AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
4c28563bd7
v8/test/inspector
History
Simon Zünd 4c28563bd7 Fix crash in JSPromise::Resolve when 'then' getter is terminating 
The crash scenario is as follows:
  1) Add a getter for 'then' to the Object prototype that is
     considered side-effecting.
  2) Evaluate a simple string using 'REPL' mode with side-effect checks
     enabled.
     Note: REPL mode is not strictly necessary, but it causes a 'then'
     lookup as the evaluation result is not a promise.
  3) Calling the 'then' getter causes a termination exception, due
     to the side-effect check. JSPromise::Resolve then tries to
     put the termination exception as the reject reason, which causes
     a CHECK failure.

The solution is to check for termination in the "abrupt completion"
case when 'then' was retrieved.

Bug: chromium:1140845
Change-Id: I72b644cd49355cea40f599fcbe80264e99ed7bd6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2501283
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70785}
2020-10-27 09:06:52 +00:00
..
console Reland 2 ScriptContext CLs 2020-01-22 15:40:06 +00:00
counters [DevTools] Re-implemented Profiler.getRuntimeCallStats. 2020-09-08 18:32:05 +00:00
cpu-profiler [testrunner] enable --wasm-generic-wrapper for nooptimization variant 2020-10-13 09:27:45 +00:00
debugger Reland "[debugger] Try to trigger pause-on-oom flakes with an extra printf" 2020-10-20 08:25:39 +00:00
heap-profiler heap-snapshot: Add detachedness field 2020-09-09 14:42:41 +00:00
runtime Fix crash in JSPromise::Resolve when 'then' getter is terminating 2020-10-27 09:06:52 +00:00
runtime-call-stats [DevTools] Re-implemented Profiler.getRuntimeCallStats. 2020-09-08 18:32:05 +00:00
sessions WIP: [parser] Fix arrow function name inferring 2019-01-08 08:10:03 +00:00
type-profiler [tests] Filter out non-existent methods in inspector tests 2020-01-17 12:21:29 +00:00
BUILD.gn [DevTools] Re-implemented Profiler.getRuntimeCallStats. 2020-09-08 18:32:05 +00:00
DEPS [inspector][roheap] Make inspector-test.cc compatible with shared ro-heap 2019-06-25 10:23:49 +00:00
DIR_METADATA Add DIR_METADATA files to v8. 2020-10-20 22:12:28 +00:00
inspector-test.cc DevTools: ensure binding is only exposed into the specified context 2020-10-01 15:24:25 +00:00
inspector.status Reland "[debugger] Try to trigger pause-on-oom flakes with an extra printf" 2020-10-20 08:25:39 +00:00
isolate-data.cc DevTools: ensure binding is only exposed into the specified context 2020-10-01 15:24:25 +00:00
isolate-data.h DevTools: ensure binding is only exposed into the specified context 2020-10-01 15:24:25 +00:00
json-parse-expected.txt [inspector] Refactor protocol-test.js 2017-05-19 00:35:45 +00:00
json-parse.js [inspector] Refactor protocol-test.js 2017-05-19 00:35:45 +00:00
OWNERS Add DIR_METADATA files to v8. 2020-10-20 22:12:28 +00:00
print-method-not-found-expected.txt [tests] Filter out non-existent methods in inspector tests 2020-01-17 12:21:29 +00:00
print-method-not-found.js [tests] Filter out non-existent methods in inspector tests 2020-01-17 12:21:29 +00:00
protocol-test.js [wasm][inspector][test] Print opcode names 2020-10-16 16:17:14 +00:00
task-runner.cc Reland "[inspector] Ensure progress of default task runners in inspector tests" 2020-08-14 12:26:28 +00:00
task-runner.h [iwyu] Add missing includes of <memory> for std::unique_ptr 2019-09-13 17:13:36 +00:00
testcfg.py [test] Load missing file to Android devices for inspector test suite 2020-07-21 14:11:11 +00:00
wasm-inspector-test.js [wasm][inspector][test] Print opcode names 2020-10-16 16:17:14 +00:00