Fix Heap-use-after-free READ 2 in Intl.Segmenter
when the segments got free during the iteration
We need to keep a copy of the string in the iterator instead
of depending on the one referenced from the segments.
Bug: chromium:1121156, v8:6891
Change-Id: I26ef5baccaa470dc1bd8cc229c737f556d27160e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2376173
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69575}
Fix containing() w/ n point to surrogate tail.
Bug: v8:6891
Change-Id: I4d7e4083ba409eecaefaf2ec5c67b7226bd7c97c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2348208
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69363}
The resolvedOptions of Intl.NumberFormat depends on the ICU's
skeleton. sffc change the output of the wildcard from + to *
in ICU67
(ac4540f8a4)
Change the v8 code to use * instead.
Bug: chromium:1108810
Change-Id: I8b0249a5bc4cc199f454c5070635100f68d1f48d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2318272
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69152}
https://tc39.es/proposal-intl-segmenter/
TC39 passed Intl.Segmenter to stage 3 in Jul 21.
This CL move our earlier prototype to the current spec.
Bug: v8:6891
Change-Id: I07234beed54f671c26bdbfb3983c5bc2fa5a29b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219413
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69080}
DateTimeFormat's fractionalSecondDigits shipped in M84, so we
can drop the --harmony_intl_dateformat_fractional_second_digits
flag now.
Bug: v8:10485
Change-Id: If7a1a8599722073d7382635219a6fb46cdc47474
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2311410
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69007}
Make locales and options required
and no default for type in options.
Bug: v8:10623
Change-Id: I5df065a95e82ecb3b8b036d1b4738f296aa7243f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2291617
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68854}
Sync the implementation with the latest version of https://github.com/tc39/ecma402/pull/347
Bug: v8:10692
Change-Id: I4e2144da9f770607b4d79e7ce32f079dd2eef54c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2290627
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68827}
There are at least three equivalence classes where this assertion
should not actually hold:
'\u0390\u1fd3', // ΐΐ
'\u03b0\u1fe3', // ΰΰ
'\ufb05\ufb06', // ſtst
Bug: v8:10591
Change-Id: I26cb43d2e67c54e689f1831ea13be46c73d5e92d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2231595
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68246}
The fix is in 630b884f84 not f2223961.
This reverts commit 464ee4b7ad.
Reason for revert: roll to 67.1 after the landing of the fix
Original change's description:
> Revert "Roll ICU from 65.1 to 67.1 (f2223961) & correct tests"
>
> This reverts commit e270b6d615.
>
> Reason for revert: V8 DEPS roll stuck https://crbug.com/v8/10567#c1
>
> Original change's description:
> > Roll ICU from 65.1 to 67.1 (f2223961) & correct tests
> >
> > Rolling to chrome/src is in
> > https://chromium-review.googlesource.com/c/chromium/src/+/2155530
> >
> > Since auto rolling stop after 3/24/2020 and the rolling will cause
> > change of test status, I get this cl ready (but not running trybot due
> > to 1074260) and plan to hand roll after the submission of 2155530.
> >
> > Bug: chromium:1064326, v8:9515, v8:10379, v8:10380, v8:10437
> > Change-Id: I19554f68cfdc5b717dfc7fc4b1222e9dc25b8d69
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2158486
> > Auto-Submit: Frank Tang <ftang@chromium.org>
> > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#67493}
>
> TBR=jkummerow@chromium.org,machenbach@chromium.org,jshin@chromium.org,ftang@chromium.org,syg@chromium.org
>
> # Not skipping CQ checks because original CL landed > 1 day ago.
>
> Bug: chromium:1064326, v8:9515, v8:10379, v8:10380, v8:10437
> Change-Id: I3f4233815ed7414f2cde3d4d996696575b5f6e3a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219334
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68051}
TBR=jkummerow@chromium.org,machenbach@chromium.org,jshin@chromium.org,zhin@chromium.org,ftang@chromium.org,syg@chromium.org
# Not skipping CQ checks because this is a reland.
Bug: chromium:1064326, v8:9515, v8:10379, v8:10380, v8:10437
Change-Id: I1de5eb36eff420482a12205682b153a2493d5249
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2220781
Reviewed-by: Frank Tang <ftang@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68160}
https://crrev.com/c/2072858 rewrote the implementation of non-unicode
ignore-case matches to comply with the JS spec in some corner
cases. It fixed character matches and character class matches.
We missed a similar bug in the implementation of back references. This
CL fixes that bug.
The main change is in regexp-macro-assembler.cc, where
CaseInsensitiveCompareUC16 is split into CaseInsensitiveCompareUnicode
(which has the same semantics as before) and
CaseInsensitiveCompareNonUnicode (which has the semantics described
here: https://tc39.es/ecma262/#sec-runtime-semantics-canonicalize-ch).
Most of the rest of the patch undoes https://crrev.com/c/2081816 to
once again make the unicode flag available to the macroassembler, so
that we can decide which helper function to call.
The testcase is a version of test/intl/regress-10248.js, modified to
test backreferences.
Bug: v8:10573
Change-Id: I70ef7d134d37f99b1f75a5eba17020e82d59f1b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219284
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68129}
This reverts commit e270b6d615.
Reason for revert: V8 DEPS roll stuck https://crbug.com/v8/10567#c1
Original change's description:
> Roll ICU from 65.1 to 67.1 (f2223961) & correct tests
>
> Rolling to chrome/src is in
> https://chromium-review.googlesource.com/c/chromium/src/+/2155530
>
> Since auto rolling stop after 3/24/2020 and the rolling will cause
> change of test status, I get this cl ready (but not running trybot due
> to 1074260) and plan to hand roll after the submission of 2155530.
>
> Bug: chromium:1064326, v8:9515, v8:10379, v8:10380, v8:10437
> Change-Id: I19554f68cfdc5b717dfc7fc4b1222e9dc25b8d69
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2158486
> Auto-Submit: Frank Tang <ftang@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67493}
TBR=jkummerow@chromium.org,machenbach@chromium.org,jshin@chromium.org,ftang@chromium.org,syg@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:1064326, v8:9515, v8:10379, v8:10380, v8:10437
Change-Id: I3f4233815ed7414f2cde3d4d996696575b5f6e3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219334
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68051}
The serializer currently cannot handle a heap state containing
arbitrary compiled Code objects. As a quick fix for the
--stress-snapshot d8 flag, we clear compiled data from the isolate
prior to the serialize-deserialize-verify pass.
With this change, mjsunit tests pass on x64.
The %SerializeDeserializeNow() runtime function would require more
work, since it is not possible to mutate the heap to this extent while
still preserving a runnable host context and isolate. We will need
another solution there.
Drive-by: Skip the stress_snapshot variant except for the mjsunit
suite.
Tbr: machenbach@chromium.org
Bug: v8:10493,v8:10416
Change-Id: Ie110da8b51613fcd69c7f391d3cf8589d6b04dd8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182429
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67585}
Rolling to chrome/src is in
https://chromium-review.googlesource.com/c/chromium/src/+/2155530
Since auto rolling stop after 3/24/2020 and the rolling will cause
change of test status, I get this cl ready (but not running trybot due
to 1074260) and plan to hand roll after the submission of 2155530.
Bug: chromium:1064326, v8:9515, v8:10379, v8:10380, v8:10437
Change-Id: I19554f68cfdc5b717dfc7fc4b1222e9dc25b8d69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2158486
Auto-Submit: Frank Tang <ftang@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67493}
Intl.DisplayNames was shipped in m81 and we now can remove the flag.
https://www.chromestatus.com/features/4965112605573120
Bug: v8:8703
Change-Id: Ib65d787c1871aa1da38a22fdb9e369c680c7d2c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2163820
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67382}
Pick handful of failure cases from
https://bugs.chromium.org/p/v8/issues/detail?id=10437
Mark the test fail
The bug should be fixed by ICU67.1 and will be landed soon.
Bug: v8:10437
Change-Id: Iac309dd48b2220da777c006c7a35fac24e454430
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2161510
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67345}
1. read and output into option after timeZoneName
2. Not output into resolvedOptions if dateStyle or timeStyle is presented.
3. Add unit test
Spec: https://github.com/tc39/ecma402/pull/347
Bug: v8:10438
Change-Id: Ie7fecdb5b6dc83dc9a6dfd8ced26679a4051c833
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2161509
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67344}
Use new API available in ICU65.1 so legacy locales won't be hidden.
Bug: v8:9312,chromium:968269
Change-Id: I6e44501249cdb863ff9b1ab858efdf8908380a82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2131373
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66957}
Only run the test when locale 'bn' is supported
Bug: v8:9100
Change-Id: I455d77a7fb7495f1f866211084cdb68fceb8c871
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2130069
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66956}
Non-unicode, case-insensitive regexps (e.g. /foo/i, not foo/iu) use a
case-folding algorithm that doesn't quite match the Unicode
definition. There are two places in irregexp that need to do
case-folding. Prior to this patch, neither of them quite matched the
spec (https://tc39.es/ecma262/#sec-runtime-semantics-canonicalize-ch).
This patch implements the "Canonicalize" algorithm in
src/regexp/special-case.h, and uses it in the relevant places. It
replaces special-case logic around upper-casing / ASCII characters
with the following approach:
1. For most characters, calling UnicodeSet::closeOver on a set
containing that character will produce the correct set of
case-insensitive matches.
2. For a small handful of characters (like the sharp S that prompted
this change), UnicodeSet::closeOver will include some characters
that should be omitted. For example, although closeOver('ß') =
"ßẞ", uppercase('ß') is "SS", so step 3.e means that 'ß'
canonicalizes to itself, and should not match 'ẞ'. In these cases,
we can skip the closeOver entirely, because it will never add an
equivalent character. These characters are in the IgnoreSet.
3. For an even smaller handful of characters, UnicodeSet::closeOver
will produce some characters that should be omitted, but also some
characters that should be included. For example, closeOver('k') =
"kKK" (lowercase k, uppercase K, U+212A KELVIN SIGN), but KELVIN
SIGN should not match either of the other two (step 3.g). To handle
this, we put such characters in the SpecialAddSet. In these cases,
we closeOver the original character, but filter out the results
that do not have the same canonical value.
The computation of IgnoreSet and SpecialAddSet happens at build time,
using the pre-existing gen-regexp-special-case.cc step.
R=jgruber@chromium.org
Bug: v8:10248
Change-Id: I00d48b180c83bb8e645cc59eda57b01eab134f0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2072858
Reviewed-by: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66641}
Fix the gc_stress problem in Original by moving the
NewStringFromAsciiChecked before the cast.
This is a reland of a872c393c6
Original change's description:
> [Intl] Fix RelativeTimeFormat fatal
>
> Intl.RelativeTimeFormat constructor crash while the locale or
> numberingSystem contains an "algorithmic" numberingSystem.
> Fix by fallback to the locale without the nu
>
> Bug: chromium:1041319
> Change-Id: Ica520e8dec6ace21264504274b92cb2c3d16286f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2055970
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#66276}
Bug: chromium:1041319
Change-Id: I97563c5dbac1842a4e740e2450070471ea2681a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2057761
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66315}
Intl.RelativeTimeFormat constructor crash while the locale or
numberingSystem contains an "algorithmic" numberingSystem.
Fix by fallback to the locale without the nu
Bug: chromium:1041319
Change-Id: Ica520e8dec6ace21264504274b92cb2c3d16286f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2055970
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66276}
Afer the getBestPattern, replace the HhKk by the hour cycle char.
Not fix formatRange yet.
Bug: v8:9930
Change-Id: I0833539ba308d4b2f58f20ae1a137f782a82fe49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1892126
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64691}
Remove unicode keyword/value "ca" and "nu" from
the resolvedOptions().locale, if it does not match
the option "calendar" / "numberingSystem".
Bug: v8:9887
Change-Id: Idabc7e266e8e5f847f919324a93e39df4df440c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1877708
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64663}