PerformPromiseAll doesn't set iteratorRecord.[[Done]] to true if
Promise.resolve is not callable. This makes Promise.all call
IteratorClose.
BUG=v8:10452
Change-Id: Icbe17416a733f68ef09f1c610d715f544c2a3b8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2164789
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67416}
This reverts the changes made in
https://chromium-review.googlesource.com/c/v8/v8/+/1695465https://chromium-review.googlesource.com/c/v8/v8/+/1776078
We originally moved this protector to the native context to avoid
cross-native-context pollution of protector state. Ideally,
invalidating a protector in one NC should not affect any other NC.
But as it turns out, having the protector on the NC causes more
problems than it solves since all affected callers now need to find
the correct native context to check. Sometimes (e.g. in CSA regexp
builtins) it is possible to blindly check the current NC, but the
reasoning behind this optimization is tricky to understand.
Sometimes, fetching the correct NC is not possible due to access
restrictions. These implementation complexities outweigh the (unknown)
potential performance benefits.
In the future we should attempt to move away from the protector
concept for these kinds of checks.
Bug: chromium:1069964,v8:9463
Change-Id: I2cbb2ec7266282165dae5e4a6c8bdbda520c50a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2157382
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67415}
Due to lack of testing environment before, there are some bugs in the
implementations of wasm-simd on mips64 platform, this CL fix them
according to the test on Loongson 3A4000.
Change-Id: I59ab6315987fc94a06cf0bf23754f5c593879532
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2162416
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67413}
This changelist makes the GDB-stub actually execute GDB-remote commands, by
accessing the Wasm engine state. More precisely:
- class GdbServer registers DebugDelegates that receive debug notifications when
a new Wasm module is loaded, when execution suspends at a breakpoint or for an
unhandled exception.
- Since the GDB-remote commands arrive on a separate thread, all
queries from the debugger are transformed into Task objects, that are posted
into a TaskRunner that runs in the Isolate thread.
- class WasmModuleDebug contains the logic to retrieve the value of globals, locals, memory ranges from the
Wasm engine and to add/remove breakpoints.
Build with: v8_enable_wasm_gdb_remote_debugging = true
Run with: --wasm-gdb-remote
Test with: python tools\run-tests.py --outdir=out\debug_x64 debugging -j 1
Bug: chromium:1010467
Change-Id: I9703894620a027d3c920926db92e2ff809d84ab8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1941139
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#67412}
Port ab5470212e
Original Commit Message:
- Adds kFPReturnRegister0 for all platforms.
- Reworks linkage.cc to assign return registers to the proper
register type, using the new FP return register.
R=bbudge@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I549f408ff1d0eed604c7bd38518f31dadb5d01f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2168356
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#67410}
Extend the flag parameter with a bit that decides if the input should
be converted (-0 to 0, and a string to the array index it represents).
Instruct redundancy elimination to never replace x with CheckBounds(x)
when this CheckBounds is of the converting kind.
Bug: chromium:1070892, chromium:1071743
Change-Id: I3125a6e267d56dae6bf6cb2f5f52d27ef65d7c79
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2157365
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67408}
This relands commit 1a38573f9d.
The original change used a sequence of instruction in the test that
could not be scalar lowered properly.
Original change's description:
> [arm] Change fp_fixed registers to be allocatable registers
>
> fp_fixed1 and fp_fixed2 are used by the S8x16Shuffle operation. They
> need to be allocatable, so that they can be correctly marked as fixed
> and spilled as required. The previous value of fp_fixed2, d29, is not in
> the list of allocatable double registers, and not marked as fixed
> appropriately.
>
> One fix could be to extend the list of allocatable double registers, but
> there is a comment there saying that the list is kept even-length to
> make stack alignment easier. So rather than messing with that, we
> instead change what fp_fixed1 and fp_fixed2 is, since S8x16Shuffle is
> the only user, this is a simpler change.
>
> Bug: chromium:1070078
> Change-Id: Id7de9b256bad2cfb11b0f06b66eb80a48ff7827c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2161565
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67372}
Bug: chromium:1070078
Change-Id: I02bb4b3ad03817318cbd0ee706c5ef4f20c845ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165867
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67406}
This patch has the following improvement on v8.browsing_mobile:
- total-main-thread:duration improved by 1.7%
- js:duration improved by 1.3%
Change-Id: I1cdf2c181bfd991b67f31c5c2f32e3c2f909c67e
Bug: v8:9684, v8:10431
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2149433
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67405}
Rolling v8/third_party/depot_tools:
2b2aec6..dd2f620
The roller is blocked since a few weeks, but we need this roll now to
fix a depot_tools version mismatch between the presubmit bots on CQ and
on the waterfall.
R=zhin@chromium.orgTBR=machenbach@chromium.org,tmrts@chromium.org
NOTREECHECKS=true
Bug: chromium:1075618
Change-Id: Ib3e4b2ad4d79a1b35db1b320c7f7aa682b1eab90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2166198
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67404}
The category name changed in https://crrev.com/c/2159690 (in
depot_tools), hence presubmit tests start failing whenever someone
touches a file which still refers to the old category.
R=zhin@chromium.orgTBR=machenbach@chromium.org
No-Try: true
No-Tree-Checks: true
Change-Id: I62813a42d63e512d421c4fe94229d04a56056978
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165760
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67403}
This is a CL in a string of CLs that template SimplifiedLowering.
It is done with the purpose of decoupling the implementation in the
three phases that SimplifiedLowering has (Propagate, Retype, Lower).
Template lower(), retype() and propagate(). Remove phase_ since it is
not needed anymore.
Template methods that used the old version of lower() and similar:
* EnqueueInput
* SetOutput
* ProcessInput
* VisitLeaf
* VisitSelect
* VisitPhi
* VisitStateValues
* VisitFrameState
* VisitObjectState
Bug: v8:10424
Change-Id: Ic7c22104a77892303d825ad2d75e0eda56cca754
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135638
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67402}
The ScriptDetails passed into a compilation may include a source
mappping URL. We should make sure that this does not overwrite an
existing source mapping URL on a script object, which will have been
inferred from source (and will take priority).
Bug: chromium:1011762
Change-Id: I5591005f86087b635764be980e00db76ed2a826d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2126912
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67401}
This reverts commit 14ebea15a4.
Reason for revert: CountUsage() can't be called without a C entry frame.
Note this counter was never hooked up in chromium. Besides removing the
problematic CountUsage() call, this CL also makes the call path more
robust against similar future issues by adding {gc,handle,js} disallow
scopes.
Original change's description:
> Add counter to track `Date::getTimezoneOffset()`.
>
> Bug: chromium:915620
> Change-Id: I75579080098632639b125b2252b3ab9615c7ea95
> Reviewed-on: https://chromium-review.googlesource.com/c/1379876
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Mike West <mkwst@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58306}
TBR=yangguo@chromium.org,mkwst@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Tbr: ulan@chromium.org
Bug: chromium:915620,v8:10460
Change-Id: I2dd2e14947fe527de24ea644b4b33897f437a119
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165790
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67399}
V8 performs GC based on external memory limit. Additionally triggering
memory reducing GCs may be problematic for large heaps and increases
the chances of multiple V8 isolates performing GCs after
IsolateInBackgroundNotification.
Bug: chromium:1072746
Change-Id: I7649a176504803ba666e6367b008593bbcfe6312
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2159488
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67398}
This is a CL in a string of CLs that template SimplifiedLowering.
It is done with the purpose of decoupling the implementation in the
three phases that SimplifiedLowering has (Propagate, Retype, Lower).
Template VisitBinop (and Binop specific ones like
VisitSpeculativeInt32Binop), for which we need to template:
* VisitSpeculativeAdditiveOp
* VisitSpeculativeNumberModulus
* VisitCheckBounds
Bug: v8:10424
Change-Id: I51764cb2e9ea9c2aa14829888d352e1947be77b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135637
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67394}
This CL introduces a new XX1-Form instruction as well as
separates VX-Form instructions to be used for implementing
simd Splat:
- I32x4
- I8x16
- I16x8
Change-Id: If81bbc87b45993ba6fa3e0146dd34496e247dd50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165866
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#67393}
Add Nico, remove Ben and Jaro who left V8.
Change-Id: I6bee6f45e4933f286d8672114fdb5b89115172d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2167439
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67392}
This adds a test which I suspected would fail, but luckily it doesn't.
The idea is to catch a proper wasm exception in JS, then construct a new
exception, but set the catched exception as the prototype. My suspicion
was that we would still handle that new exception like a wasm exception,
since the `WasmExceptionGetTag` and `WasmExceptionGetValues` runtime
functions to a standard property lookup, which includes a prototype
walk.
Interestingly, the prototype walk is already skipped automatically when
loading private symbols, so the implementation already supports this
case correctly.
Let's still add this test to have coverage for this case.
R=jkummerow@chromium.orgCC=aheejin@chromium.org
Bug: v8:8091
Change-Id: Idf9944cf47f96cca38e9678e9200bf03a39ea126
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2167438
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67391}
This is a CL in a string of CLs that template SimplifiedLowering.
It is done with the purpose of decoupling the implementation in the
three phases that SimplifiedLowering has (Propagate, Retype, Lower).
Template:
* VisitInputs
* EnqueueInputs
* Finish ProcessRemainingInputs, which ends up templating some VistXXX
methods
Bug: v8:10424
Change-Id: I10a22ca9a2e472d3177e910c640507cab861846d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135636
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67390}
- Add template specialization for DataRange::get<bool> to avoid undefined behavior of the template DataRange::get<T> which uses memcpy to assign the result variable
Change-Id: I129773251c063ea6863c4b2318dbc18574588d99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165728
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67387}
This is the first in a string of CLs that template SimplifiedLowering.
It is done with the purpose of decoupling the implementation in the
three phases that SimplifiedLowering has (Propagate, Retype, Lower).
Template:
* VisitNodes
* SetOutput
* ProcessInput
* ProcessRemainingInputs
Bug: v8:10424
Change-Id: I2d55148f5a4aafae5ec54d58a6690fc755806340
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2126916
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67385}
The call sequence for snapshot creation is quite involved. Details
should not be exposed outside src/snapshot. This CL pulls more details
of snapshot creation into Snapshot::Create, which is intended to be the
single chokepoint for API, tests, and other internal use.
Bug: v8:10416,chromium:1043058
Change-Id: I610293b5f70fec12e5513e5f803b5dd9118fd3b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2150589
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67384}
Intl.DisplayNames was shipped in m81 and we now can remove the flag.
https://www.chromestatus.com/features/4965112605573120
Bug: v8:8703
Change-Id: Ib65d787c1871aa1da38a22fdb9e369c680c7d2c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2163820
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67382}
This reverts commit ff22ae80e2.
Reason for revert: new test fails on UBSAN
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/10831
Original change's description:
> [turbofan][csa] optimize Smi untagging better
>
> - Introduce new operator variants for signed right-shifts with the
> additional information that they always shift out zeros.
> - Use these new operators for Smi untagging.
> - Merge left-shifts with a preceding Smi-untagging shift.
> - Optimize comparisons of Smi-untagging shifts to operate on the
> unshifted word.
> - Optimize 64bit comparisons of values expanded from 32bit to use
> a 32bit comparison instead.
> - Change CodeStubAssembler::UntagSmi to first sign-extend and then
> right-shift to enable better address computations for Smi indices.
>
> Bug: v8:9962
> Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67378}
TBR=neis@chromium.org,tebbi@chromium.org
Change-Id: I2617d7a44e5ae33fd79322d37c8b722c00162d22
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9962
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165873
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67380}
- Introduce new operator variants for signed right-shifts with the
additional information that they always shift out zeros.
- Use these new operators for Smi untagging.
- Merge left-shifts with a preceding Smi-untagging shift.
- Optimize comparisons of Smi-untagging shifts to operate on the
unshifted word.
- Optimize 64bit comparisons of values expanded from 32bit to use
a 32bit comparison instead.
- Change CodeStubAssembler::UntagSmi to first sign-extend and then
right-shift to enable better address computations for Smi indices.
Bug: v8:9962
Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67378}
This reverts commit 390ed4b934.
Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux/36714?
Original change's description:
> [arm] Change fp_fixed registers to be allocatable registers
>
> fp_fixed1 and fp_fixed2 are used by the S8x16Shuffle operation. They
> need to be allocatable, so that they can be correctly marked as fixed
> and spilled as required. The previous value of fp_fixed2, d29, is not in
> the list of allocatable double registers, and not marked as fixed
> appropriately.
>
> One fix could be to extend the list of allocatable double registers, but
> there is a comment there saying that the list is kept even-length to
> make stack alignment easier. So rather than messing with that, we
> instead change what fp_fixed1 and fp_fixed2 is, since S8x16Shuffle is
> the only user, this is a simpler change.
>
> Bug: chromium:1070078
> Change-Id: Id7de9b256bad2cfb11b0f06b66eb80a48ff7827c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2161565
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67372}
TBR=gdeepti@chromium.org,zhin@chromium.org,thibaudm@chromium.org
Change-Id: I00b4b34771b5832cc3d5fe6eac7aac506ec82d50
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1070078
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165865
Reviewed-by: Francis McCabe <fgm@chromium.org>
Commit-Queue: Francis McCabe <fgm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67375}
We change a bunch of static_cast to a cleaner and shorter brace
initialization. I did not change every use of static_cast in the files,
just those that relate to SIMD, so as to not cause churn in the
diff/blame.
Change-Id: I7e90c1b81f09a1e7a3ae7c9825db4fdbd21db919
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2159737
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67373}
fp_fixed1 and fp_fixed2 are used by the S8x16Shuffle operation. They
need to be allocatable, so that they can be correctly marked as fixed
and spilled as required. The previous value of fp_fixed2, d29, is not in
the list of allocatable double registers, and not marked as fixed
appropriately.
One fix could be to extend the list of allocatable double registers, but
there is a comment there saying that the list is kept even-length to
make stack alignment easier. So rather than messing with that, we
instead change what fp_fixed1 and fp_fixed2 is, since S8x16Shuffle is
the only user, this is a simpler change.
Bug: chromium:1070078
Change-Id: Id7de9b256bad2cfb11b0f06b66eb80a48ff7827c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2161565
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67372}
If module bytes end in a prefix like 0xfc (numeric prefix), we read out
of bounds (pc + 1). So, if validate flag is set, check the length.
Bug: chromium:1073553
Change-Id: Ia9771419d01f2315723d19dd96630172b5a7a1f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2161404
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67370}
The impl works by posting up to NumberOfWorkerThreads() tasks
with CallOnWorkerThread().
Change-Id: I188ac57c9e5d6e3befdcc6f945fbf337dabe1d1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2130886
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Gabriel Charette <gab@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67368}
