18b6362551
Loop headers in the interpreter would start a new basic block, which among other things would reset the liveness of that block. This meant that a loop created after dead code, without a check for whether the code is currently dead or not, would "resurrect" that block's liveness, making the inside of the loop live even though the loop itself is unreachable. This works fine, since the loop is still unreachable, but can breaks DCHECKs in bytecode liveness analysis for cases where a register is supposed to be initialised before the loop, in the dead code, and is then used inside the loop, in the resurrected code. Normally this wouldn't be a problem, since blocks are normally killed on the statement level and we check for deadness during statement iteration, but `foo() = x` introduces an expression-level block killer (being re-written to `foo[throw ReferenceError] = x`) and we don't check for deadness after assignment Lhs preparation. This does mean that we have to fix the InterpreterJumps test, to not try to jump into the middle of a loop (since this could revive the loop). This can only happen when manually creating bytecode, bytecode generated from JavaScript is always reducible. Bug: chromium:1230597 Change-Id: I8403ccdeae7e5450adf629026e2ca8a134c81877 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275557 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#77846} |
||
|---|---|---|
| .github | ||
| bazel | ||
| build_overrides | ||
| custom_deps | ||
| docs | ||
| gni | ||
| include | ||
| infra | ||
| samples | ||
| src | ||
| test | ||
| testing | ||
| third_party | ||
| tools | ||
| .bazelrc | ||
| .clang-format | ||
| .clang-tidy | ||
| .editorconfig | ||
| .flake8 | ||
| .git-blame-ignore-revs | ||
| .gitattributes | ||
| .gitignore | ||
| .gn | ||
| .mailmap | ||
| .vpython | ||
| .vpython3 | ||
| .ycm_extra_conf.py | ||
| AUTHORS | ||
| BUILD.bazel | ||
| BUILD.gn | ||
| CODE_OF_CONDUCT.md | ||
| codereview.settings | ||
| COMMON_OWNERS | ||
| DEPS | ||
| DIR_METADATA | ||
| ENG_REVIEW_OWNERS | ||
| INFRA_OWNERS | ||
| INTL_OWNERS | ||
| LICENSE | ||
| LICENSE.fdlibm | ||
| LICENSE.strongtalk | ||
| LICENSE.v8 | ||
| LOONG_OWNERS | ||
| MIPS_OWNERS | ||
| OWNERS | ||
| PPC_OWNERS | ||
| PRESUBMIT.py | ||
| README.md | ||
| RISCV_OWNERS | ||
| S390_OWNERS | ||
| WATCHLISTS | ||
| WORKSPACE | ||
V8 JavaScript Engine
V8 is Google's open source JavaScript engine.
V8 implements ECMAScript as specified in ECMA-262.
V8 is written in C++ and is used in Google Chrome, the open source browser from Google.
V8 can run standalone, or can be embedded into any C++ application.
V8 Project page: https://v8.dev/docs
Getting the Code
Checkout depot tools, and run
fetch v8
This will checkout V8 into the directory v8 and fetch all of its dependencies.
To stay up to date, run
git pull origin
gclient sync
For fetching all branches, add the following into your remote
configuration in .git/config:
fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
fetch = +refs/tags/*:refs/tags/*
Contributing
Please follow the instructions mentioned at v8.dev/docs/contribute.