. > Obviously, the additional checks will be added to MaybeHandleFault. We are > also planning to add a two-level CodeObjectData table that is grouped by > isolates to make cleanup easier and also reduce potential for contending on > a single data structure. > > BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277 > > Review-Url: https://codereview.chromium.org/2371833007 > Cr-Original-Commit-Position: refs/heads/master@{#43523} > Committed: https://chromium.googlesource.com/v8/v8/+/a5af7fe9ee388a636675f4a6872b1d34fa7d1a7a > Review-Url: https://codereview.chromium.org/2371833007 > Cr-Commit-Position: refs/heads/master@{#43755} > Committed: https://chromium.googlesource.com/v8/v8/+/338622d7cae787a63cece1f2e79a8b030023940b TBR=ahaas@chromium.org,bradnelson@google.com,hpayer@chromium.org,jochen@chromium.org,mark@chromium.org,mseaborn@chromium.org,titzer@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277 Review-Url: https://codereview.chromium.org/2744383002 Cr-Commit-Position: refs/heads/master@{#43757}
-
eholk authored
This is basically the minimum viable signal handler for Wasm bounds checks. It includes the TLS check and the fine grained instructions checks. These two checks provide most of the safety for the signal handler. Future CLs will add code range and data range checks for more robustness. The trap handling code and data structures are all in src/trap-handler, with the code that actually runs in the signal handler confined to src/trap-handler/signal-handler.cc. This changes adds a new V8 API that the embedder should call from a signal handler that will give V8 the chance to handle the fault first. For hosts that do not want to implement their own signal handler, we include the option to install a simple one. This simple handler is also used for the tests. When a Wasm module is instantiated, information about each function is passed to the trap handler, which is used to classify faults. These are removed during the instance finalizer. Several future enhancements are planned before turning this on by default. Obviously, the additional checks will be added to MaybeHandleFault. We are also planning to add a two-level CodeObjectData table that is grouped by isolates to make cleanup easier and also reduce potential for contending on a single data structure. BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277 Review-Url: https://codereview.chromium.org/2371833007 Cr-Original-Commit-Position: refs/heads/master@{#43523} Committed: https://chromium.googlesource.com/v8/v8/+/a5af7fe9ee388a636675f4a6872b1d34fa7d1a7a Review-Url: https://codereview.chromium.org/2371833007 Cr-Commit-Position: refs/heads/master@{#43755}
-
- 07 Mar, 2017 1 commit
-
-
bjaideep authored
malloc(0) returning 0 is expected behavior on AIX but compiling with -D_LINUX_SOURCE_COMPAT, malloc(0) should return a valid pointer (which we do define for AIX). However, including cstdlib resets the behaviour of _LINUX_SOURCE_COMPAT. GCC bug: 79839 R=jochen@chromium.org, titzer@chromium.org BUG= LOG=N Review-Url: https://codereview.chromium.org/2732743002 Cr-Commit-Position: refs/heads/master@{#43647}
-
- 03 Mar, 2017 1 commit
-
-
clemensh authored
In lazy compilation, we only compile one function at a time, and we might not have the wire bytes of the whole module available. This CL prepares the WasmCompilationUnit for this setting. It will also be helpful for streaming compilation. Also, the ErrorThrower (which might heap-allocate) is not stored in the WasmCompilationUnit any more. Instead, it is passed to the FinishCompilation method which is allowed to heap-allocate. R=titzer@chromium.org, ahaas@chromium.org BUG=v8:5991 Review-Url: https://codereview.chromium.org/2726553003 Cr-Commit-Position: refs/heads/master@{#43573}
-
- 02 Mar, 2017 1 commit
-
-
clemensh authored
Most are minor performance optimizations that aggregated while implementing other changes. Those fixes will probably not be visible in perf graphs, but they bothered me anyway. R=titzer@chromium.org, ahaas@chromium.org Review-Url: https://codereview.chromium.org/2714373003 Cr-Commit-Position: refs/heads/master@{#43535}
-
- 01 Mar, 2017 2 commits
-
-
bmeurer authored
Revert of [wasm] Initial signal handler (patchset #56 id:1090001 of https://codereview.chromium.org/2371833007/ ) Reason for revert: Breaks tree, i.e. https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/18928/steps/Check/logs/grow-memory Original issue's description: > [wasm] Initial signal handler > > This is basically the minimum viable signal handler for Wasm bounds checks. > It includes the TLS check and the fine grained instructions checks. These > two checks provide most of the safety for the signal handler. Future CLs will > add code range and data range checks for more robustness. > > The trap handling code and data structures are all in src/trap-handler, with > the code that actually runs in the signal handler confined to > src/trap-handler/signal-handler.cc. > > This changes adds a new V8 API that the embedder should call from a signal > handler that will give V8 the chance to handle the fault first. For hosts that > do not want to implement their own signal handler, we include the option to > install a simple one. This simple handler is also used for the tests. > > When a Wasm module is instantiated, information about each function is passed > to the trap handler, which is used to classify faults. These are removed during > the instance finalizer. > > Several future enhancements are planned before turning this on by default. > Obviously, the additional checks will be added to MaybeHandleFault. We are > also planning to add a two-level CodeObjectData table that is grouped by > isolates to make cleanup easier and also reduce potential for contending on > a single data structure. > > BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277 > > Review-Url: https://codereview.chromium.org/2371833007 > Cr-Commit-Position: refs/heads/master@{#43523} > Committed: https://chromium.googlesource.com/v8/v8/+/a5af7fe9ee388a636675f4a6872b1d34fa7d1a7a TBR=ahaas@chromium.org,bradnelson@google.com,hpayer@chromium.org,jochen@chromium.org,mark@chromium.org,mseaborn@chromium.org,titzer@chromium.org,eholk@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277 Review-Url: https://codereview.chromium.org/2723133003 Cr-Commit-Position: refs/heads/master@{#43525}
-
eholk authored
This is basically the minimum viable signal handler for Wasm bounds checks. It includes the TLS check and the fine grained instructions checks. These two checks provide most of the safety for the signal handler. Future CLs will add code range and data range checks for more robustness. The trap handling code and data structures are all in src/trap-handler, with the code that actually runs in the signal handler confined to src/trap-handler/signal-handler.cc. This changes adds a new V8 API that the embedder should call from a signal handler that will give V8 the chance to handle the fault first. For hosts that do not want to implement their own signal handler, we include the option to install a simple one. This simple handler is also used for the tests. When a Wasm module is instantiated, information about each function is passed to the trap handler, which is used to classify faults. These are removed during the instance finalizer. Several future enhancements are planned before turning this on by default. Obviously, the additional checks will be added to MaybeHandleFault. We are also planning to add a two-level CodeObjectData table that is grouped by isolates to make cleanup easier and also reduce potential for contending on a single data structure. BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277 Review-Url: https://codereview.chromium.org/2371833007 Cr-Commit-Position: refs/heads/master@{#43523}
-
- 21 Feb, 2017 2 commits
-
-
clemensh authored
Test the wasm interpreter entry stub by creating two wasm functions A and B, make A pass arguments to B, then redirect B to be executed in the interpreter. Test different number and types or arguments. BUG=v8:5822 R=titzer@chromium.org Review-Url: https://codereview.chromium.org/2651793003 Cr-Commit-Position: refs/heads/master@{#43353}
-
mtrofin authored
Native resources allocated by v8, as internal implementation detail, and held by a Foreign object, must be released when the Isolate is torn down. Example: wasm::WasmModule allocated by wasm compile, and held throughout the lifetime of the WebAssembly.Module object. This change: - Extends Managed<CppType> with a mechanism for doing just that - Separates the role of Managed<CppType> to be strictly an owner of the lifetime of the native resource. For cases where that's not desirable, we can polymorphically use Foregin. - moves managed.h out of wasm, since it's not wasm-specific. BUG=680065 Review-Url: https://codereview.chromium.org/2676513008 Cr-Commit-Position: refs/heads/master@{#43350}
-
- 10 Feb, 2017 1 commit
-
-
ahaas authored
The use of setjmp/longjmp makes the cctests in test-run-wasm and test-run-wasm-64 flaky on Windows, and I think that it is better not to use it. With this CL I replace it as follows: Similar to the setjmp/longjmp implementation we still call a C function when a trap happens. However, instead of calling longjmp in this C function we just set a flag which indicates that a trap happened and then return. After we return from the C function we leave the frame of the current wasm function and return with a RET instruction. At the end of a test the wasm test runner checks the flag to see if a trap happened. Please take a special look at the LeaveFrame function on arm64. R=titzer@chromium.org, clemensh@chromium.org, v8-arm-ports@googlegroups.com CC=jarin@chromium.org Review-Url: https://codereview.chromium.org/2685583003 Cr-Commit-Position: refs/heads/master@{#43095}
-
- 01 Feb, 2017 1 commit
-
-
ahaas authored
I removed some constant folding optimizations for float instruction in https://codereview.chromium.org/2647353007 because they were incorrect if the input was a signalling NaN. Removing these optimizations, however had an unexpectedly big impact on asm.js performance. With this CL I restore the optimizations again when the source origin is not wasm. In JavaScript signalling NaNs are not observable and therefore the optimizations are correct. R=titzer@chromium.org BUG=chromium:686654 Review-Url: https://codereview.chromium.org/2666903002 Cr-Commit-Position: refs/heads/master@{#42850}
-
- 26 Jan, 2017 1 commit
-
-
ahaas authored
This CL turns on trap-if by default, and it changes the tests so that traps in the cctests are also tested without trap-if. R=titzer@chromium.org, clemensh@chromium.org, bradnelson@chromium.org Review-Url: https://codereview.chromium.org/2647323002 Cr-Original-Commit-Position: refs/heads/master@{#42603} Committed: https://chromium.googlesource.com/v8/v8/+/01c87ebe70fb569205432597f3105c708bba0fef Review-Url: https://codereview.chromium.org/2647323002 Cr-Commit-Position: refs/heads/master@{#42688}
-
- 23 Jan, 2017 2 commits
-
-
clemensh authored
Revert of [wasm] Turn on trap-if by default. (patchset #1 id:1 of https://codereview.chromium.org/2647323002/ ) Reason for revert: gc-stress failures Original issue's description: > [wasm] Turn on trap-if by default. > > This CL turns on trap-if by default, and it changes the tests so that > traps in the cctests are also tested without trap-if. > > R=titzer@chromium.org, clemensh@chromium.org, bradnelson@chromium.org > > Review-Url: https://codereview.chromium.org/2647323002 > Cr-Commit-Position: refs/heads/master@{#42603} > Committed: https://chromium.googlesource.com/v8/v8/+/01c87ebe70fb569205432597f3105c708bba0fef TBR=bradnelson@chromium.org,titzer@chromium.org,ahaas@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review-Url: https://codereview.chromium.org/2645403005 Cr-Commit-Position: refs/heads/master@{#42604}
-
ahaas authored
This CL turns on trap-if by default, and it changes the tests so that traps in the cctests are also tested without trap-if. R=titzer@chromium.org, clemensh@chromium.org, bradnelson@chromium.org Review-Url: https://codereview.chromium.org/2647323002 Cr-Commit-Position: refs/heads/master@{#42603}
-
- 20 Jan, 2017 1 commit
-
-
clemensh authored
Test that setting breakpoints works for wasm, and that they are hit correctly. This basically tests all the layers involved: Compiling and running wasm interpreter entries, passing arguments to the interpreter, storing break point infos in wasm objects, getting the right BreakLocation from wasm frames, and getting stack information from interpreted frames. BUG=v8:5822 R=titzer@chromium.org, yangguo@chromium.org Review-Url: https://codereview.chromium.org/2629883002 Cr-Commit-Position: refs/heads/master@{#42560}
-
- 18 Jan, 2017 1 commit
-
-
rossberg authored
Makes us pass the spec's memory.wast test. R=titzer@chromium.org BUG= Review-Url: https://codereview.chromium.org/2640453003 Cr-Commit-Position: refs/heads/master@{#42452}
-
- 15 Jan, 2017 1 commit
-
-
titzer authored
R=rossberg@chromium.org BUG=chromium:575167 Review-Url: https://codereview.chromium.org/2630553002 Cr-Original-Original-Commit-Position: refs/heads/master@{#42286} Committed: https://chromium.googlesource.com/v8/v8/+/fcc6e85ec6b01e5367795f98aff104b1ff23f619 Review-Url: https://codereview.chromium.org/2630553002 Cr-Original-Commit-Position: refs/heads/master@{#42315} Committed: https://chromium.googlesource.com/v8/v8/+/74a2f9b7d3c3d9a9284ab8d5a9d08618b8194966 Review-Url: https://codereview.chromium.org/2630553002 Cr-Commit-Position: refs/heads/master@{#42350}
-