Commits · e783b473789d3e84eb478abb6bb72fb30c38df59 · Linshizhi / V8

11 Jan, 2018 1 commit

[regexp] Add stack check to RegExpExec · e1f676ec

jgruber authored 7 years ago

Band-aid fix for infinite recursion in RegExp TFJ builtins.

TFJ builtins don't contain stack checks in general, so any deep
recursion involving only TFJ builtins can end up overflowing the stack
and segfaulting on the red area.

RegExp builtins in particular can only build such recursions using
RegExp.p.exec, and (as far as I can tell) only by modifying the instance
or prototype, thus hitting the slow path in all builtins.

This CL adds a stack check to RegExpExec, which is the choke point for
calling exec on slow-mode RegExps.

Bug: v8:7239, chromium:797481

Regression test

Change-Id: I78dbb5f868a775d9697606d513623f912639d7db
Reviewed-on: https://chromium-review.googlesource.com/856777Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50511}

e1f676ec

17 Oct, 2017 1 commit

[test] Shorten regression-*.js filenames to regress-*.js · 9fe36eca

Ben L. Titzer authored 7 years ago

R=rossberg@chromium.org

Bug: 
Change-Id: Icac33dc87dd660173e5a45d02b31be46f7d1cb2d
Reviewed-on: https://chromium-review.googlesource.com/721550
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Rossberg <rossberg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48632}

9fe36eca

22 Mar, 2017 1 commit

[wasm] [asm.js] Store function start position also for init function · a2807f2a

Clemens Hammacher authored 7 years ago

The stack check at the beginning of each function maps to the wasm byte
offset 0. For asm.js functions, this byte offset is mapped further to an
asm.js source position. For most functions, we explicitly add an entry
to this side table for offset 0. This was missing for the start
function.

R=ahaas@chromium.org
BUG=v8:4203,chromium:703568

Change-Id: I05bc4a8cfa666864bb7a0b23f75186abe0be9bee
Reviewed-on: https://chromium-review.googlesource.com/458437
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44037}

a2807f2a

06 Mar, 2017 1 commit

[wasm] Fix code specialization for empty memory buffer · 7d8a3028

Clemens Hammacher authored 7 years ago

From asm.js code we might get an empty ArrayBuffer as heap memory. In
this case, both the old memory start and the new memory start will be
nullptr. The size however has to be patched from default_size to 0.

This CL changes code specialization to be able to either patch memory
references, or patch memory sizes or both.

R=titzer@chromium.org, ahaas@chromium.org
BUG=chromium:698587

Change-Id: I4d9d811d75cb83842f23df317e8e7fc02aeb5146
Reviewed-on: https://chromium-review.googlesource.com/450257
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43613}

7d8a3028

20 Jan, 2017 1 commit

Also suppress exception messages thrown by native scripts · 8b8c8df0

jochen authored 8 years ago

BUG=chromium:681984
R=yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2640983006
Cr-Commit-Position: refs/heads/master@{#42536}

8b8c8df0

04 Jan, 2017 1 commit

[turbofan] Teach escape analysis about StringCharAt · 5662f99b

tebbi authored 8 years ago

R=bmeurer@chromium.org
BUG=chromium:677757

Review-Url: https://codereview.chromium.org/2606383005
Cr-Commit-Position: refs/heads/master@{#42066}

5662f99b