1. 19 Jul, 2022 2 commits
  2. 14 Jul, 2022 1 commit
  3. 11 Jul, 2022 1 commit
  4. 08 Jul, 2022 2 commits
  5. 05 Jul, 2022 1 commit
  6. 01 Jul, 2022 1 commit
  7. 30 Jun, 2022 1 commit
  8. 29 Jun, 2022 1 commit
  9. 24 Jun, 2022 1 commit
  10. 22 Jun, 2022 2 commits
  11. 21 Jun, 2022 1 commit
  12. 16 Jun, 2022 1 commit
  13. 10 Jun, 2022 1 commit
  14. 08 Jun, 2022 2 commits
  15. 03 Jun, 2022 1 commit
  16. 02 Jun, 2022 1 commit
    • Manos Koukoutos's avatar
      [wasm-gc][turbofan] Implement typing phase · aee0ec97
      Manos Koukoutos authored
      We introduce a typing phase into the Turbofan compilation pipeline for
      wasm-gc. It has two functionalities: (1) to type nodes that were not
      typed during code generation (mainly phi nodes) and (2) to narrow types
      as much as possible.
      The following nodes are handled, which should be enough for our
      purposes: TypeGuard, WasmTypeCast, AssertNotNull, Phi, LoadFromObject,
      and LoadImmutableFromObject.
      Loop phi types are computed by first assigning the type of the
      non-recursive input, and updating once we have the type of the recursive
      inputs, and repeating this process to a fixed point.
      
      Drive-by: Remove the narrowing of function signatures during wasm
      inlining, as it created some issues and should not be needed after this
      series of changes.
      
      Bug: v8:7748
      Change-Id: I8a72488d5c221c4ae8257fc5abf6f0368cf10e96
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3678208
      Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
      Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
      Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#80912}
      aee0ec97
  17. 01 Jun, 2022 2 commits
  18. 31 May, 2022 2 commits
  19. 30 May, 2022 1 commit
  20. 28 May, 2022 2 commits
  21. 27 May, 2022 5 commits
  22. 25 May, 2022 2 commits
  23. 24 May, 2022 1 commit
  24. 20 May, 2022 3 commits
    • Andy Wingo's avatar
      [stringrefs] Parse the string literals section · 44932c16
      Andy Wingo authored
      Bug: v8:12868
      
      Also adds wtf8.cc, wtf8.h to src/wasm, to implement WTF-8 validation and
      possibly other utilities.  Also fixes a bug when parsing the string
      literals section; I had misunderstood the way the unordered/ordered
      sections mechanism worked.
      
      Change-Id: I3c4205e0872379a69575f84ba33e0090a9d8d656
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652789
      Commit-Queue: Andy Wingo <wingo@igalia.com>
      Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#80674}
      44932c16
    • Samuel Groß's avatar
      [sandbox] Add new Memory Corruption API · 4a12cb10
      Samuel Groß authored
      When enabled, this API exposes a new global 'Sandbox' object which
      contains a number of functions and objects that in effect emulate
      typical memory corruption primitives constructed by exploits. In
      particular, the 'MemoryView' constructor can construct ArrayBuffers
      instances that can corrupt arbitrary memory inside the sandbox. Further,
      the getAddressOf(obj) and getSizeInBytesOf(obj) functions can be used
      respectively to obtain the address (relative to the base of the sandbox)
      and size of any HeapObject that can be accessed from JavaScript.
      
      This API is useful for testing the sandbox, for example to
      facilitate developing PoC sandbox escapes or writing regression tests.
      In the future, it may also be used by custom V8 sandbox fuzzers.
      
      Bug: v8:12878
      Change-Id: I4e420b2ff28bd834b0693f1546942e51c71bfdda
      Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650718Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Commit-Queue: Samuel Groß <saelo@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#80659}
      4a12cb10
    • Andy Wingo's avatar
      [stringrefs] Add generalized UTF-8 decoder / validator · b48262d7
      Andy Wingo authored
      Bug: v8:12868
      
      A slight modification to the existing DFA-based UTF-8 allocator to allow
      decoding surrogates, for use in decoding WTF-8.  We'll need to
      additionally constrain the decoder to disallow surrogate pairs.
      
      Change-Id: Ifddbf08d4eeeff8f270df52a68f01769ea790eec
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652787
      Commit-Queue: Andy Wingo <wingo@igalia.com>
      Reviewed-by: 's avatarMarja Hölttä <marja@chromium.org>
      Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#80654}
      b48262d7
  25. 18 May, 2022 1 commit
  26. 16 May, 2022 1 commit
    • Clemens Backes's avatar
      [utils] Introduce SparseBitVector · 5696b526
      Clemens Backes authored
      We currently have a BitVector implementation which is used a lot by the
      two (mid-tier and top-tier) register allocators. Their size is the
      number of virtual registers or the number of blocks in the function. If
      one of those numbers gets huge, the BitVector does not perform well any
      more, and it consumes huge amounts of memory (we see up to several GBs
      for huge Wasm functions).
      
      This CL introduces a SparseBitVector implementation with a compatible
      interface, meant to replace the BitVector implementation. Usages will be
      introduced in follow-up CLs, first for the mid-tier allocator, then
      top-tier. This will allow us to assess performance changes better, and
      revert individual usages.
      
      R=mslekova@chromium.org
      
      Bug: chromium:1313379, v8:12780
      Change-Id: I804311e0c188526961f70e88a43dd1ea26497cda
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3634780
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#80546}
      5696b526