- 19 Jan, 2021 1 commit
-
-
Clemens Backes authored
The inspector fuzzer is terminating the isolate after two seconds. At this point, we can be in pretty much any state, and any further JS execution would fail. This CL fixes an issue where we got the termination signal when creating a context for a regexp (while installing extensions). There might be more places that need fixing, but with this CL the linked issue does not reproduce locally any more, so it's a step forward. R=szuend@chromium.org, bmeurer@chromium.org Bug: chromium:1166549 Change-Id: I33b48205b71877aca6cfe5267f353fa899bfa05c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2636153Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#72156}
-
- 12 Jan, 2021 1 commit
-
-
Clemens Backes authored
The watchdog previously didn't terminate execution, it just prevented the execution of additional tasks. This CL fixes that by making {TaskRunner::Terminate} actually terminate execution in the isolate. It also adds a regression test for this. R=szuend@chromium.org Bug: chromium:1154412, chromium:1142437 Change-Id: Ic6638e8a5c37e8840a85651b4d4bea2ee0f71c43 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2622212Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#72031}
-
- 09 Nov, 2020 1 commit
-
-
Clemens Backes authored
Joining the thread from the watchdog is problematic, since e.g. {pthread_join} (the implementation of {Thread::Join} on POSIX systems) has undefined behaviour if multiple threads try to join at the same time. In practice, this leads to deadlocks. Thus implement termination by just calling {TaskRunner::Terminate}, but not {TaskRunner::Join}. This fixes the deadlocks in the inspector fuzzer. The inspector test binary is fixed simarly, even though there it seems to not cause problems so far. In both files, the {Terminate} function is inlined into callers because it's only a single line now, with one to two users. Also, replace the single fuzzer test (which is invalid javascript) by two tests: One called "invalid" explicitly, still with invalid javascript, and one empty file, which is valid input. That one reproduced the deadlock. R=szuend@chromium.org Bug: chromium:1142437 Change-Id: I8fb98b0cdbf3ceff6af6849397e5da5a4e9acd3c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526384Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71054}
-
- 02 Nov, 2020 1 commit
-
-
Clemens Backes authored
This adds a first simple version of the inspector fuzzer, which is a stripped-down version of the inspector-test executable. The fuzzer generates inputs which are compatible with inspector-test. There are still memory leaks, and the fuzzer will probably run into timeouts most of the time. Both of this will be addressed in follow-ups. R=szuend@chromium.org, machenbach@chromium.org Bug: chromium:1142437 Change-Id: I4d13da460f571d791a3642b0705a1f07b442c11b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2505722 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#70922}
-