- 29 Jun, 2020 28 commits
-
-
Zhi An Ng authored
This reverts commit 32b685fa. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20vtunejit/36094 Original change's description: > infra: Set gcc builders not to use Goma > > NOTRY=true > NOTREECHECKS=true > > Bug: chromium:1100009 > Change-Id: I67deb383d41e6609d5c3215e02422c8b1c16f8f4 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2272738 > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Cr-Commit-Position: refs/heads/master@{#68593} TBR=sque@chromium.org,machenbach@chromium.org Change-Id: Ia43f1ed69859d8face0adeefc820a06bf2e04c82 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1100009 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2274086Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#68595}
-
Ng Zhi An authored
When filling stack slots, the start offset can be too large to fit into the immediate of a str instruction (which is used to handle remainders after stp). For example, a function with 32 i64 params will require 256 bytes reserved for the params, so the offset starts at 256 + 16 (instance) = 272. This does not fit into a int9, so we hit an UNREACHABLE case when emitting str. The fix here checks that start can fit in an unscaled immediate, and if it doesn't fallback to the general case. We could use the Str from macro-asesmbler, but that uses another instruction, so we are not saving anything. A check for IsImmLSUnscaled(-start-12) is sufficient because 12 is the largest possible value for remainder. So if -start-12 fits, everything else will fit. Bug: v8:10645 Change-Id: I1c415499ada3a807d5f3889f091150bfefdf471d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2267369 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#68594}
-
Simon Que authored
NOTRY=true NOTREECHECKS=true Bug: chromium:1100009 Change-Id: I67deb383d41e6609d5c3215e02422c8b1c16f8f4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2272738 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#68593}
-
Ng Zhi An authored
Prototype f64x2.trunc on ARM for both ARM v7 and ARM v8. ARM v8 has support for vrintz, and for ARM v7 we fallback to runtime. Since ARM v8 uses vrintz, which is the same instruction used for F64 trunc (scalar), wasm-compiler reuses the Float64RoundTruncate check. Bug: v8:10553 Change-Id: I074d5b4172809915d4b37c59bd3b0dcbf9a45e1d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2268357 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#68592}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/2dc7c7a..d83f4a5 Rolling v8/third_party/aemu-linux-x64: UoYLOT0X6577j70eB9nPqYQs9Z3Nh5lA4I-pRtTchO0C..FN-ckx_oV2JTqPuW3iMG50qdN5FgGqm-4XP9AkoLwPUC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/95c1f42..8353ff9 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/35c6274..6e6c67d Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/02daed1..8603eee Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/42b285f..2479626 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I3bd5df9f3c05eee0f135b0ee49708024edddc812 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2269870 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#68591}
-
Will Harris authored
__declspec(nocf) syntax was added in https://reviews.llvm.org/D72167 and annotates that checks should not be added on indirect calls within that function. BUG=chromium:584575 Change-Id: Ib2e2d2a827186a9c1fd3de15356b2b04d6a69e49 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270707Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Will Harris <wfh@chromium.org> Cr-Commit-Position: refs/heads/master@{#68590}
-
Ng Zhi An authored
Prototype f64x2.floor on ARM for both ARM v7 and ARM v8. ARM v8 has support for vrintm, and for ARM v7 we fallback to runtime. Since ARM v8 uses vrintm, which is the same instruction used for Float64RoundDown (scalar), wasm-compiler reuses the Float64RoundDown check. Bug: v8:10553 Change-Id: I6f3d5c378a811ed94859535667aed1fa2d1ee552 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2265234Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#68589}
-
Ng Zhi An authored
This modernizes python code without breaking Py2 compat. Ran with command: futurize --stage1 -w predictable_wrapper.py futurize --stage1 -w run-num-fuzzer.py futurize --stage1 -w run-tests.py futurize --stage1 -w v8_presubmit.py This only adds the absolute import, which use these semantics. It doesn't do anything differently in our case, these scripts are already doing absolute imports. But with these changes, running `futurize --stage2` will be less messy. Bug: v8:9871 Change-Id: I28182ab73dac6cfcbd544c2046026f14e5157eb3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2252555Reviewed-by: Tamer Tas <tmrts@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#68588}
-
Michael Lippautz authored
Bug: chromium:1056170 Change-Id: I24442979954f63dc8a2f8fd0494cc5d537b733a6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273131 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/master@{#68587}
-
Michael Achenbach authored
This shares the code of running the comparisons on the fuzz test and on the smoke tests. While this change retains behavior for running the fuzz test, the smoke test has slight changes in favor of code readability: 1. Smoke tests can now bail out on output suppressions (There are none now. And if we'd ever add any we'd need to write them in a way, such that they ignore the output of the smoke tests, which don't have much output anyways). 2. Crashes in smoke tests are now a hard failure. This is a desired feature anyways. It's unlikely that the smoke test crashes as then nothing would work. No-Try: true Bug: chromium:1100114 Change-Id: Ice3c6d18b549727c486a70756a72038c8b2029ac Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273125 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Liviu Rau <liviurau@chromium.org> Cr-Commit-Position: refs/heads/master@{#68586}
-
Nico Hartmann authored
An 'arguments' array cannot be allocated in young space when its size exceeds kMaxRegularHeapObjectSize. In this case the optimizations in JSCreateLowering::ReduceJSCreateArguments are skipped. Bug: chromium:1098565 Change-Id: I30fdc78a1eb6e51fcd293785a46c9fd78995da9a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273121Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#68585}
-
gengjiawen authored
Change-Id: I9ad6402561f06b4c2069c08f452e52a4d6b533eb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270402Reviewed-by: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68584}
-
Michael Achenbach authored
This adds a class representing all values needed for an execution. It simplifies the parameters passed to formatting functions and lifts the restriction of a first/second config pair in the options. This will allow to run more than two configs in a follow up. No-Try: true Bug: chromium:1100114 Change-Id: I568253b8ca3220870b8f5af615108140587680a8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270550Reviewed-by: Tamer Tas <tmrts@chromium.org> Reviewed-by: Liviu Rau <liviurau@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#68583}
-
Clemens Backes authored
The test was taking more than a minute before CL https://crrev.com/c/2259933. Afterwards, it takes a lot longer, but I could never reproduce a hang locally. Let's re-enable and mark SLOW to increase the chance that it runs to completion. We can then see how much slower it really got. Also add some output that helps triaging in case it really hangs. R=ahaas@chromium.org Bug: v8:9506 Change-Id: I09a935ca0018517d45c6c008a099b8052bc45c47 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273117 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#68582}
-
Jakob Kummerow authored
Relanding without changes, revert reason was fixed by: https://chromium-review.googlesource.com/c/v8/v8/+/2272564 Originally reviewed at: https://chromium-review.googlesource.com/c/v8/v8/+/2260566 Original description: RTTs are internally represented as Maps. To store supertype information, this patch introduces a WasmTypeInfo object, which is installed on Wasm objects' Maps and points at both the off-heap type information and the parent RTT. In this patch, rtt.sub always creates a fresh RTT. The canonicalization that the proposal requires will be implemented later. Bug: v8:7748 Change-Id: I7fd4986efa3153ac68037ec418ea617f3f7636e8 Tbr: ulan@chromium.org Tbr: tebbi@chromium.org Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273123Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#68581}
-
Nico Hartmann authored
Bug: chromium:1100266 Change-Id: Iaa847a50e9a79261fe9d9050db5046fa99352eaa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273122 Auto-Submit: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#68580}
-
Michael Achenbach authored
This makes output and test-case suppressions independent of the used comparison configs and architecture. Such fine-grained suppressions were only needed during the inception of differential fuzzing, but by now, most remaining suppressions are implemented in d8 behind a flag. This prepares for running with more than two comparison configs in a follow up. No-Try: true Bug: chromium:1100114 Change-Id: I072769adb3ef7c6e6c43459aa23ac906f461b307 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270095 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Liviu Rau <liviurau@chromium.org> Reviewed-by: Tamer Tas <tmrts@chromium.org> Cr-Commit-Position: refs/heads/master@{#68579}
-
Nico Hartmann authored
Bug: chromium:1100266 Change-Id: I20df6d0d5bdd07aa69c4eecf68c1d2152ddc1bec Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2272567Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#68578}
-
Michael Achenbach authored
It is obsolete to filter out error-message differences since the time we pass --correctness-fuzzer-suppressions to d8, which already stubs all messages: https://cs.chromium.org/chromium/src/v8/src/execution/messages.cc?l=1031 No-Try: true Bug: chromium:1100114 Change-Id: Iac42a8e2a32f9bae4034f79eaff429bf3ee41724 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270024Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Tamer Tas <tmrts@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#68577}
-
Michael Achenbach authored
This simplifies the lengthy main method by extracting some code and by replacing the scattered returns with exceptions. We introduce two exceptions for early bail-out. This enables helper methods on multiple layers. The early bail-out on time-out is moved to the point where it is detected. Previously on timeout and crash we also printed out the step number. Clusterfuzz doesn't parse this, it was only for statistical purposes, and the latest version of the experimental workbench only parses crashes and timeouts, not the step in which they happened. Hence, this CL removes those step numbers. Except the change described in the last paragraph, this CL doesn't intend to change behavior. No-Try: true Bug: chromium:1100114 Change-Id: Ie8c18f183e4fc538577f3eb49aaf6df1acd1e4e1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270547Reviewed-by: Liviu Rau <liviurau@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#68576}
-
Camillo Bruni authored
This slows down promise benchmarks since we process all unhandled promises. Bug: vu:1099632 Change-Id: I2188a2842ec0a69ca93e5d406f10371ceff60f9b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270235Reviewed-by: Michael Stanton <mvstanton@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#68575}
-
Jakob Kummerow authored
The per-module caches for subtype relations and type equivalences are accessed from several background compile jobs, so these accesses must be guarded by a lock. This issue was found by our TSan bots and caused the following revert: https://chromium-review.googlesource.com/c/v8/v8/+/2270734 Bug: v8:7748 Change-Id: I0322972f8f72ca8aff3538bf3f78d4329e5f3a44 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2272564 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#68574}
-
Simon Que authored
This sets up a relative path symlink to the XCode sysroot. Bug: chromium:1100006 Change-Id: I04bd8ff5158f6e00a91391e6a49530cf1a46f6eb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2269452Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#68573}
-
Manos Koukoutos authored
Drive-by: Fix ref.is_null calling is_reference_type to typecheck its argument (which would also allow rtts). Bug: v8:7748 Change-Id: I2ad01d0f70ac15d37ac4cc344bd0280a7ca08073 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264094 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#68572}
-
Nico Weber authored
Does step 5 of the linked bug. Bug: chromium:1098923 Change-Id: I590cbaddb803f6343a61f7b49f7b8a4cb9773220 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270704 Auto-Submit: Nico Weber <thakis@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#68571}
-
Camillo Bruni authored
This adds a simple test runner that prints a line for every test with the appropriate status prefix: PASS, FAIL, CRASH or TIMEOUT Change-Id: Ic1ba78667c38cd4392af027bb6cb671b274680b7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264098Reviewed-by: Liviu Rau <liviurau@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#68570}
-
Zhao Jiazhong authored
Port 2332ebd8 https://crrev.com/c/2264099 Original Commit Message: - Add a separate function to load return slots, instead of encoding this in the offset, - Add fast path for single return. Change-Id: I065c35b95dbc6546387ea54d298bb5765bc342cd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2269456Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/master@{#68569}
-
Nico Weber authored
Bug: chromium:1098899 Change-Id: I3ff79c00063f7da36b141a3a7b0d2daa71c9801a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270705 Commit-Queue: Peter Marshall <petermarshall@chromium.org> Reviewed-by: Peter Marshall <petermarshall@chromium.org> Auto-Submit: Nico Weber <thakis@chromium.org> Cr-Commit-Position: refs/heads/master@{#68568}
-
- 26 Jun, 2020 12 commits
-
-
Shu-yu Guo authored
This reverts commit 04ce88ea. Reason for revert: TSAN failure: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/32135 Original change's description: > [wasm-gc] Implement rtt.sub > > RTTs are internally represented as Maps. To store supertype information, > this patch introduces a WasmTypeInfo object, which is installed on Wasm > objects' Maps and points at both the off-heap type information and the > parent RTT. > In this patch, rtt.sub always creates a fresh RTT. The canonicalization > that the proposal requires will be implemented later. > > Bug: v8:7748 > Change-Id: I8286dd11f520966155cd95c2bd844ec34fccd131 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260566 > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#68564} TBR=ulan@chromium.org,jkummerow@chromium.org,tebbi@chromium.org Change-Id: I311732e1ced4de7a58b87d4a9b6056e0d62aa986 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:7748 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270734Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#68567}
-
Milad Farazmand authored
Test and Instruction Selection changes are not included and must be added when opcode is added to SIMD proposal. Bug: v8:10583 Change-Id: I140d3477d4f3281b24974090c25807eb86af757f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2261162 Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Reviewed-by: Zhi An Ng <zhin@chromium.org> Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#68566}
-
Milad Farazmand authored
Change-Id: I1f323ecb531880feb49cb70797b8f39ad863a75d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2269841Reviewed-by: Junliang Yan <jyan@ca.ibm.com> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#68565}
-
Jakob Kummerow authored
RTTs are internally represented as Maps. To store supertype information, this patch introduces a WasmTypeInfo object, which is installed on Wasm objects' Maps and points at both the off-heap type information and the parent RTT. In this patch, rtt.sub always creates a fresh RTT. The canonicalization that the proposal requires will be implemented later. Bug: v8:7748 Change-Id: I8286dd11f520966155cd95c2bd844ec34fccd131 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260566 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#68564}
-
Milad Farazmand authored
Change-Id: I663da3357f6e88848048ec42832fe7017d563ac4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264952Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#68563}
-
Michael Achenbach authored
TBR=mslekova@chromium.org No-Try: true Bug: v8:10647 Change-Id: I177abffb3286703df110f1875c70ac1120d07595 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270541Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#68562}
-
Michael Achenbach authored
Bug: chromium:1099623 Change-Id: Icbb6b0ebcc10628fafbef57cc6d1af7861e408f4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270170Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Tamer Tas <tmrts@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#68561}
-
Benedikt Meurer authored
The `Debugger.getScriptSource()` and `Debugger.getWasmBytecode()` methods in the CDP return Wasm wire bytes as protocol::Binary, which is send as Base64-encoded JSON string in the communication to the DevTools front-end, and hence leads to either crashing the renderer that is being debugged or the renderer that's running the front-end if we allow arbitrarily huge Wasm byte sequences here. This CL introduces a limit, based on the maximum allowed string length, to avoid the crash and instead signal a proper error to the DevTools front-end. Bug: chromium:1099680 Change-Id: I356d617301d17a4012f7f845773cf14e6ad1e4a7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270174 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#68560}
-
Manos Koukoutos authored
Motivation: The immediate-argument classes defined in function-body-decoder.h were often adding an offset to the provided pc. This was inconsistent, bug-prone, and counterintuitive. This CL imposes that all immediates are passed as pc the start of the immediate argument they are parsing. Some other smaller inconsistencies are fixed as well. Changes: src/wasm/: - Enforce that all Immediates are passed the pc at the start of the argument they are parsing. Adapt all call sites. - Remove unneeded offset arguments from two SIMD related immediates. - Add a pc argument to all Validate functions for immediates instead of using the Decoder's current pc. - Remove the (unused) pc argument from all Complete functions for immediates. - Introduce Validate() for BranchOnExceptionImmediate. - In WasmDecoder::Decode(), make sure len is updated before breaking out of the loop in case of a Validate() failure. - Change the default prefix_len of DecodeLoadMem/DecodeStoreMem to 1. wasm-interpreter.cc: - Change the default prefix_len of ExecuteLoad/Store to 1. - Adapt offsets in calls to Immediates. - Remove redundant opcode_length argument from ExecuteSimdOp, use len in its place. function-body-decoder-unittest.cc - Adapt offsets in calls to Immediates. - Introduce and use EXPECT_OK, as is done in other tests. Change-Id: I534606c0e238af309804d4a7c8cec75b1e49c6ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2267381 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#68559}
-
Andreas Haas authored
R=clemensb@chromium.org Bug: v8:10108 Change-Id: I44c03a7c39cca8f35e4221c659f918e109d85353 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270166 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#68558}
-
Clemens Backes authored
It turns out that Liftoff often needs to know the size of a value in bytes. Currently we are loading the size_log_2 from an array and then performing a shift by that amount. We can slightly speed this up by just loading the correct value directly. Drive-by: Use {int8_t} for the internal array, since all values will easily fit in that range. R=thibaudm@chromium.org Bug: v8:10576 Change-Id: I1b832ba404ff9913e2272d332f312b371b6ce3d4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2267302Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#68557}
-
Michael Achenbach authored
Bug: chromium:1099623 Change-Id: I88ab0cec0ba505dcfc77d2f5eb271321633ca3be Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270165Reviewed-by: Tamer Tas <tmrts@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#68556}
-