AuroraMiddleware/v8 - v8 - Gitea: Git with a cup of tea

AuroraMiddleware/v8

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ross McIlroy	5b794a389b	[Test] Add PrepareForOptimization to some mjsunit tests. Bug: v8:8801, v8:8394 Change-Id: I6bb46ecafe1bd94adbf0409f13c9b2e558da0823 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1594558 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Auto-Submit: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Cr-Commit-Position: refs/heads/master@{#61200}	2019-05-03 13:32:32 +00:00
Caitlin Potter	d6efcbf022	[runtime] fix ClusterFuzz regressions (and remaining nits) in CloneObject Includes fixes for several ClusterFuzz regressions: 1) fix an invalid Handle-cast in ic.cc (chromium:866282) 2) fix for improper accounting of used/unused inobject fields, found by clusterfuzz (chromium:866357). 3) fix number of control outputs for the JSCloneObject operator to be used by IfSuccess and IfException nodes (chromium:866727). 4) fix property constness in out-of-object properties of fast-cloned object to be compatible with DCHECKs in StoreIC (chromium:866861). Also includes the fixups missing from the initial commit, and regression tests BUG=v8:7611, chromium:866282, chromium:866357, chromium:866727, chromium:866861 R=jkummerow@chromium.org, mvstanton@chromium.org TBR=rmcilroy@chromium.org Change-Id: I77220308482f16db2893c0dcebec36530d0f5540 Reviewed-on: https://chromium-review.googlesource.com/1146297 Commit-Queue: Caitlin Potter <caitp@igalia.com> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#54706}	2018-07-25 21:23:05 +00:00

Author

SHA1

Message

Date

Ross McIlroy

5b794a389b

[Test] Add PrepareForOptimization to some mjsunit tests.

Bug: v8:8801, v8:8394
Change-Id: I6bb46ecafe1bd94adbf0409f13c9b2e558da0823
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1594558
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61200}

2019-05-03 13:32:32 +00:00

Caitlin Potter

d6efcbf022

[runtime] fix ClusterFuzz regressions (and remaining nits) in CloneObject

Includes fixes for several ClusterFuzz regressions:

1) fix an invalid Handle-cast in ic.cc (chromium:866282)

2) fix for improper accounting of used/unused inobject
fields, found by clusterfuzz (chromium:866357).

3) fix number of control outputs for the JSCloneObject
operator to be used by IfSuccess and IfException nodes (chromium:866727).

4) fix property constness in out-of-object properties of fast-cloned
object to be compatible with DCHECKs in StoreIC (chromium:866861).

Also includes the fixups missing from the initial commit, and
regression tests

BUG=v8:7611, chromium:866282, chromium:866357, chromium:866727, chromium:866861
R=jkummerow@chromium.org, mvstanton@chromium.org
TBR=rmcilroy@chromium.org

Change-Id: I77220308482f16db2893c0dcebec36530d0f5540
Reviewed-on: https://chromium-review.googlesource.com/1146297
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54706}

2018-07-25 21:23:05 +00:00

2 Commits