- 24 Nov, 2020 17 commits
-
-
Georg Neis authored
Change-Id: Ib1855adbf0292381f2b279d5b44fbddff551a4d5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557499 Auto-Submit: Georg Neis <neis@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#71365}
-
Georg Neis authored
SL's VisitSpeculativeIntegerAdditiveOp was setting Signed32 as restriction type even when relying on a Word32 truncation in order to skip the overflow check. This is not sound. Bug: chromium:1150649 Change-Id: I3113a2102c62d6ecef342c98d25daf31431c01ed Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557498Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#71364}
-
Clemens Backes authored
Make compileAndRunWithOrigin accept the same six arguments as inspector-test. This makes inspector tests more useful as seed for the inspector fuzzer, and allows to run more inspector fuzzer outputs directly in the inspector-test binary. R=szuend@chromium.org Bug: chromium:1142437 Change-Id: Ib9e9768c834204ff17a641e9d462400a139bf6b0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557507Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71363}
-
Maya Lekova authored
This reverts commit 1341dbd2. Reason for revert: The new test is failing on arm64 simulator MSAN - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/35559 Original change's description: > [int] Fix security bug in Intl.ListFormat > > Also add test to ensure it won't crash. The crash is caused by int32_t overflow inside ICU68-1 > > Real fix in https://chromium.googlesource.com/chromium/deps/icu/+/3bf08c6a50f77921ae79d4e715b580b959e494c7 > > Bug: chromium:1150371 > Change-Id: I71c7bb3c50453fe3fa40226cab83bee0d865b0f0 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2551212 > Reviewed-by: Shu-yu Guo <syg@chromium.org> > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Commit-Queue: Frank Tang <ftang@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71357} TBR=jkummerow@chromium.org,machenbach@chromium.org,ftang@chromium.org,syg@chromium.org Change-Id: I10862ad1fb308d1610b8f7a80cca43c010475397 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1150371 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557512Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#71362}
-
Frank Tang authored
Bug: v8:11174 Change-Id: If84c9056d0147720dabce52154648b4086146d0c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2556258Reviewed-by: Frank Tang <ftang@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#71361}
-
Dominik Inführ authored
For pages that are already swept, it can happen that one thread iterates old-to-new-slots while another thread promotes an object onto the same page. Accessing the slot_set in Scavenger::ScavengePage therefore needs to be atomic. Bug: v8:11077 Change-Id: I086db612ed4e861aa9bd1c18fdf5c0e17c519a4b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555009 Auto-Submit: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#71360}
-
Manos Koukoutos authored
This reverts commit 21f001e8. Reason for revert: Changes in SIMD created merge errors. Original change's description: > [wasm] Small changes in opcode organization > > Changes: > - Move call_ref and return_call_ref to misc opcodes. > - Create macro which groups all simd opcodes. > > Change-Id: I7742c8a27fe8859d1bbe129d8056420aaffe0931 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2549948 > Reviewed-by: Andreas Haas <ahaas@chromium.org> > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71355} TBR=ahaas@chromium.org,manoskouk@chromium.org Change-Id: I31a9a0a62e1e40a09f29f944bccb18694236c62b No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557509Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#71359}
-
Jakob Gruber authored
The Code object returned by CompileOptimized runtime functions is tail-called to continue execution. This Code object should not be the CompileLazy builtin. We ran into this case when the requested code kind was available, but not attached - here we returned early from Compiler::CompileOptimized without doing anything. To satisfy the postcondition, this CL removes the early exit and lets GetOptimizedCode handle the cached cases (both the FeedbackVector's optimized code cache, and the isolate cache). Bug: v8:8888 Change-Id: Ie60e6cf27b697ea6685441184b65f28f3583f75a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557500Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#71358}
-
Frank Tang authored
Also add test to ensure it won't crash. The crash is caused by int32_t overflow inside ICU68-1 Real fix in https://chromium.googlesource.com/chromium/deps/icu/+/3bf08c6a50f77921ae79d4e715b580b959e494c7 Bug: chromium:1150371 Change-Id: I71c7bb3c50453fe3fa40226cab83bee0d865b0f0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2551212Reviewed-by: Shu-yu Guo <syg@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#71357}
-
Omer Katz authored
The CPPGC_BUILD_IN_V8 define (used for tracing) isn't propagated from v8_base_without_compiler to cppgc_base, which breaks build with perfetto. Instead use a gn args to specify standalone builds (defaulted to false) and use that to choose the right tracing implementation. Bug: chromium:1056170 Change-Id: I70bce819d45fb133b6f932a50a5d027e39f3e5b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555007 Auto-Submit: Omer Katz <omerkatz@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#71356}
-
Manos Koukoutos authored
Changes: - Move call_ref and return_call_ref to misc opcodes. - Create macro which groups all simd opcodes. Change-Id: I7742c8a27fe8859d1bbe129d8056420aaffe0931 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2549948Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#71355}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/49ce9a3..356ef25 Rolling v8/third_party/aemu-linux-x64: nv6wFuL5e4oM14o83fKYTaYGvYpeIY0g-cCj2yzejZwC..qDJOg4W2RuPZ92H6d33I9kLLWjqfYuMr_gFsPRodSQAC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/91c1a7c..a629d81 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/9c0dc30..260eb0f Rolling v8/third_party/icu: https://chromium.googlesource.com/chromium/deps/icu/+log/7db579a..6a33b64 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I3a55a0b4ff6111cfa3fa79a22d842530b10087f2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2556499Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#71354}
-
Zhi An Ng authored
Prototype 2 prefetch instructions (temporal and non-temporal) on arm64 and interpreter. Add prfm to assembler, and use MiscField to encode the two versions. Small tweak to simulator to handle these new instructions (no-op). The implementation in the interpreter just pops the memory index and does nothing. Simple test cases added for these 2 new instructions, as well as a prefetch with OOB index, which should not trap. Bug: v8:11168 Change-Id: Ieced8081615d07f950d6d4c1128d1bc6a75839fd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2543167Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#71353}
-
Zhao Jiazhong authored
Now the ModS opcode and MacroAssembler::EmitFPUTruncate function are useless, and should be removed. Change-Id: I5ba7c2cd01084b322046c8267b7581ab9d1755c6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554382Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/master@{#71352}
-
Zhi An Ng authored
Drive-by cleanup for other bitmask instructions to UseScratchRegisterScope instead of using temporary registers in instruction-selector. Bug: v8:10997 Change-Id: Id46d249fd20ceaeab8e867babec8b34d7995c17f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2548081 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#71351}
-
Zhi An Ng authored
Currently we only correctly disassemble encoding A4, with a list of 4 regs. Also added tests for these encodings. Change-Id: I38066186d19deb8c180129d7a92b49bc589315cd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554258Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#71350}
-
Zhi An Ng authored
In our codegen, we are mixing SSE and AVX. This can potentially cause transition delays. Ideally we should stick to one. We add some new AVX versions of movss and movsd, then use the macro-assembler methods to generate AVX instructions if supported. Bug: v8:11190 Change-Id: Iff7c0fb892cea85731f880ac2895480621b3092f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554257Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#71349}
-
- 23 Nov, 2020 21 commits
-
-
Bill Budge authored
This reverts commit 5557a63b. Reason for revert: Sheriff's mistake, failing test was previously flaking. Original change's description: > Revert "stack-trace-api: implement getEnclosingLine/Column" > > This reverts commit c48ae2d9. > > Reason for revert: Breaks a profiling test: > https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/30010 > > Original change's description: > > stack-trace-api: implement getEnclosingLine/Column > > > > Introduces getEnclosingColumn and getEnclosingLine on CallSite > > so that the position can be used to lookup the original symbol > > for function when source maps are used. > > > > BUG=v8:11157 > > > > Change-Id: I06c4c374d172d206579abb170c7b7a2bd3bb159f > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2547218 > > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > > Commit-Queue: Benjamin Coe <bencoe@google.com> > > Cr-Commit-Position: refs/heads/master@{#71343} > > TBR=jkummerow@chromium.org,yangguo@chromium.org,bencoe@google.com > > Change-Id: Iab5c250c1c4fbdab86971f4a7e40abc8f87cf79c > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Bug: v8:11157 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555384 > Reviewed-by: Bill Budge <bbudge@chromium.org> > Commit-Queue: Bill Budge <bbudge@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71345} TBR=bbudge@chromium.org,jkummerow@chromium.org,yangguo@chromium.org,bencoe@google.com # Not skipping CQ checks because this is a reland. Bug: v8:11157 Change-Id: I8dba19ceb29a24594469d2cf79626f741dc4cad3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555499Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#71348}
-
Etienne Pierre-doray authored
This is a reland of b16c7e5b Issue: ShouldYield is called multiple time. Fix: ConcurrentSweepSpace returns false if not done (yielding), to avoid calling it again. Issue: failing test-streaming-compilation Safe to reland after https://chromium-review.googlesource.com/c/v8/v8/+/2507379 Original change's description: > Reland "[Heap]: Convert Sweep to Job" > > This is a reland of 795c0b1c > Reason for revert: > TSAN failures https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/33884 > Safe to reland as-is with fix to EagerUnmappingInCollectAllAvailableGarbage > https://chromium-review.googlesource.com/c/v8/v8/+/2502809 > > Original change's description: > > [Heap]: Convert Sweep to Job > > > > max concurrency is inferred from queue size for OLD_SPACE & MAP_SPACE. > > Extra Sweeper::TearDown() in MarkCompactCollector::TearDown() is needed > > to cancel job. > > > > Change-Id: Iafba7d7d24e8f6e5c5a1d5c0348dea731f0ac224 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480783 > > Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#70767} > > Change-Id: Id9a5baceed4664f53da39597af56a2067e4f3c6f > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502808 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org> > Cr-Commit-Position: refs/heads/master@{#70845} Change-Id: I32de9faebdbd2f7f6d7f9a9525871fc691fb3f2c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2507378Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org> Cr-Commit-Position: refs/heads/master@{#71347}
-
Etienne Pierre-doray authored
MockTaskRunner is missing a lock to protect tasks queue, causing flaky tsan. This is similar to: https://source.chromium.org/chromium/chromium/src/+/master:v8/test/cctest/wasm/test-wasm-metrics.cc;l=94?q=test%2Fcctest%2Fwasm%2Ftest-wasm-metrics.cc&ss=chromium Previous CL https://chromium-review.googlesource.com/c/v8/v8/+/2507379 probably revealed the issue to TSAN by bringing more tasks. Bug: v8:11194 Change-Id: Ib45c4afb4e7a86c9b4a54518876e311598747919 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555383Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org> Cr-Commit-Position: refs/heads/master@{#71346}
-
Bill Budge authored
This reverts commit c48ae2d9. Reason for revert: Breaks a profiling test: https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/30010 Original change's description: > stack-trace-api: implement getEnclosingLine/Column > > Introduces getEnclosingColumn and getEnclosingLine on CallSite > so that the position can be used to lookup the original symbol > for function when source maps are used. > > BUG=v8:11157 > > Change-Id: I06c4c374d172d206579abb170c7b7a2bd3bb159f > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2547218 > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Commit-Queue: Benjamin Coe <bencoe@google.com> > Cr-Commit-Position: refs/heads/master@{#71343} TBR=jkummerow@chromium.org,yangguo@chromium.org,bencoe@google.com Change-Id: Iab5c250c1c4fbdab86971f4a7e40abc8f87cf79c No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:11157 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555384Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#71345}
-
Milad Fa authored
Change-Id: I8f8b0b525541cec1a814b7df6ffe0baf00514929 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554526Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#71344}
-
bcoe authored
Introduces getEnclosingColumn and getEnclosingLine on CallSite so that the position can be used to lookup the original symbol for function when source maps are used. BUG=v8:11157 Change-Id: I06c4c374d172d206579abb170c7b7a2bd3bb159f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2547218Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Benjamin Coe <bencoe@google.com> Cr-Commit-Position: refs/heads/master@{#71343}
-
Camillo Bruni authored
- Add support for module streaming compilation - Enable module streaming testing d8 - Update API tests to include basic module streaming Bug: chromium:1061857 Change-Id: I3ac95f7d672c382406182fb6900b1095f15c63b3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2536457Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#71342}
-
Victor Gomes authored
ConstructWithSpread_WithFeedback uses the same argument order as JS linkage, therefore arguments should be inserted in reversed order. See https://source.chromium.org/chromium/chromium/src/+/master:v8/src/codegen/interface-descriptors.h;drc=c7cb9beca18d98ba83c3b75860b912219d425d0e;l=507 Change-Id: I4d3ded048a08ba9a2a4d30da4c41044d9669becc Bug: chromium:1145990 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2549952 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#71341}
-
Santiago Aboy Solanes authored
If we have a regular isolate (or none at all), we can skip acquiring the lock check and DCHECK that we are calling from the main thread. If we have a LocalIsolate, we acquire the string lock if needed. Bug: v8:7790 Change-Id: Ie3562e8172a3e3eca8d194e8652cb881f765cdb8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2551102 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#71340}
-
Manos Koukoutos authored
We use the same temporary mechanism as with eqref, in anticipation of standardization of the wasm-gc JS API. Bug: v8:7748 Change-Id: I224a043e5450ce489fc7f3b2f07f277a0444b8e0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2546695 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#71339}
-
Dominik Inführ authored
Change-Id: I51f2152d8a26fb0b266a41f7d284ced7908eb475 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554603 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Auto-Submit: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#71338}
-
Clemens Backes authored
This changes a '<' to a '<=' and adds a comment to explain why it is safe to use a jump table where the maximum distance is exactly {kMaxCodeSpaceSize}. R=jkummerow@chromium.org Bug: chromium:1151364 Change-Id: Id4971a2e9095fa99df48367ab09af4adbfadffaf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2552906Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71337}
-
Liu Yu authored
Port: 40c0f84a Bug: v8:9771 Change-Id: Icbe4e3450bb6ef7242804ca9d7f46cb6f1aed40c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2539538 Auto-Submit: Liu yu <liuyu@loongson.cn> Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Cr-Commit-Position: refs/heads/master@{#71336}
-
Jakob Kummerow authored
For a very particular special case (long "chains" of bound functions with an undefined @@hasInstance handler), evaluating the `instanceof` operator could lead to a very deep recursion. This patch adds a stack check to make sure we throw rather than crash on stack overflow. Bug: v8:11115 Change-Id: I6bf941b9e75e9fe3a52112ade27388ac4fbbda2f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2545624Reviewed-by: Shu-yu Guo <syg@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#71335}
-
Georg Neis authored
Bug: v8:7790 Change-Id: Idee149b3d59064941473d5e17e2c56a253a5f49d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2546691 Auto-Submit: Georg Neis <neis@chromium.org> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#71334}
-
Michael Achenbach authored
Don't pass the correctness-fuzzing suppressions to normal fuzzing as they turn stack overflows and invalid string length checks into crashes. This became first now a problem after the flag was passed in an mjsunit test case. No-Try: true Bug: chromium:1151600,chromium:1151599 Change-Id: I5d29900a4b155762cae447fc102055eab1916309 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2551112 Auto-Submit: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71333}
-
Zhao Jiazhong authored
I'm working for Loongson Technology, and I have contributed 120+ patches to maintain v8 on mips platform. I request to be an owner of MIPS files, so that we can maintain mips ports more conveniently. Change-Id: Ib01dadfb879fefe7c095398930573e8df0f7c8dd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2525542 Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Reviewed-by: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#71332}
-
Liu Yu authored
Port: commit 1da429fb Bug: v8:10949 Change-Id: I77d28b26a78fe098b529d6ac333c0dac49850b4f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2553160Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Auto-Submit: Liu yu <liuyu@loongson.cn> Cr-Commit-Position: refs/heads/master@{#71331}
-
Marja Hölttä authored
When comparing two-byte strings, the correct number of characters to compare is length(), not byte_length(). The bug was introduced in https://chromium-review.googlesource.com/c/v8/v8/+/2533038 There's no regression test, since going beyond the AstRawString boundary generally doesn't crash. Bug: chromium:1151602 Change-Id: I32c297c2751835dd7574ff928d2d5b8346b4381a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2551110Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#71330}
-
Camillo Bruni authored
Change-Id: Ib34bb9aeeab0e092cdfa49da11382cdb5a8a20e3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2545709Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#71329}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/afc55ca..49ce9a3 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I70102bf08d91bdc1503e1dd8160dbee9b252bf7a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2553924Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#71328}
-
- 22 Nov, 2020 1 commit
-
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/030a312..afc55ca Rolling v8/third_party/aemu-linux-x64: gt2DKWmtJU6vqOju1UcBB-_Nthud81s3cnZkERzzSEUC..nv6wFuL5e4oM14o83fKYTaYGvYpeIY0g-cCj2yzejZwC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/11b4013..91c1a7c TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: Ife95420b8e3b3c42a473f37bf3518c0323736200 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2553666Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#71327}
-
- 21 Nov, 2020 1 commit
-
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/ee1c001..030a312 Rolling v8/third_party/aemu-linux-x64: 4f-YWuHlGrqS9jy308GUs0eo8DxU3h6PwgpHfNYq290C..gt2DKWmtJU6vqOju1UcBB-_Nthud81s3cnZkERzzSEUC Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/2ed6fc0..11b4013 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/2f8e0fa..9c0dc30 Rolling v8/third_party/zlib: https://chromium.googlesource.com/chromium/src/third_party/zlib/+log/e84c9a3..9893e50 Rolling v8/tools/luci-go: git_revision:1a022d3a4c50be4207ee93451255d71896416596..git_revision:6cbe3f56e9f00b8f65eae21f01838a8b58191a47 Rolling v8/tools/luci-go: git_revision:1a022d3a4c50be4207ee93451255d71896416596..git_revision:6cbe3f56e9f00b8f65eae21f01838a8b58191a47 Rolling v8/tools/luci-go: git_revision:1a022d3a4c50be4207ee93451255d71896416596..git_revision:6cbe3f56e9f00b8f65eae21f01838a8b58191a47 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: Ia6309934987cdc0f0da95a83875041761673ec3d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2553156Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#71326}
-