This timer is disabled since the switch to the new validator.
This CL brings it back.

R=mstarzinger@chromium.org

Change-Id: Ie454af72205564d6fec05dd4b7b44c1e3d0c37d6
Reviewed-on: https://chromium-review.googlesource.com/505610Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45300}

This makes sure that the evaluation result of the first expression in
for-statements is properly dropped, to leave the stack in a balanced
state after the statement. It also makes sure validation failures in
said expression are handled correctly.

R=clemensh@chromium.org
TEST=mjsunit/regress/regress-crbug-721835
BUG=chromium:721835

Change-Id: I7e6cff4cea0bbf5aad6a3459e27a08ea814dbdbe
Reviewed-on: https://chromium-review.googlesource.com/506148
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45299}

R=clemensh@chromium.org

Change-Id: I616a972283cc85ccaf63c46d0cc11ccbb7563a46
Reviewed-on: https://chromium-review.googlesource.com/504527Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45289}

This makes sure that the order of exports as they appear in asm.js
modules is maintained globally (not just per function) while being
translated to a WASM module.

R=clemensh@chromium.org
TEST=mjsunit/asm/asm-validation
BUG=chromium:720586

Change-Id: I8b26d717ae2f88467d41670bced901f196c7b3fc
Reviewed-on: https://chromium-review.googlesource.com/503708
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45277}

This makes sure that function variables as well as function table
variables are properly typed as immutable, hence assignments to them
should cause validation failures.

R=clemensh@chromium.org
TEST=mjsunit/asm/immutable
BUG=chromium:721271

Change-Id: Ia3f65fd0782ca571ffcf99520fdbd8fc5a359d16
Reviewed-on: https://chromium-review.googlesource.com/503209Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45256}

This makes sure that the checking of stdlib values during module
instantiation is non-observable. It is needed to prevent observable
double evaluation of the involved property loads in case of failures
during instantiation and also fixes some issues with exceptions
happening during property loads.

R=clemensh@chromium.org
TEST=mjsunit/asm/asm-stdlib
BUG=v8:6297

Change-Id: I1d0c371e51bee8186d14fa794fb3f9b7f67e5944
Reviewed-on: https://chromium-review.googlesource.com/501887Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45237}

R=clemensh@chromium.org

Change-Id: Id3a44a247bc881ba0f9d41a242cbb6130094771c
Reviewed-on: https://chromium-review.googlesource.com/501847
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45233}

This fixes cases where falling off the end of a non-void function was
accepted as a valid asm.js module. This led to translation failures in
the WASM code. Only void functions are allowed to fall off the end.

R=clemensh@chromium.org
TEST=mjsunit/asm/return-types
BUG=chromium:719286

Change-Id: I7b1c9ba5381b87a23cf0a2171bee5e5f5e8cd9de
Reviewed-on: https://chromium-review.googlesource.com/500312
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45221}

R=clemensh@chromium.org
BUG=v8:6127

Change-Id: I4f20eae61f47eaa300ba54269c68eefa910b68da
Reviewed-on: https://chromium-review.googlesource.com/500068Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45191}

R=clemensh@chromium.org

Change-Id: Ifa9f0f510bc5b864ebba199603919adb6a35d3a1
Reviewed-on: https://chromium-review.googlesource.com/500267Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45190}

This tests and fixes validation failures caused by assignments to
variables holding functions references (which are all considered
immutable). Such references can come from "stdlib" or "foreign".

R=clemensh@chromium.org
TEST=mjsunit/asm/global-imports
BUG=chromium:719382

Change-Id: Ic02be765e0773a6cc74a54e11a09d42ffb683cb8
Reviewed-on: https://chromium-review.googlesource.com/500188Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45189}

R=clemensh@chromium.org
TEST=mjsunit/asm/regress-718745
BUG=chromium:718745

Change-Id: I4d31e90d7a2bbb1d07ce946682a95582f63c7e27
Reviewed-on: https://chromium-review.googlesource.com/497469Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45134}

R=clemensh@chromium.org
TEST=message/asm-import-wrong-object
BUG=chromium:718653

Change-Id: Ib903d7041ffb6a67c1b3c7be3e0f9455229acd90
Reviewed-on: https://chromium-review.googlesource.com/497747Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45129}

This makes sure that only the "asm-js.h" header is exposed to outside
the directory holding the asm.js validator. It ensures that internals
don't leak out of that component, unless they are explicitly exposed
through the defined interface.

R=clemensh@chromium.org
BUG=v8:6127

Change-Id: I7c41782254cfce102af8edf4356205cfca904e60
Reviewed-on: https://chromium-review.googlesource.com/496147Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45125}

R=clemensh@chromium.org
BUG=v8:6127

Change-Id: I6a098151fef14c0c76c1762d99316a3ae7d12a8e
Reviewed-on: https://chromium-review.googlesource.com/496266
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45119}

R=clemensh@chromium.org
BUG=v8:6127

Change-Id: I104bf807d3da6a9f269e4f729b254bc6a0d2f0df
Reviewed-on: https://chromium-review.googlesource.com/496206Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45098}

This fixes cases where the omission of return type annotation of calls
to stdlib function was rejected, because a surrounding {fround} call
used to be misinterpreted as an annotation instead of a rounding.

R=clemensh@chromium.org
TEST=mjsunit/asm/call-stdlib
BUG=v8:6127

Change-Id: Idec0ef1740ebf8eda969ff05dd1c90252de87a6b
Reviewed-on: https://chromium-review.googlesource.com/493349
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45057}

ErrorThrower::Reify() should only be called if an error is actually set.
This CL introduces a Reset() method to replace the obsolete (now
disallowed) usages.

R=mtrofin@chromium.org
BUG=chromium:717056

Change-Id: I41b989a9c7b33591ee26ec6d43540a38289ab54f
Reviewed-on: https://chromium-review.googlesource.com/493506Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45039}

This makes sure that asm.js modules can only be instantiated with a
valid {ArrayBuffer} as the underlying heap buffer for all cases where
accepting anything else would be observably different from JavaScript
proper.

R=clemensh@chromium.org
TEST=mjsunit/asm/asm-memory
BUG=chromium:715505,chromium:715748

Change-Id: I355686200151c5667bf836824de922d657a8d943
Reviewed-on: https://chromium-review.googlesource.com/488521
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44938}

Instructions after an unconditional jump can be omitted.

BUG=chromium:715582
R=bradnelson@chromium.org,verwaest@chromium.org
TBR=bradnelson@chromium.org

Change-Id: Ie4f4041ed836f328955a0ff396e2dfd6adc01513
Reviewed-on: https://chromium-review.googlesource.com/487983
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44923}

This refactors the {AsmJs} methods used for instantiating an asm.js
module to only use one single entry point. It is in preparation to
validate the "memory" argument as well.

R=clemensh@chromium.org
BUG=chromium:715505

Change-Id: I5e26fcf46f98c053080c70b26c0f562afc7f794a
Reviewed-on: https://chromium-review.googlesource.com/488226
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44922}

R=clemensh@chromium.org
TEST=mjsunit/asm/int32-mul
BUG=chromium:715482

Change-Id: I525e901fd6ade101999694a53d5147b6e4ccc2e5
Reviewed-on: https://chromium-review.googlesource.com/488024Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44892}

This fixes the bounds checking of "unsigned" numeric literals (those
that do not contains dots) by the parser. In particular this fixes a
bogus truncation to 32-bit in the scanner. It also makes the scanner
more robust by limiting the range of those numeric literals, hence
completely avoiding rounding loss or truncation errors.

R=clemensh@chromium.org
TEST=unittests/AsmJsScannerTest.UnsignedNumbers
BUG=v8:6298

Change-Id: Id31ab3c652e99fa8d3d6663315768e1bfaf3b773
Reviewed-on: https://chromium-review.googlesource.com/486881Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44890}

This fixes propagation of validation failures that happen during the
validation of a heap access expression in {ValidateHeapAccess}.

R=clemensh@chromium.org
TEST=mjsunit/regress/regress-crbug-714971
BUG=chromium:714971

Change-Id: I8f91ac1da34ae50fdde2938f61b6468cdac92b6e
Reviewed-on: https://chromium-review.googlesource.com/486801Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44851}

This header file is only used from tests.
Also, move the LoadStoreOpcodeOf method (only used in tests) from
wasm-opcodes.h to wasm-macro-gen.h.

R=ahaas@chromium.org

Change-Id: I8d4691be494b5c1fbe3084441329850930bad647
Reviewed-on: https://chromium-review.googlesource.com/486861
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44845}

Instead of using the WASM_I32V_* macros (and other) from
wasm-macro-gen.h, use the appropriate methods to encode LEB integers.
This also saves some spaces for the wasm bytecode generated from asm.js.

Specifically, this CL
1) renames EmitVarInt to EmitI32V and EmitVarUint to EmitU32V (on
   WasmFunctionBuilder).
2) introduces more methods on the WasmFunctionBuilder to emit i64v,
   u64v, f32, and f64 values.
3) uses the ZoneBuffer instead of a plain ZoneVector<char> in the
   WasmFunctionBuilder to build the body of the function.
4) introduces more helper functions on the ZoneBuffer to encode i64v,
   u64v, f32 and f64 values.

R=ahaas@chromium.org

Change-Id: Ifa59a6a67380ecf9a3823c382daf00855f5bc61e
Reviewed-on: https://chromium-review.googlesource.com/486803Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44842}

This unifies the memory management of identifier strings passed between
the scanner, parser and module builder. The following scheme is used:
 - The scanner does not create copies of identifier strings itself, it
   exposes a reference to the current identifier. This reference becomes
   invalid as soon as the scanner advanced.
 - The parser preserves a single copy of each identifier that is stored
   in any data structure. That copy is allocated in the zone, lifetime
   is coupled to that of the zone.
 - The module builder can use all such identifiers by reference, as long
   as its lifetime is also coupled to the same zone.

Note that the module builder still creates redundant copies for some
identifiers (in order to maintain backwards compatibility with the old
AST-based parser). This can be fixed once the "old validator" has been
removed.

R=clemensh@chromium.org
BUG=v8:6127

Change-Id: I8611d162e87730045a6061d08c3fe841daae8a7d
Reviewed-on: https://chromium-review.googlesource.com/484439
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44836}

R=clemensh@chromium.org

Change-Id: I3aad1b4058eb464dee80c08332a186109efb7208
Reviewed-on: https://chromium-review.googlesource.com/485622
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44829}

This makes sure that typed array constructors (e.g. Int8Array, ...) used
within an asm.js module are considered uses of stdlib values, and hence
are checked during module instantiation.

R=clemensh@chromium.org
TEST=mjsunit/regress/regress-6280
BUG=v8:6280,chromium:714537

Change-Id: Ic5d689f5319c4dac4e9df3dca4a8cf5a4edd890b
Reviewed-on: https://chromium-review.googlesource.com/485521
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44800}

This simplifies the double-indirection used for the signature cache in
function imports and also reduces the memory its memory footprint. Also
switch to use the local zone as an underlying storage.

R=rossberg@chromium.org
BUG=v8:6127

Change-Id: I8bc6cf13f2ce9ffa02485e76b7e36f389c9e02e5
Reviewed-on: https://chromium-review.googlesource.com/483443Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44768}

This also removes a broken optimization regarding immutable (i.e. const)
global variables. For now mutable and immutable global variables are
treated the same and hence copied during module initialization.

R=rossberg@chromium.org
TEST=mjsunit/asm/global-imports
BUG=v8:6279

Change-Id: I020fc12036dc534f5a62fb43f5c6fdb252314e62
Reviewed-on: https://chromium-review.googlesource.com/483360Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44763}

This uses the common macro lists instead of duplicating the list of
available math functions and values in {AsmJs::IsStdlibValid}.

R=rossberg@chromium.org
BUG=v8:6127

Change-Id: Ic480d74bb0b5f0f425d1e601e5128fa6f466bea1
Reviewed-on: https://chromium-review.googlesource.com/481260Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44725}

R=rossberg@chromium.org
BUG=v8:6127

Change-Id: I1ed8f22eecd3ee674c909ae511bbba4460bcdd17
Reviewed-on: https://chromium-review.googlesource.com/481759Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44721}

This fixes source position tracking within the "increment" expression of
a for-statement. The old {StashCode} method was inherently incompatible
with side tables like the source position table, as it would leave them
untouched while mutating the bytecode stream. It was hence trimmed down
to {DeleteCode}.

R=bradnelson@chromium.org
BUG=v8:6127

Change-Id: I7a5ff60cd5334208c44b165c8b54144d9ae83209
Reviewed-on: https://chromium-review.googlesource.com/480301
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44714}

This switches the parser to use token positions (i.e. {Position})
instead of stream positions (i.e. {GetPosition}) everywhere. Access to
the latter is being removed as it is unsupported when the scanner is in
rewind state anyways. This prevents "skipping" a token when seeking.

R=bradnelson@chromium.org
BUG=v8:6127

Change-Id: I9c13dd20a981061a2bccc4fb57e5c57d2a64ac5c
Reviewed-on: https://chromium-review.googlesource.com/480300Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44699}

BUG=None
TEST=None
R=mtrofin@chromium.org
LOG=N

Review-Url: https://codereview.chromium.org/2824793002
Cr-Commit-Position: refs/heads/master@{#44663}

- creating JSArray and further setter and getter calls are slower then on fixed array.

BUG=v8:6189
R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2813773002
Cr-Commit-Position: refs/heads/master@{#44657}

This fixes the validation of "|0" annotations of call sites that are
used to indicate a "signed" return type of functions. We use lookahead
during call validation and request deferred validation as part of the
actual OR-expression. Special care has to be taken to get precedence
levels of all involved operators right.

R=clemensh@chromium.org
TEST=mjsunit/asm/call-annotation
BUG=v8:6183

Change-Id: If0586f669e7cee26a13425b0fd9f41098e852d68
Reviewed-on: https://chromium-review.googlesource.com/475871
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44639}

R=clemensh@chromium.org
BUG=v8:6127

Change-Id: I7f418b4e1accc8d560886cd5c05bdc54d3088249
Reviewed-on: https://chromium-review.googlesource.com/474864
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44586}

R=clemensh@chromium.org
TEST=mjsunit/asm/call-collisions
BUG=v8:6202

Change-Id: Ie382ed011defb0146c07336b1fd65532ecc20e2e
Reviewed-on: https://chromium-review.googlesource.com/473146Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44554}