1. 12 Feb, 2019 1 commit
  2. 01 Feb, 2019 1 commit
  3. 30 Jan, 2019 1 commit
  4. 21 Jan, 2019 2 commits
    • Michael Starzinger's avatar
      [wasm] Simplify safepoint-table encoding. · 6091e270
      Michael Starzinger authored
      This removes the unused "argument count" field from the safepoint table
      as the field was unused by now and always contained the value zero.
      
      Also note that associating a callee's argument count with the call-site
      is not compatible with tail-call support. When tail-calling a function
      with a different number of arguments, the information associated with
      the call-site becomes stale. The number of arguments is a property of
      the callee, not of the call-site in the caller. For this reason the
      field in question is not usable to support reference types in function
      arguments (at least when tail-calls are also supported).
      
      R=ahaas@chromium.org
      
      Change-Id: If667d729267f2dd2642b755c54235cc08ca9b141
      Reviewed-on: https://chromium-review.googlesource.com/c/1402548Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#58969}
      6091e270
    • Clemens Hammacher's avatar
      Reland "[wasm] Split compilation in three stages" · 6c2e35b9
      Clemens Hammacher authored
      This is a reland of 4e1d7c87.
      Failure on arm and arm64 is fixed by https://crrev.com/c/1411885.
      
      Original change's description:
      > [wasm] Split compilation in three stages
      >
      > In order to refactor ownership between objects in wasm compilation, the
      > compilation (executed by background tasks) is split in three stages:
      > getting a compilation unit (while holding a mutex), executing the work
      > (without any mutex and without keeping the NativeModule alive), and
      > submitting the work (with a mutex again).
      >
      > This CL prepares this design by splitting compilation from submission.
      > Both steps are still executed right after each other. This will be
      > changed in a follow-up CL.
      >
      > R=titzer@chromium.org
      > CC=mstarzinger@chromium.org
      >
      > Bug: v8:8689
      > Change-Id: I2f92aee8e2f2d45470d8c63314ed026341630902
      > Reviewed-on: https://chromium-review.googlesource.com/c/1414920
      > Reviewed-by: Ben Titzer <titzer@chromium.org>
      > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#58929}
      
      TBR=titzer@chromium.org
      
      Bug: v8:8689
      Change-Id: I58ff07d0e0ac8df0f6ee23c416f992954f4673d2
      Reviewed-on: https://chromium-review.googlesource.com/c/1422748Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#58959}
      6c2e35b9
  5. 18 Jan, 2019 2 commits
    • Michael Achenbach's avatar
      Revert "[wasm] Split compilation in three stages" · b7cc4f7a
      Michael Achenbach authored
      This reverts commit 4e1d7c87.
      
      Reason for revert:
      https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/14986
      
      Original change's description:
      > [wasm] Split compilation in three stages
      > 
      > In order to refactor ownership between objects in wasm compilation, the
      > compilation (executed by background tasks) is split in three stages:
      > getting a compilation unit (while holding a mutex), executing the work
      > (without any mutex and without keeping the NativeModule alive), and
      > submitting the work (with a mutex again).
      > 
      > This CL prepares this design by splitting compilation from submission.
      > Both steps are still executed right after each other. This will be
      > changed in a follow-up CL.
      > 
      > R=​titzer@chromium.org
      > CC=​mstarzinger@chromium.org
      > 
      > Bug: v8:8689
      > Change-Id: I2f92aee8e2f2d45470d8c63314ed026341630902
      > Reviewed-on: https://chromium-review.googlesource.com/c/1414920
      > Reviewed-by: Ben Titzer <titzer@chromium.org>
      > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#58929}
      
      TBR=titzer@chromium.org,clemensh@chromium.org
      
      Change-Id: Ic3d0287b354ef5f834b76bc2cdc096d2231f4477
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:8689
      Reviewed-on: https://chromium-review.googlesource.com/c/1422917Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#58932}
      b7cc4f7a
    • Clemens Hammacher's avatar
      [wasm] Split compilation in three stages · 4e1d7c87
      Clemens Hammacher authored
      In order to refactor ownership between objects in wasm compilation, the
      compilation (executed by background tasks) is split in three stages:
      getting a compilation unit (while holding a mutex), executing the work
      (without any mutex and without keeping the NativeModule alive), and
      submitting the work (with a mutex again).
      
      This CL prepares this design by splitting compilation from submission.
      Both steps are still executed right after each other. This will be
      changed in a follow-up CL.
      
      R=titzer@chromium.org
      CC=mstarzinger@chromium.org
      
      Bug: v8:8689
      Change-Id: I2f92aee8e2f2d45470d8c63314ed026341630902
      Reviewed-on: https://chromium-review.googlesource.com/c/1414920Reviewed-by: 's avatarBen Titzer <titzer@chromium.org>
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#58929}
      4e1d7c87
  6. 21 Dec, 2018 3 commits
    • Sigurd Schneider's avatar
      Reland "[deoptimizer] Refactor GenerateDeoptimizationEntries" · 2a72b8ac
      Sigurd Schneider authored
      This is a reland of f63a657e
      
      Original change's description:
      > [deoptimizer] Refactor GenerateDeoptimizationEntries
      >
      > This reduces preprocessor-expanded source size by 64,359 from
      >
      > gen         (   21 files):    71,570 to    1,613,100 (   23x)
      > src         (  624 files):   367,830 to   52,964,659 (  144x)
      > test        (  392 files):   490,924 to   37,360,916 (   76x)
      > third_party (  432 files):   239,085 to    9,547,902 (   40x)
      > total       ( 1521 files): 1,184,093 to  102,461,098 (   87x)
      >
      > to
      >
      > gen         (   21 files):    71,570 to    1,613,100 (   23x)
      > src         (  624 files):   367,837 to   52,919,005 (  144x)
      > test        (  392 files):   490,924 to   37,342,211 (   76x)
      > third_party (  432 files):   239,085 to    9,547,902 (   40x)
      > total       ( 1521 files): 1,184,100 to  102,396,739 (   86x)
      >
      > Bug: v8:8562
      > Change-Id: Iee474e22ababa1e080b8d6359af4d0076903e59a
      > Reviewed-on: https://chromium-review.googlesource.com/c/1384091
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
      > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#58424}
      
      TBR=jarin@chromium.org,ulan@chromium.org
      
      Bug: v8:8562
      Change-Id: I7a8a350414941f49c6155ff43e36e0cb0b2006e5
      Reviewed-on: https://chromium-review.googlesource.com/c/1387497Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#58437}
      2a72b8ac
    • Sigurd Schneider's avatar
      Revert "[deoptimizer] Refactor GenerateDeoptimizationEntries" · 4b4175d7
      Sigurd Schneider authored
      This reverts commit f63a657e.
      
      Reason for revert: breaks compile on lite mode:
      
      https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8926535782549686576/+/steps/build/0/steps/compile/0/stdout
      
      
      Original change's description:
      > [deoptimizer] Refactor GenerateDeoptimizationEntries
      > 
      > This reduces preprocessor-expanded source size by 64,359 from
      > 
      > gen         (   21 files):    71,570 to    1,613,100 (   23x)
      > src         (  624 files):   367,830 to   52,964,659 (  144x)
      > test        (  392 files):   490,924 to   37,360,916 (   76x)
      > third_party (  432 files):   239,085 to    9,547,902 (   40x)
      > total       ( 1521 files): 1,184,093 to  102,461,098 (   87x)
      > 
      > to
      > 
      > gen         (   21 files):    71,570 to    1,613,100 (   23x)
      > src         (  624 files):   367,837 to   52,919,005 (  144x)
      > test        (  392 files):   490,924 to   37,342,211 (   76x)
      > third_party (  432 files):   239,085 to    9,547,902 (   40x)
      > total       ( 1521 files): 1,184,100 to  102,396,739 (   86x)
      > 
      > Bug: v8:8562
      > Change-Id: Iee474e22ababa1e080b8d6359af4d0076903e59a
      > Reviewed-on: https://chromium-review.googlesource.com/c/1384091
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
      > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#58424}
      
      TBR=ulan@chromium.org,jarin@chromium.org,sigurds@chromium.org
      
      Change-Id: I06e6f95255a3cea6a428713e9e841781425dffe8
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:8562
      Reviewed-on: https://chromium-review.googlesource.com/c/1387494Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
      Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#58425}
      4b4175d7
    • Sigurd Schneider's avatar
      [deoptimizer] Refactor GenerateDeoptimizationEntries · f63a657e
      Sigurd Schneider authored
      This reduces preprocessor-expanded source size by 64,359 from
      
      gen         (   21 files):    71,570 to    1,613,100 (   23x)
      src         (  624 files):   367,830 to   52,964,659 (  144x)
      test        (  392 files):   490,924 to   37,360,916 (   76x)
      third_party (  432 files):   239,085 to    9,547,902 (   40x)
      total       ( 1521 files): 1,184,093 to  102,461,098 (   87x)
      
      to
      
      gen         (   21 files):    71,570 to    1,613,100 (   23x)
      src         (  624 files):   367,837 to   52,919,005 (  144x)
      test        (  392 files):   490,924 to   37,342,211 (   76x)
      third_party (  432 files):   239,085 to    9,547,902 (   40x)
      total       ( 1521 files): 1,184,100 to  102,396,739 (   86x)
      
      Bug: v8:8562
      Change-Id: Iee474e22ababa1e080b8d6359af4d0076903e59a
      Reviewed-on: https://chromium-review.googlesource.com/c/1384091Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#58424}
      f63a657e
  7. 19 Dec, 2018 1 commit
  8. 13 Dec, 2018 3 commits
    • Sigurd Schneider's avatar
      Reland "Reland "Reland "[code-comments] Put code comments into the code object""" · b55dd17f
      Sigurd Schneider authored
      This is a reland of 9c0a4858
      
      Original change's description:
      > Reland "Reland "[code-comments] Put code comments into the code object""
      >
      > This is a reland of ed3d6472
      >
      > This reland fixes that padding at the end of Wasm instruction streams
      > triggered asserts in the code printer.
      >
      > Original change's description:
      > > Reland "[code-comments] Put code comments into the code object"
      > >
      > > This is a reland of e774cffe
      > >
      > > This reland disables a test as v8:8548 is blocking it, which was
      > > broken by a recent CL. CQ did not catch this because the merge-base
      > > CQ used did not yet contain the CL that caused v8:8548.
      > >
      > > Original change's description:
      > > > [code-comments] Put code comments into the code object
      > > >
      > > > Code comments in the snapshot can now be enabled with gn
      > > > arg 'v8_enable_snapshot_code_comments'
      > > >
      > > > Bug: v8:7989
      > > > Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3
      > > > Reviewed-on: https://chromium-review.googlesource.com/c/1329173
      > > > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      > > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > > > Reviewed-by: Michael Stanton <mvstanton@chromium.org>
      > > > Cr-Commit-Position: refs/heads/master@{#58020}
      > >
      > > TBR=mvstanton@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tebbi@chromium.org
      > >
      > > Bug: v8:7989, v8:8548
      > > Change-Id: I464fc897205fefdf2dfc2eadc54d699c4e08a0e9
      > > Reviewed-on: https://chromium-review.googlesource.com/c/1361166
      > > Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
      > > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#58028}
      >
      > Bug: v8:7989, v8:8548
      > Change-Id: I254f55ff687ad049f8d92b09331ed26a2bd05d7d
      > Reviewed-on: https://chromium-review.googlesource.com/c/1371784
      > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#58221}
      
      TBR=jgruber@chromium.org,mstarzinger@chromium.org
      
      Bug: v8:7989, v8:8548, v8:8593
      Change-Id: I4f7ffc98e0281c7b744eb4a04ba0763896c7b59b
      Reviewed-on: https://chromium-review.googlesource.com/c/1375919Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
      Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#58232}
      b55dd17f
    • Clemens Hammacher's avatar
      Revert "Reland "Reland "[code-comments] Put code comments into the code object""" · 8a5c0095
      Clemens Hammacher authored
      This reverts commit 9c0a4858.
      
      Reason for revert: Seems to break nosnap debug: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20nosnap%20-%20debug/22228
      
      Original change's description:
      > Reland "Reland "[code-comments] Put code comments into the code object""
      > 
      > This is a reland of ed3d6472
      > 
      > This reland fixes that padding at the end of Wasm instruction streams
      > triggered asserts in the code printer.
      > 
      > Original change's description:
      > > Reland "[code-comments] Put code comments into the code object"
      > >
      > > This is a reland of e774cffe
      > >
      > > This reland disables a test as v8:8548 is blocking it, which was
      > > broken by a recent CL. CQ did not catch this because the merge-base
      > > CQ used did not yet contain the CL that caused v8:8548.
      > >
      > > Original change's description:
      > > > [code-comments] Put code comments into the code object
      > > >
      > > > Code comments in the snapshot can now be enabled with gn
      > > > arg 'v8_enable_snapshot_code_comments'
      > > >
      > > > Bug: v8:7989
      > > > Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3
      > > > Reviewed-on: https://chromium-review.googlesource.com/c/1329173
      > > > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      > > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > > > Reviewed-by: Michael Stanton <mvstanton@chromium.org>
      > > > Cr-Commit-Position: refs/heads/master@{#58020}
      > >
      > > TBR=mvstanton@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tebbi@chromium.org
      > >
      > > Bug: v8:7989, v8:8548
      > > Change-Id: I464fc897205fefdf2dfc2eadc54d699c4e08a0e9
      > > Reviewed-on: https://chromium-review.googlesource.com/c/1361166
      > > Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
      > > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#58028}
      > 
      > Bug: v8:7989, v8:8548
      > Change-Id: I254f55ff687ad049f8d92b09331ed26a2bd05d7d
      > Reviewed-on: https://chromium-review.googlesource.com/c/1371784
      > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#58221}
      
      TBR=mvstanton@chromium.org,mstarzinger@chromium.org,sigurds@chromium.org,jgruber@chromium.org
      
      Change-Id: I681a3c63120c6ab953bfe9cd2b07bcf560ebfdee
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:7989, v8:8548
      Reviewed-on: https://chromium-review.googlesource.com/c/1375916
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#58228}
      8a5c0095
    • Sigurd Schneider's avatar
      Reland "Reland "[code-comments] Put code comments into the code object"" · 9c0a4858
      Sigurd Schneider authored
      This is a reland of ed3d6472
      
      This reland fixes that padding at the end of Wasm instruction streams
      triggered asserts in the code printer.
      
      Original change's description:
      > Reland "[code-comments] Put code comments into the code object"
      >
      > This is a reland of e774cffe
      >
      > This reland disables a test as v8:8548 is blocking it, which was
      > broken by a recent CL. CQ did not catch this because the merge-base
      > CQ used did not yet contain the CL that caused v8:8548.
      >
      > Original change's description:
      > > [code-comments] Put code comments into the code object
      > >
      > > Code comments in the snapshot can now be enabled with gn
      > > arg 'v8_enable_snapshot_code_comments'
      > >
      > > Bug: v8:7989
      > > Change-Id: I8bd00cafa63132d00d849394c311ba15e6b6daf3
      > > Reviewed-on: https://chromium-review.googlesource.com/c/1329173
      > > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > > Reviewed-by: Michael Stanton <mvstanton@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#58020}
      >
      > TBR=mvstanton@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tebbi@chromium.org
      >
      > Bug: v8:7989, v8:8548
      > Change-Id: I464fc897205fefdf2dfc2eadc54d699c4e08a0e9
      > Reviewed-on: https://chromium-review.googlesource.com/c/1361166
      > Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
      > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#58028}
      
      Bug: v8:7989, v8:8548
      Change-Id: I254f55ff687ad049f8d92b09331ed26a2bd05d7d
      Reviewed-on: https://chromium-review.googlesource.com/c/1371784
      Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#58221}
      9c0a4858
  9. 04 Dec, 2018 4 commits
  10. 12 Nov, 2018 2 commits
  11. 20 Sep, 2018 1 commit
  12. 19 Sep, 2018 1 commit
  13. 23 Aug, 2018 1 commit
    • Ben L. Titzer's avatar
      [wasm] Remove WasmCompilationData · 1a5df8eb
      Ben L. Titzer authored
      The WasmCompilationData was a struct that served as an input/output
      mechanism for communicating with the code generator. In particular,
      it contained a flag for enabling runtime exception for WASM in the code
      generator and it also gathered the protected instruction info from
      the code generator to be communicated to the WasmCodeManager.
      
      This CL inlines the exception support flag into OptimizedCompilationInfo
      and the protected instruction information into the code generator,
      along the lines of other flags and data structures created by the
      code generator.
      
      R=mstarzinger@chromium.org
      
      Change-Id: If436636067f1a829a095310a73045fe3301cb694
      Reviewed-on: https://chromium-review.googlesource.com/1186409
      Commit-Queue: Ben Titzer <titzer@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#55358}
      1a5df8eb
  14. 09 Jul, 2018 1 commit
  15. 06 Jul, 2018 1 commit
  16. 22 Jun, 2018 1 commit
  17. 19 Jun, 2018 2 commits
  18. 13 Jun, 2018 2 commits
  19. 30 Apr, 2018 1 commit
    • Jaroslav Sevcik's avatar
      Replace array index masking with the poisoning approach. · f53dfd93
      Jaroslav Sevcik authored
      The idea is to mark all the branches and loads participating in array
      bounds checks, and let them contribute-to/use the poisoning register.
      In the code, the marks for array indexing operations now contain
      "Critical" in their name. By default (--untrusted-code-mitigations),
      we only instrument the "critical" operations with poisoning.
      
      With that in place, we also remove the array masking approach based
      on arithmetic.
      
      Since we do not propagate the poison through function calls,
      we introduce a node for poisoning an index that is passed through
      function call - the typical example is the bounds-checked index
      that is passed to the CharCodeAt builtin.
      
      Most of the code in this CL is threads through the three levels of
      protection (safe, critical, unsafe) for loads, branches and flags.
      
      Bug: chromium:798964
      
      Change-Id: Ief68e2329528277b3ba9156115b2a6dcc540d52b
      Reviewed-on: https://chromium-review.googlesource.com/995413
      Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52883}
      f53dfd93
  20. 10 Apr, 2018 1 commit
  21. 04 Apr, 2018 2 commits
    • Ross McIlroy's avatar
      [Compiler] Split up Unoptimized/Optimized CompilationInfo and CompilationJobs · 3a0419a6
      Ross McIlroy authored
      With the Ignition + Turbofan pipeline there is very little overlap between the data
      needed for unoptimized compilation and optimized compilation. As a result, it is
      cleaner to split up the CompilationInfo into UnoptimizedCompilationInfo and
      OptimizedCompilationInfo.
      
      Doing so also necessitate splitting up CompilationJob into UnoptimizedCompilationJob
      and OptimizedCompilationJob - again there is not much overlap so this seems cleaner.
      
      Change-Id: I1056ad520937b7f8582e4fc3ca8f4910742de30a
      Reviewed-on: https://chromium-review.googlesource.com/995895
      Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52369}
      3a0419a6
    • Eric Holk's avatar
      [wasm] enable StoreMem_offset_oob_i64 test with trap handlers · f56e2a02
      Eric Holk authored
      The first part of this change updates StoreMem_offset_oob_i64 to use one page of
      Wasm memory, rather than just a few bytes. Using less than a page was out of
      spec for Wasm anyway, so this is better.
      
      This required a small change in the test runner to set and clear the
      thread_in_wasm flag around Wasm calls. This was accomplished by a
      ThreadInWasmScope convenience class.
      
      The majority of the changes are because the cctest environment does not support
      runtime exceptions. In the code generator, where we used to throw a
      WasmMemOutOfBounds exception, we now need to call out to the test hook instead
      if runtime exceptions are not supported. This involved plumbing the
      runtime_exception_support flag down to the code generator. Rather than adding
      and shuffling around extra parameters everywhere, this CL packages the previous
      protected instruction list in a new WasmCompilationData object that now includes
      the runtime_exception_support flag as well.
      
      Bug: v8:5277
      Change-Id: Ic9c9e5a53a07a7773b58c0aee7c26bbd2ddf82f3
      Reviewed-on: https://chromium-review.googlesource.com/989017
      Commit-Queue: Eric Holk <eholk@chromium.org>
      Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52368}
      f56e2a02
  22. 27 Mar, 2018 1 commit
    • Tobias Tebbi's avatar
      [turbofan] unify interpreter and JIT speculation poisoning · 1ef6c437
      Tobias Tebbi authored
      This CL changes the poisoning in the interpreter to use the
      infrastructure used in the JIT.
      
      This does not change the original flag semantics:
      
      --branch-load-poisoning enables JIT mitigations as before.
      
      --untrusted-code-mitigation enables the interpreter mitigations
        (now realized using the compiler back-end), but does not enable
        the back-end based mitigations for the Javascript JIT. So in effect
        --untrusted-code-mitigation makes the CSA pipeline for bytecode handlers
        use the same mechanics (including changed register allocation) that
        --branch-load-poisoning enables for the JIT.
      
      Bug: chromium:798964
      Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
      Change-Id: If7f6852ae44e32e6e0ad508e9237f24dec7e5b27
      Reviewed-on: https://chromium-review.googlesource.com/928881Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52243}
      1ef6c437
  23. 27 Feb, 2018 1 commit
  24. 26 Feb, 2018 1 commit
  25. 13 Feb, 2018 2 commits
    • Mike Stanton's avatar
      [turbofan] Masking/poisoning in codegen (optimized code, x64) · 8f489e73
      Mike Stanton authored
      This introduces masking of loads with speculation bit during code generation.
      At the moment, this is done only for x64 optimized code, under the
      --branch-load-poisoning flag.
      
      Overview of changes:
      - new register configuration configuration with one register reserved for
        the speculation poison/mask (kSpeculationPoisonRegister).
      - in codegen, we introduce an update to the poison register at the starts
        of all successors of branches (and deopts) that are marked as safety
        branches (deopts).
      - in memory optimizer, we lower all field and element loads to PoisonedLoads.
      - poisoned loads are then masked in codegen with the poison register.
        * only integer loads are masked at the moment.
      
      Bug: chromium:798964
      Change-Id: Ie51fdbde578fc289dff029794f3cfe8eaf33e1ef
      Reviewed-on: https://chromium-review.googlesource.com/901625
      Commit-Queue: Michael Stanton <mvstanton@chromium.org>
      Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51272}
      8f489e73
    • Michael Starzinger's avatar
      [turbofan] Better checking of code start register. · 5586ecfc
      Michael Starzinger authored
      This decouples the checking of the {kJavaScriptCallCodeStartRegister}
      from the deoptimization checks. We now rely more heavily on the above
      register and should check its validity more broadly. Note that there
      also is a bug fix for the ARM port contained in this change.
      
      R=mvstanton@chromium.org
      
      Change-Id: I27d8b72cb2b36a85dae4bbbf35e4dbcf150eac01
      Reviewed-on: https://chromium-review.googlesource.com/916242
      Commit-Queue: Michael Stanton <mvstanton@chromium.org>
      Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51270}
      5586ecfc
  26. 12 Feb, 2018 1 commit
    • Ross McIlroy's avatar
      [Ignition] [TurboFan] Generate speculation poison in code generator. · a021b6c4
      Ross McIlroy authored
      Moves generation of speculation poison to be based on the PC target vs the
      actual PC being executed. The speculation poison is generated in the prologue
      of the generated code if CompilationInfo::kGenerateSpeculationPoison is set.
      The result is stored in a known register, which can then be read using the
      SpeculationPoison machine node.
      
      Currently we need to ensure the SpeculationPoison node is scheduled right after
      the code prologue so that the poison register doesn't get clobbered. This is
      currently not verified, however it's only use is in RawMachineAssembler where
      it is manually scheduled early.
      
      The Ignition bytecode handlers are updated to use this speculation poison
      rather than one generated by comparing the target bytecode.
      
      BUG=chromium:798964
      
      Change-Id: I2a3d0cfc694e88d7a8fe893282bd5082f693d5e2
      Reviewed-on: https://chromium-review.googlesource.com/893160
      Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#51229}
      a021b6c4