AuroraMiddleware/v8 - v8 - Gitea: Git with a cup of tea

AuroraMiddleware/v8

Fork 0

Commit Graph

Author	SHA1	Message	Date
Marja Hölttä	566e972395	[parser] Skipping inner funcs: Fix bailout. When the bailout triggered, we assumed we're generating data (i.e., we're inside a non-arrow function). This is not true; it's possible that we're already inside an arrow function and not generating data anyway. BUG=v8:5516,chromium:761980 Change-Id: Iad9c8dde283031630953ef9a46c1e68bc0cee048 Reviewed-on: https://chromium-review.googlesource.com/655081 Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#47905}	2017-09-07 21:18:12 +00:00
Marja Hölttä	c3cf3d0661	[parser] Skipping inner funcs: drop "experimental" from flag name. Makes ClusterFuzz start fuzzing with the flag on. BUG=v8:5516 Change-Id: Ia80f7d22f12fe25efb226102a896e8b0e3537947 Reviewed-on: https://chromium-review.googlesource.com/610000 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/master@{#47366}	2017-08-16 08:49:27 +00:00
Marja Hölttä	e7a46253f2	[parser] Skipping inner funcs: implement a bailout. In some cases, PreParser cannot replicate the Scope structure created by Parser. It happens esp. with arrow function parameters, since the relevant information is already lost by the time we figure out it's an arrow function. In these cases, PreParser should bail out of trying to create data for skipping inner functions. Implementation notes: - The arrow function case is more fundamental; the non-arrow case could be hacked together somehow if we implemented tracking is_simple for each param separately; but now that it's possible to bail out consistently from both cases, I don't think the is_simple complication is worth it. - The added mjsunit test cases are based on the test262 test cases which exposed the problem. - cctest/preparser/PreParserScopeAnalysis was exercising similar cases, but the problem didn't show up because the function parameters didn't contain skippable functions. Those test cases have been repurposed for testing the bailout. - Extra precaution: the bailout tests are in a separate file, to guard from the bug that a bailout case results in bailing out of all data creation, which would make all skipping tests in the same file useless. BUG=v8:5516 Change-Id: I4324749a5ec602fa5d7dc27647ade0284a6842fe Reviewed-on: https://chromium-review.googlesource.com/599849 Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#47170}	2017-08-04 18:22:32 +00:00

Author

SHA1

Message

Date

Marja Hölttä

566e972395

[parser] Skipping inner funcs: Fix bailout.

When the bailout triggered, we assumed we're generating data (i.e., we're inside
a non-arrow function). This is not true; it's possible that we're already inside
an arrow function and not generating data anyway.

BUG=v8:5516,chromium:761980

Change-Id: Iad9c8dde283031630953ef9a46c1e68bc0cee048
Reviewed-on: https://chromium-review.googlesource.com/655081
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47905}

2017-09-07 21:18:12 +00:00

Marja Hölttä

c3cf3d0661

[parser] Skipping inner funcs: drop "experimental" from flag name.

Makes ClusterFuzz start fuzzing with the flag on.

BUG=v8:5516

Change-Id: Ia80f7d22f12fe25efb226102a896e8b0e3537947
Reviewed-on: https://chromium-review.googlesource.com/610000
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47366}

2017-08-16 08:49:27 +00:00

Marja Hölttä

e7a46253f2

[parser] Skipping inner funcs: implement a bailout.

In some cases, PreParser cannot replicate the Scope structure created by
Parser. It happens esp. with arrow function parameters, since the relevant
information is already lost by the time we figure out it's an arrow function.

In these cases, PreParser should bail out of trying to create data for skipping
inner functions.

Implementation notes:

- The arrow function case is more fundamental; the non-arrow case could be
  hacked together somehow if we implemented tracking is_simple for each param
  separately; but now that it's possible to bail out consistently from both
  cases, I don't think the is_simple complication is worth it.

- The added mjsunit test cases are based on the test262 test cases which exposed
  the problem.

- cctest/preparser/PreParserScopeAnalysis was exercising similar cases, but the
  problem didn't show up because the function parameters didn't contain
  skippable functions. Those test cases have been repurposed for testing the
  bailout.

- Extra precaution: the bailout tests are in a separate file, to guard from the
  bug that a bailout case results in bailing out of *all* data creation, which
  would make all skipping tests in the same file useless.

BUG=v8:5516

Change-Id: I4324749a5ec602fa5d7dc27647ade0284a6842fe
Reviewed-on: https://chromium-review.googlesource.com/599849
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47170}

2017-08-04 18:22:32 +00:00

3 Commits