- 13 Aug, 2021 1 commit
-
-
Rakhim Khismet authored
We add multiple tables to the fuzzed module. We only can use externref or function references for tables. Bug: v8:11954 Change-Id: Ibb7b34203169a3ca97514b87273fa4ea0f6ca99a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3093145 Commit-Queue: Rakhim Khismet <khismet@google.com> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#76288}
-
- 06 Aug, 2021 1 commit
-
-
Rakhim Khismet authored
We add support for struct and arraytypes in wasm-fuzzer-common. Also, we add addStruct and addArray while generating tests. Other OptRef types like eqref/anyref have been supported. Adding struct and arraytypes in wasm-compile has been placed at the beginning in order to generate them in addSignature. Bug: v8:11954 Change-Id: Ibe468dd4df70ad40367196c88353b28b7654f086 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074463Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Commit-Queue: Rakhim Khismet <khismet@google.com> Cr-Commit-Position: refs/heads/master@{#76137}
-
- 05 Aug, 2021 1 commit
-
-
Thibaud Michaud authored
Generate the test case before compilation, so that we can generate it even if compilation crashes. We can only do this when require_valid is true. Otherwise the test case depends on whether the module compiles or not. R=ahaas@chromium.org CC=khismet@google.com Bug: v8:11954 Change-Id: I944e867cc7ca631bff749bd67c4b8baff1df1fa9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074476Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#76123}
-
- 04 Aug, 2021 1 commit
-
-
Clemens Backes authored
The number of arguments for the LiftoffCompiler has grown significantly since its initial implementation, and it becomes hard to keep track of all options at the call sites. This CL refactors all optional parameters into a {LiftoffOptions} struct which has a factory-like interface. This will allow us to add more options in the future, e.g. for dynamic tiering. R=thibaudm@chromium.org Change-Id: I66697bb2f99b676a84c158304cc3a285e1b077d0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3069148 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#76098}
-
- 19 Jul, 2021 1 commit
-
-
Rakhim Khismet authored
We add a struct type and array type to the fuzzed module. Since the interpreter does not support wasm-gc, we only do so if liftoff is used as a reference implementation. Also, adding liftoff parameter to all GenerateModule definitions. Bug: v8:11954 Change-Id: Ia8d2d7a8e1e12d375605f15d1393dd64f426607d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024160Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Rakhim Khismet <khismet@google.com> Cr-Commit-Position: refs/heads/master@{#75782}
-
- 12 Jul, 2021 1 commit
-
-
Thibaud Michaud authored
Instantiation was inside a DCHECK and therefore did not happen in non-debug modes. Turn the DCHECK into a CHECK. R=clemensb@chromium.org Bug: chromium:1227685 Change-Id: I13240109326a2c94576f6651963543187d96ad3e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3017806Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#75673}
-
- 09 Jul, 2021 1 commit
-
-
Thibaud Michaud authored
Reset the instance before the test run, to ensure it runs with the same initial state as the reference run. R=clemensb@chromium.org Bug: chromium:1227591 Change-Id: Ie78b4b84e3df37ab8955c240f1d41e2f5e89a5de Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3015572Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#75658}
-
- 08 Jul, 2021 1 commit
-
-
Thibaud Michaud authored
Add an option to use Liftoff instead of the interpreter as the reference tier for fuzzing. The tier to use is chosen based on the input data before generating the module. This way, the module can use features depending on what is available in the reference tier, and we still get a chance to find correctness issues that would only be detected by the interpreter. R=clemensb@chromium.org Bug: v8:11856 Change-Id: I2e9878345355a37caec5fdb338dda42a84e8e63a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008645 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#75633}
-
- 05 Jul, 2021 1 commit
-
-
Clemens Backes authored
The number of arguments and their values were generated and passed by the individual fuzzers, but were unused by the caller. Instead, default arguments are generated in {MakeDefaultInterpreterArguments} and {MakeDefaultArguments}. Thus this CL removes the dead parameters and assignments. R=ahaas@chromium.org Change-Id: I5ca5b06a0848c2a89e70ed739f44bc2161fcb2bb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3003464 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#75560}
-
- 01 Jul, 2021 1 commit
-
-
Manos Koukoutos authored
Changes: - Use a lightweight WasmElemSegment::Entry struct to store element segment entries in a WasmModule. - Also, restructure LoadElemSegmentImpl to handle all types of global.get entries correctly. - Simplify InitializeIndirectFunctionTables and make it handle all types of entries correctly. - In the above two cases, reject WasmJSFunctions for now. Bug: v8:11895 Change-Id: Ie714f8c7f1af8959486138d2ad49bc622a89276d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2991248 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#75513}
-
- 30 Jun, 2021 3 commits
-
-
Manos Koukoutos authored
This is a reland of 071a1acf Changes compared to original: Expect SIMD test to fail if SIMD is not supported. Original change's description: > [wasm] Refactor initializer expression handling > > Design doc: https://bit.ly/3xPxWUe > > This CL introduces two main changes: > - Initializer expressions are now decoded by WasmFullDecoder. With > wasm-gc, initializer expressions are no longer just constants, and > require complex decoding (including stack tracking). This resulted in > extensive code duplication. > - Initializer expressions are not stored explicitly by module-decoder as > an AST (WasmInitExpr), but rather as a WireBytesRef, and are decoded > again during module instantiation. This should reduce memory > consumption for globals and other module elements with initializer > expressions (which has been observed in the 40MB range in some > real-world benchmarks. > > Summary of changes: > - Add a static parameter {kFunctionBody, kInitExpression} to the > WasmDecoder. Use it to specialize validation to function bodies/init. > expressions. > - Introduce a new Interface for the WasmFullDecoder for init. > expressions. > - Differentiate between constant and non-constant opcodes in > WasmFullDecoder. > - Change representation of init. expressions in WasmModule to > WireBytesRef. > - Reimplement EvaluateInitExpression in module-instantiate to re-decode > initializer expressions. > - Remove some now-invalid module decoder tests. > > Pending changes: > - Also refactor initializer expressions for element segment entries. > - Reintroduce deleted tests. > > Bug: v8:11895 > Change-Id: I76512bfe1386c8338667d30fa6db93880a1e4b42 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972910 > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75476} Bug: v8:11895 Change-Id: I2dface5ff28d5a2d439a65d3e5cb83135c061bb9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2997722 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#75492}
-
Clemens Backes authored
This reverts commit 071a1acf. Reason for revert: Breaks on nosse: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux/42795/overview Original change's description: > [wasm] Refactor initializer expression handling > > Design doc: https://bit.ly/3xPxWUe > > This CL introduces two main changes: > - Initializer expressions are now decoded by WasmFullDecoder. With > wasm-gc, initializer expressions are no longer just constants, and > require complex decoding (including stack tracking). This resulted in > extensive code duplication. > - Initializer expressions are not stored explicitly by module-decoder as > an AST (WasmInitExpr), but rather as a WireBytesRef, and are decoded > again during module instantiation. This should reduce memory > consumption for globals and other module elements with initializer > expressions (which has been observed in the 40MB range in some > real-world benchmarks. > > Summary of changes: > - Add a static parameter {kFunctionBody, kInitExpression} to the > WasmDecoder. Use it to specialize validation to function bodies/init. > expressions. > - Introduce a new Interface for the WasmFullDecoder for init. > expressions. > - Differentiate between constant and non-constant opcodes in > WasmFullDecoder. > - Change representation of init. expressions in WasmModule to > WireBytesRef. > - Reimplement EvaluateInitExpression in module-instantiate to re-decode > initializer expressions. > - Remove some now-invalid module decoder tests. > > Pending changes: > - Also refactor initializer expressions for element segment entries. > - Reintroduce deleted tests. > > Bug: v8:11895 > Change-Id: I76512bfe1386c8338667d30fa6db93880a1e4b42 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972910 > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75476} Bug: v8:11895 Change-Id: I9fcfdedad73ef21beb9632f50305b8e678a2dff6 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2997582 Auto-Submit: Clemens Backes <clemensb@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#75484}
-
Manos Koukoutos authored
Design doc: https://bit.ly/3xPxWUe This CL introduces two main changes: - Initializer expressions are now decoded by WasmFullDecoder. With wasm-gc, initializer expressions are no longer just constants, and require complex decoding (including stack tracking). This resulted in extensive code duplication. - Initializer expressions are not stored explicitly by module-decoder as an AST (WasmInitExpr), but rather as a WireBytesRef, and are decoded again during module instantiation. This should reduce memory consumption for globals and other module elements with initializer expressions (which has been observed in the 40MB range in some real-world benchmarks. Summary of changes: - Add a static parameter {kFunctionBody, kInitExpression} to the WasmDecoder. Use it to specialize validation to function bodies/init. expressions. - Introduce a new Interface for the WasmFullDecoder for init. expressions. - Differentiate between constant and non-constant opcodes in WasmFullDecoder. - Change representation of init. expressions in WasmModule to WireBytesRef. - Reimplement EvaluateInitExpression in module-instantiate to re-decode initializer expressions. - Remove some now-invalid module decoder tests. Pending changes: - Also refactor initializer expressions for element segment entries. - Reintroduce deleted tests. Bug: v8:11895 Change-Id: I76512bfe1386c8338667d30fa6db93880a1e4b42 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972910Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#75476}
-
- 21 Jun, 2021 1 commit
-
-
Clemens Backes authored
The WasmEngine is shared across the whole process, so there is no need to store it in every Isolate. Instead, we can just get it from everywhere on any thread using {wasm::GetWasmEngine()}, which is a simple read of a global. R=jkummerow@chromium.org Bug: v8:11879 Change-Id: I13afb8ca3d116aa14bfaec5a4bbd6d71faa9aa17 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2969825Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#75265}
-
- 18 Jun, 2021 1 commit
-
-
Dan Elphick authored
The adding of base:: was mostly prepared using git grep and sed: git grep -l <pattern> | grep -v base/vector.h | \ xargs sed -i 's/\b<pattern>\b/base::<pattern>/ with lots of manual clean-ups due to the resulting v8::internal::base::Vectors. #includes were fixed using: git grep -l "src/utils/vector.h" | \ axargs sed -i 's!src/utils/vector.h!src/base/vector.h!' Bug: v8:11879 Change-Id: I3e6d622987fee4478089c40539724c19735bd625 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968412Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#75243}
-
- 14 Jun, 2021 1 commit
-
-
Manos Koukoutos authored
Bug: v8:7748 Change-Id: I3fa510b4dc35d3f58532ecbbeecd79d2826ff667 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2951722 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#75115}
-
- 08 Jun, 2021 1 commit
-
-
Manos Koukoutos authored
Changes: - Add struct.new_with_rtt as a new WasmInitExpr. Parse it in consume_init_expr(). Add it to InstanceBuilder::EvaluateInitExpression(). - Change WasmInitExpr::operand_ to vector operands_. - In consume_init_expr(), use parsed over hard-coded opcode length. - Improve WasmStruct::WasmStructPrint slightly. - Add Factory::NewWasmStruct(). - Add WasmValue::CopyToWithSystemEndianness. - In wasm-module-builder.js, generalize emit_init_expr for expressions with operands. Add missing init. expression types. - Add tests. Bug: v8:7748 Change-Id: Ica12378d202730aff1b57c7d4240aa00ef124f8e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2940893 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#75006}
-
- 02 Jun, 2021 1 commit
-
-
Jakob Kummerow authored
This instruction is a non-standard V8-only experiment for now, hidden behind the --experimental-wasm-gc-experiments flag. The motivation is to provide a way to set up non-canonicalized RTT hierarchies, to enable expressing the type system of Java-like languages in terms of WasmGC constructs. Bug: v8:7748 Change-Id: Idf1c18e9944c983f40f1e01b2032ee5fdc2fd81b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2930478Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#74920}
-
- 19 May, 2021 1 commit
-
-
Manos Koukoutos authored
Recent changes in wasm-module-builder.js were not translated to the fuzzer JS output. After this CL, the fuzzer should generate .js files that output back the fuzzed module. Change-Id: I8bc33ab7f4f838a519c7aa47e425d8ac65b88d45 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2904217 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#74659}
-
- 07 Apr, 2021 1 commit
-
-
Thibaud Michaud authored
Add a flag similar to the tiering mask to choose between regular baseline code or debug code in Liftoff. R=clemensb@chromium.org Bug: chromium:1183774 Change-Id: I0e87154e2e1cd57679ce0c57bb1e075a97691248 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807603Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#73833}
-
- 23 Mar, 2021 1 commit
-
-
Andreas Haas authored
Origin trials allow webpages to use experimental features even though the features are not yet enabled by default. These features will then get enabled per execution context: it is possible that the feature is enabled in one execution context but disabled in another execution context. In V8 we check for origin trials by calling a callback provided by the embedder that takes the context as a parameter and returns whether a feature is enabled in this context or not. This approach fails when a feature changes the context itself, e.g. by extending the global object. In that case the context is not available yet to check for the origin trial. To solve the problem this CL adds a new API function that can be called by the embedder to notify V8 that context with the origin trial information is finished. After that V8 can read the origin trial information from the context and extend e.g. the global object with the origin trial features. Additionally to the API this CL also adds code to enable the WebAssembly.Exception constructor conditionally, depending on whether it has been enabled by an origin trial or not. The Blink-side change: https://crrev.com/c/2775573 R=ulan@chromium.org, jkummerow@chromium.org Change-Id: Ic05c4a89eb3e0e31469e49da8767d630c43b2e00 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773287Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#73597}
-
- 22 Feb, 2021 1 commit
-
-
Clemens Backes authored
Backends do not care about the concrete type, they only need to know the "kind" (e.g. "ref" or "i32"). In order to prepare Liftoff to use the value kind instead of the value type for all stored data, this CL moves the kind out of the ValueType and makes it a top-level enum. R=manoskouk@chromium.org Bug: v8:11477 Change-Id: I489d6c5207e6ff1b66e2afbe78a156d66df27eb3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2707169 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#72896}
-
- 15 Jan, 2021 1 commit
-
-
Thibaud Michaud authored
Exception ref is not part of the latest exception handling proposal. Remove the corresponding value type, the type opcode and some obsolete tests. R=clemensb@chromium.org Bug: v8:8091 Change-Id: I5e068ba3426f4b56b90ef056193acdd8cc8fe7d7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2632599Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#72116}
-
- 02 Dec, 2020 1 commit
-
-
Manos Koukoutos authored
read_heap_type did not have knowledge of the module for which the heap type was being decoded. As a result, callers of read_heap_type (or read_value_type, which in turn calls read_heap_type) had to check after the fact that a decoded indexed type (ref, ref null, or rtt) references a type index within the module's bounds. This was not done consistently, and was missing (at least) in DecodeLocals. To avoid such problems in the future, this CL refactors read_heap_type to accept a module and check the decoded index against it. Changes: - Add WasmModule argument to read_heap_type. Do so accordingly to all its transitive callers (read_value_type, immediate arguments, DecodeLocalDecls, DecodeValue/HeapType in unittests). - Add index check to read_heap_type and emit an error for an out-of-bounds index. - Remove all other now-redundant index validations. Replace them with decoder->ok() if needed (since read_heap_type will now emit an error). - Fix error message in Validate for BlockTypeImmediate. - In DecodeLocalDecls in unittests, pass an empty module to DecodeLocalDecls in the main code. - Add a unit test with an invalid index in local type declarations. Bug: v8:9495 Change-Id: I4ed1204847db80f78b6ae85fa40d300cd2456295 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2569757Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#71572}
-
- 19 Nov, 2020 1 commit
-
-
Manos Koukoutos authored
Bug: v8:7748 Change-Id: I5d0cc06fafbe7fc05549a4b8fd7f602eaf838bba Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526382 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#71283}
-
- 05 Oct, 2020 1 commit
-
-
Clemens Backes authored
Fuzzers are executed in their own process, so instead of resetting flags after execution, we can just keep the flag values. This CL introduces a shared function to enable all staged features, without ever resetting the value. This fixes a data race. R=ahaas@chromium.org Bug: v8:10979 Change-Id: I82ea35b887841850edd8b394a3644cf8df1e3bf8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2449969 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#70320}
-
- 21 Sep, 2020 2 commits
-
-
Ng Zhi An authored
Instantiating a module that contains a function (exported) with a v128 in its signature is fine, but then later calling it will trap. So v128 values are technically not callable from JS, but we can give it a default argument of 0, and will later trap anyway. This is useful when fuzzers generate functions with v128 in the signature of the main function that we then later try to call. Bug: chromium:1129068 Change-Id: I93f239a0355b8059e25b8bd5f1274d151d71ee11 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2419657 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70038}
-
Clemens Backes authored
Remove the hack introduced in https://crrev.com/c/2412176, use the existing {ValueTypeToConstantName} function instead. R=ahaas@chromium.org Bug: chromium:1127717 Change-Id: I4ac50346825d7b00ea8dadccd7798a273ae84499 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2421568Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#70028}
-
- 15 Sep, 2020 1 commit
-
-
Clemens Backes authored
The API in the wasm module builder changed recently (https://crrev.com/c/2390144). The fuzzer was still emitting code for the old API. This CL fixes this for primitive types, and adds a TODO to implement heap types when needed. R=ahaas@chromium.org CC=manoskouk@chromium.org Bug: chromium:1127717 Change-Id: I514b6e53d0492e5706a5b06d24026da13c3a2165 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2412176Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69921}
-
- 10 Sep, 2020 1 commit
-
-
Ng Zhi An authored
This reverts commit e8976cf9. Reason for revert: Mark f32x4_cmp as fail, lowering is not fully implemented yet. Original change's description: > Revert "[wasm-simd] Stage SIMD" > > This reverts commit 1d2726dd. > > Reason for revert: ODROID failure: https://ci.chromium.org/p/v8/builders/ci/V8%20Arm%20-%20debug/15814? > > Original change's description: > > [wasm-simd] Stage SIMD > > > > SIMD has been pretty stable for a while now, we are not expecting big > > changes (like opcode renumbers), there might be new instructions added, > > and they will all be backwards-compatible. > > > > The reference interpreter in the SIMD proposal is now capable of > > generating JS files for all test cases, so we can now run them. > > > > There is a bit of tweaking necessary, since SIMD tests are in > > tests/core/simd subfolder in the spec, so we need to change the glob > > into a find that will traverse into subdirectory. > > > > Bug: v8:10835 > > Change-Id: I1f7e3cf37f21b2aa2537d1e34242da2373bbf626 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2378587 > > Commit-Queue: Zhi An Ng <zhin@chromium.org> > > Reviewed-by: Andreas Haas <ahaas@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#69793} > > TBR=bbudge@chromium.org,ahaas@chromium.org,zhin@chromium.org > > Change-Id: I3a90c616109ca048691d97ab45698bc15a678e18 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Bug: v8:10835 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2402379 > Reviewed-by: Shu-yu Guo <syg@chromium.org> > Commit-Queue: Shu-yu Guo <syg@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69794} TBR=bbudge@chromium.org,ahaas@chromium.org,zhin@chromium.org,syg@chromium.org # Not skipping CQ checks because this is a reland. Bug: v8:10835 Change-Id: I3d87dd2adba6ada2ec3ebf5e13bff378a74b03e8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2402386Reviewed-by: Zhi An Ng <zhin@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#69817}
-
- 09 Sep, 2020 2 commits
-
-
Shu-yu Guo authored
This reverts commit 1d2726dd. Reason for revert: ODROID failure: https://ci.chromium.org/p/v8/builders/ci/V8%20Arm%20-%20debug/15814? Original change's description: > [wasm-simd] Stage SIMD > > SIMD has been pretty stable for a while now, we are not expecting big > changes (like opcode renumbers), there might be new instructions added, > and they will all be backwards-compatible. > > The reference interpreter in the SIMD proposal is now capable of > generating JS files for all test cases, so we can now run them. > > There is a bit of tweaking necessary, since SIMD tests are in > tests/core/simd subfolder in the spec, so we need to change the glob > into a find that will traverse into subdirectory. > > Bug: v8:10835 > Change-Id: I1f7e3cf37f21b2aa2537d1e34242da2373bbf626 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2378587 > Commit-Queue: Zhi An Ng <zhin@chromium.org> > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69793} TBR=bbudge@chromium.org,ahaas@chromium.org,zhin@chromium.org Change-Id: I3a90c616109ca048691d97ab45698bc15a678e18 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10835 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2402379Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#69794}
-
Ng Zhi An authored
SIMD has been pretty stable for a while now, we are not expecting big changes (like opcode renumbers), there might be new instructions added, and they will all be backwards-compatible. The reference interpreter in the SIMD proposal is now capable of generating JS files for all test cases, so we can now run them. There is a bit of tweaking necessary, since SIMD tests are in tests/core/simd subfolder in the spec, so we need to change the glob into a find that will traverse into subdirectory. Bug: v8:10835 Change-Id: I1f7e3cf37f21b2aa2537d1e34242da2373bbf626 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2378587 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#69793}
-
- 01 Sep, 2020 1 commit
-
-
Andreas Haas authored
The fuzzer function is called multiple times with libfuzzer. Trap handlers, however, should only be initialized once. With this CL we add a flag to initialize trap handlers only once. R=clemensb@chromium.org Bug: chromium:1122590 Change-Id: Ib51a50cfe9dad5e3133de3085ad147f5a069b1bd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2384769 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69643}
-
- 26 Aug, 2020 2 commits
-
-
Ng Zhi An authored
Now that 86 has branched, we can move bitmask into the SIMD MVP, it will not affect the current OT. (We want any OT extension to include bitmask.) Bitmask was accepted into the proposal in https://github.com/WebAssembly/simd/pull/201. Bug: v8:10308 Change-Id: Ib61190fcea2bfc0ce7bf733086e1a81388216a59 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2378290Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#69577}
-
Clemens Backes authored
The fuzzers were calling the compiled function without passing explicit arguments. Thus all arguments were converted from the "undefined" value, which typically results in a zero value, as expected. For BigInt though, it's not allowed to pass "undefined". We have to pass a proper BigInt. This CL implements this by passing explicit parameter values for all parameters. This effectively unlocks testing BigInt parameters in all fuzzers, thus may increase coverage and find new bugs. R=ahaas@chromium.org Bug: chromium:1120355 Change-Id: I4e451d2418eb73d460fa937d1cf95a1ab6c99cf5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2377945 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#69570}
-
- 20 Aug, 2020 1 commit
-
-
Andreas Haas authored
On x64, trap handlers are enabled as part of the default configuration. However, each embedder has to enable trap handlers explicitly, and in the wasm fuzzers, trap handlers were not enabled. This CL enables trap handlers now in all wasm fuzzers. Drive-by change: enable all staged wasm features in the wasm-async fuzzer. R=clemensb@chromium.org Change-Id: Ib7c2addb092551b5554a2b74830e5b67db077909 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362957 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69500}
-
- 18 Aug, 2020 1 commit
-
-
Clemens Backes authored
This is a reland of 899cb348. The new fuzzer regression test is skipped in jitless. Original change's description: > [wasm][fuzzer] Fix exception detection > > Exceptions were detected by checking for a pending exception on the > isolate, but {CallWasmFunctionForTesting} was clearing any pending > exception before returning. > This CL fixes that by explicitly passing back a boolean which is set if > an exception occurred during execution. > > R=ahaas@chromium.org > > Bug: chromium:1115280 > Change-Id: Ife71ceef0751d18e0870335b9520c2bf77e351cc > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352787 > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69404} Bug: chromium:1115280 Change-Id: I9bb7300d423c53214e51e61233b0a6b09a21fd97 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2361464Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69446}
-
- 17 Aug, 2020 1 commit
-
-
Emanuel Ziegler authored
Add an event for recording metrics related to decoding Wasm modules. R=clemensb@chromium.org Bug: chromium:1092417 Change-Id: Id60560d8eb8c14edb5b863857b18c1c82f48e7e7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2351672 Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69425}
-
- 14 Aug, 2020 2 commits
-
-
Bill Budge authored
This reverts commit 899cb348. Reason for revert: Added regression test fails on Arm Sim: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/11584 Original change's description: > [wasm][fuzzer] Fix exception detection > > Exceptions were detected by checking for a pending exception on the > isolate, but {CallWasmFunctionForTesting} was clearing any pending > exception before returning. > This CL fixes that by explicitly passing back a boolean which is set if > an exception occurred during execution. > > R=ahaas@chromium.org > > Bug: chromium:1115280 > Change-Id: Ife71ceef0751d18e0870335b9520c2bf77e351cc > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352787 > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Commit-Queue: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#69404} TBR=ahaas@chromium.org,clemensb@chromium.org Change-Id: I1d3c0e57df7ec25b09f2037c31c9b30eb0866548 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1115280 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2357189Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#69405}
-
Clemens Backes authored
Exceptions were detected by checking for a pending exception on the isolate, but {CallWasmFunctionForTesting} was clearing any pending exception before returning. This CL fixes that by explicitly passing back a boolean which is set if an exception occurred during execution. R=ahaas@chromium.org Bug: chromium:1115280 Change-Id: Ife71ceef0751d18e0870335b9520c2bf77e351cc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352787Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#69404}
-