Skip to content

V
V8
Switch branch/tag
  1. 25 Feb, 2021 1 commit
  3. 28 Jan, 2021 1 commit
  5. 19 Jan, 2021 1 commit
  7. 18 Jan, 2021 1 commit
  9. 25 Nov, 2020 1 commit
  11. 26 Oct, 2020 3 commits
    • Clemens Backes's avatar
      Reland "[wasm] Disallow late enabling of trap handlers" · 15efe5a6
      Clemens Backes authored 
      This is a reland of bcb0a7c5.
Data races detected by TSan are fixed by using (relaxed) atomic
updates.

Original change's description:
> [wasm] Disallow late enabling of trap handlers
>
> It's dangerous if trap handlers are enabled after we already used the
> information whether they are enabled or not.
> This CL checks for such misbehaviour by remembering whether
> {IsTrapHandlerEnabled} was already called, and disallowing
> {EnableTrapHandler} afterwards. Also, calling {EnableTrapHandler}
> multiple times is disallowed now.
>
> The trap handler tests are changed to only enable trap handlers once,
> and to do that before allocating wasm memory or generating code.
>
> R=ahaas@chromium.org
>
> Bug: v8:11017
> Change-Id: Ib2256bb8435efd914c12769cedd4a0051052aeef
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494935
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70750}

Bug: v8:11017
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Change-Id: I24299c433ffa3ce31e2aac12134dc03f30609da2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498683
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70761}
      15efe5a6
    • Leszek Swirski's avatar
      Revert "[wasm] Disallow late enabling of trap handlers" · 165467c4
      Leszek Swirski authored 
      This reverts commit bcb0a7c5.

Reason for revert: TSAN failure (https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/33868)

Original change's description:
> [wasm] Disallow late enabling of trap handlers
>
> It's dangerous if trap handlers are enabled after we already used the
> information whether they are enabled or not.
> This CL checks for such misbehaviour by remembering whether
> {IsTrapHandlerEnabled} was already called, and disallowing
> {EnableTrapHandler} afterwards. Also, calling {EnableTrapHandler}
> multiple times is disallowed now.
>
> The trap handler tests are changed to only enable trap handlers once,
> and to do that before allocating wasm memory or generating code.
>
> R=​ahaas@chromium.org
>
> Bug: v8:11017
> Change-Id: Ib2256bb8435efd914c12769cedd4a0051052aeef
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494935
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70750}

TBR=ahaas@chromium.org,clemensb@chromium.org

Change-Id: I1d93dcb399e2a0b5b0543aa60d34087317c01cb3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:11017
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497176Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70751}
      165467c4
    • Clemens Backes's avatar
      [wasm] Disallow late enabling of trap handlers · bcb0a7c5
      Clemens Backes authored 
      It's dangerous if trap handlers are enabled after we already used the
information whether they are enabled or not.
This CL checks for such misbehaviour by remembering whether
{IsTrapHandlerEnabled} was already called, and disallowing
{EnableTrapHandler} afterwards. Also, calling {EnableTrapHandler}
multiple times is disallowed now.

The trap handler tests are changed to only enable trap handlers once,
and to do that before allocating wasm memory or generating code.

R=ahaas@chromium.org

Bug: v8:11017
Change-Id: Ib2256bb8435efd914c12769cedd4a0051052aeef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494935Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70750}
      bcb0a7c5
  13. 23 Oct, 2020 1 commit
    • Clemens Backes's avatar
      [wasm] Reduce memory reservation without trap handlers · d5720c74
      Clemens Backes authored 
      If trap handlers are disabled, we don't need guard regions around wasm
memories. Hence use the dynamic {trap_handler::IsTrapHandlerEnabled()}
check, instead of always reserving guard regions on all 64-bit
platforms.
This will allow to reserve pretty much arbitrarily many wasm memories if
trap handlers are disabled.

Two tests are added to test the number of memories that can be
allocated: With trap handlers, at least 50 memories should always be
possible. Without trap handlers, 10000 small memories should not be a
problem (each one is taking 64kB, so it's 640MB overall).

Drive-by: Improve tracing.

R=ahaas@chromium.org

Bug: v8:11017
Change-Id: Ic4c620f63dfbef571e64df0b3372b83a1db566ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491034Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70732}
      d5720c74
  15. 20 Oct, 2020 1 commit
  17. 17 Aug, 2020 1 commit
  19. 09 Jun, 2020 1 commit
  21. 08 Nov, 2019 1 commit
  23. 03 Jun, 2019 1 commit
  25. 24 May, 2019 1 commit
  27. 15 Apr, 2019 1 commit
  29. 29 Jan, 2019 1 commit
    • Andreas Haas's avatar
      [wasm][traphandler] Mark code object validation check as slow · bf505216
      Andreas Haas authored 
      In the trap handler we validate the list of registered code objects
every time we register or de-register a new code object. The complexity
of this validation is O(num-code-objects * num-instructions). For big
WebAssembly modules with several hundred thousand code objects, this
validation causes significant overhead (we saw up to 10x) and makes
debugging very tedious. With this CL I mark the validation as slow.
Thereby it is still enabled in most tests on our bots, but it is
possible to disable validation when debugging large web applications.

The referenced bug issue was created by developers who had problems
with debugging because of this issue.

R=mark@chromium.org

Bug: v8:8536
Change-Id: If7ecb554eebcb04eb43a1f791b96c7a42a47e60f
Reviewed-on: https://chromium-review.googlesource.com/c/1442634Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59181}
      bf505216
  31. 04 Jan, 2019 1 commit
    • Clemens Hammacher's avatar
      Revert "Remove trap handler fallback for sanitizers" · 5ac88bfc
      Clemens Hammacher authored 
      This reverts commit 26a78061.

Reason for revert: Not all fuzzers support custom segfault handlers yet, see https://crbug.com/918949

Original change's description:
> Remove trap handler fallback for sanitizers
> 
> Since https://crrev.com/c/1335572, our sanitizers allow to set custom
> segfault handlers. Thus remove special code that was added to handle
> sanitizers that prevent installation of segfault handlers. Instead,
> CHECK that the signal handler was installed correctly.
> 
> R=​ahaas@chromium.org, mseaborn@chromium.org, mark@chromium.org
> 
> Bug: chromium:830894
> Change-Id: I3bd66e33efdceb3e8469f3f4a09fbde90cb3d7ec
> Reviewed-on: https://chromium-review.googlesource.com/c/1392199
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58513}

TBR=mseaborn@chromium.org,ahaas@chromium.org,mark@chromium.org,clemensh@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:830894, chromium:918949
Change-Id: Ide545860cf7729139ac50c0dd2e85facca49b0b1
Reviewed-on: https://chromium-review.googlesource.com/c/1396277Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58556}
      5ac88bfc
  33. 03 Jan, 2019 1 commit
  35. 30 Nov, 2018 1 commit
  37. 29 Nov, 2018 1 commit
    • Andreas Haas's avatar
      Reland: [wasm] Add more unit tests for trap handler · 3d2bc5d0
      Andreas Haas authored 
      The problem were missing V8_EXPORT_PRIVATE and V8_EXPORT.

The unittests test if the trap handler only handles those traps it
is supposed to handle:
* Only handle traps when the thread-in-wasm flag is set.
* Only handle traps of the right type, i.e. memory access violations.
* Only handle traps at recorded instructions.

The tests also test the consistency of the thread-in-wasm flag. I made
one change in the trap handler where that consistency could be
violated.

All tests are executed with the default trap handler provided by V8,
and with the trap handler callback installed in a test signal/exception
handler.

Patchset 1 is the original CL.

R=mstarzinger@chromium.org

Change-Id: I172d94f24cdba4c3a1f7f344825b059dbb59da79
Reviewed-on: https://chromium-review.googlesource.com/c/1351024Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57947}
      3d2bc5d0
  39. 27 Nov, 2018 2 commits
    • Clemens Hammacher's avatar
      Revert "[wasm] Add more unit tests for trap handler" · 2fd07376
      Clemens Hammacher authored 
      This reverts commit 4644b32e.

Reason for revert: Link errors on win64: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win64%20-%20debug/25950

Original change's description:
> [wasm] Add more unit tests for trap handler
> 
> The unittests test if the trap handler only handles those traps it
> is supposed to handle:
> * Only handle traps when the thread-in-wasm flag is set.
> * Only handle traps of the right type, i.e. memory access violations.
> * Only handle traps at recorded instructions.
> 
> The tests also test the consistency of the thread-in-wasm flag. I made
> one change in the trap handler where that consistency could be
> violated.
> 
> All tests are executed with the default trap handler provided by V8,
> and with the trap handler callback installed in a test signal/exception
> handler.
> 
> Change-Id: I03904bb6effd2e8694d3f4d1fbf62bc38002646e
> Reviewed-on: https://chromium-review.googlesource.com/c/1340246
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57858}

TBR=mstarzinger@chromium.org,ahaas@chromium.org,mark@chromium.org

Change-Id: Iac2f20c73744226885ea1810813863a21c5faf8c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/1351021Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57861}
      2fd07376
    • Andreas Haas's avatar
      [wasm] Add more unit tests for trap handler · 4644b32e
      Andreas Haas authored 
      The unittests test if the trap handler only handles those traps it
is supposed to handle:
* Only handle traps when the thread-in-wasm flag is set.
* Only handle traps of the right type, i.e. memory access violations.
* Only handle traps at recorded instructions.

The tests also test the consistency of the thread-in-wasm flag. I made
one change in the trap handler where that consistency could be
violated.

All tests are executed with the default trap handler provided by V8,
and with the trap handler callback installed in a test signal/exception
handler.

Change-Id: I03904bb6effd2e8694d3f4d1fbf62bc38002646e
Reviewed-on: https://chromium-review.googlesource.com/c/1340246
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57858}
      4644b32e
  41. 20 Nov, 2018 1 commit
  43. 30 Oct, 2018 1 commit
  45. 26 Oct, 2018 1 commit
  47. 20 Sep, 2018 1 commit
  49. 29 Aug, 2018 1 commit
  51. 22 Aug, 2018 1 commit
  53. 18 Jul, 2018 1 commit
  55. 13 Jul, 2018 1 commit
  57. 07 May, 2018 2 commits
  59. 04 May, 2018 1 commit
    • Eric Holk (eholk)'s avatar
      [wasm] Refactor trap handlers to make way for Windows support · bb60967e
      Eric Holk (eholk) authored 
      In preparing for adding trap-based bounds checking to Windows, this
change refactors the code to separate the platform-specific portions
from that which can be shared between platforms.

Internally, we've renamed `RegisterDefaultSignalHandler` to
`RegisterDefaultTrapHandler` to more accurately represent the
difference in terminology between Linux (signals) and Windows
(exceptions). The external API is left the same so as not to break
downstream clients.

This CL is primarily to make room for Windows support. Future CLs
will begin adding support for Windows.

This is a reincarnation of https://crrev.com/c/626558.

Bug: v8:6743
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iaa8bfd68c14cd1d17933b12c24cb8dd5ee8a21d6
Reviewed-on: https://chromium-review.googlesource.com/998829
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: 's avatarBrad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53006}
      bb60967e
  61. 14 Apr, 2018 1 commit
    • Jakob Kummerow's avatar
      [ubsan] Change Address typedef to uintptr_t · 2459046c
      Jakob Kummerow authored 
      The "Address" type is V8's general-purpose type for manipulating memory
addresses. Per the C++ spec, pointer arithmetic and pointer comparisons
are undefined behavior except within the same array; since we generally
don't operate within a C++ array, our general-purpose type shouldn't be
a pointer type.

Bug: v8:3770
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ib96016c24a0f18bcdba916dabd83e3f24a1b5779
Reviewed-on: https://chromium-review.googlesource.com/988657
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52601}
      2459046c
  63. 09 Apr, 2018 1 commit
  65. 04 Apr, 2018 1 commit
    • Eric Holk's avatar
      [wasm] enable StoreMem_offset_oob_i64 test with trap handlers · f56e2a02
      Eric Holk authored 
      The first part of this change updates StoreMem_offset_oob_i64 to use one page of
Wasm memory, rather than just a few bytes. Using less than a page was out of
spec for Wasm anyway, so this is better.

This required a small change in the test runner to set and clear the
thread_in_wasm flag around Wasm calls. This was accomplished by a
ThreadInWasmScope convenience class.

The majority of the changes are because the cctest environment does not support
runtime exceptions. In the code generator, where we used to throw a
WasmMemOutOfBounds exception, we now need to call out to the test hook instead
if runtime exceptions are not supported. This involved plumbing the
runtime_exception_support flag down to the code generator. Rather than adding
and shuffling around extra parameters everywhere, this CL packages the previous
protected instruction list in a new WasmCompilationData object that now includes
the runtime_exception_support flag as well.

Bug: v8:5277
Change-Id: Ic9c9e5a53a07a7773b58c0aee7c26bbd2ddf82f3
Reviewed-on: https://chromium-review.googlesource.com/989017
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52368}
      f56e2a02
  67. 26 Mar, 2018 1 commit
  69. 22 Mar, 2018 1 commit
  71. 20 Mar, 2018 1 commit