AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
28,814 Commits 1 Branch 0 Tags 839 MiB
C++ 67.6%
JavaScript 30.1%
Python 1.2%
C 0.3%
TypeScript 0.3%
Other 0.4%
58ab990aa8
Go to file
bmeurer 58ab990aa8 [turbofan] Bailout if LoadBuffer typing assumption doesn't hold. 
The LoadBuffer operator that is used for asm.js heap access claims to
return only the appropriate typed array type, but out of bounds access
could make it return undefined. So far we tried to "repair" the graph
later if we see that our assumption was wrong, and for various reasons
that worked for some time. But now that wrong type information that is
propagated earlier is picked up appropriately and thus we generate wrong
code, i.e. we in the repro case we feed NaN into ChangeFloat64Uint32 and
thus get 2147483648 instead of 0 (with proper JS truncation).

This was always considered a temporary hack until we have a proper
asm.js pipeline, but since we still run asm.js through the generic
JavaScript pipeline, we have to address this now. Quickfix is to just
bailout from the pipeline when we see that the LoadBuffer type was
wrong, i.e. the result of LoadBuffer is not properly truncated and thus
undefined or NaN would be observable.

R=mstarzinger@chromium.org, jarin@chromium.org
BUG=chromium:589792
LOG=y

Review URL: https://codereview.chromium.org/1740123002

Cr-Commit-Position: refs/heads/master@{#34322}
2016-02-26 11:06:30 +00:00
benchmarks Revert "Refactoring: Make gtest testsuite the default." 2014-09-02 09:17:26 +00:00
build [Swarming] Switch off test isolation check by default. 2016-02-25 12:55:41 +00:00
docs [Docs] Removed unused docs because they are moved to GitHub 2015-11-19 10:23:30 +00:00
include Introduce MicrotasksCompletedCallback. 2016-02-25 19:49:53 +00:00
infra [cq] Update configuration. 2016-02-12 14:29:27 +00:00
samples Disable soon to be deprecated APIs per default for v8 2015-12-09 10:35:04 +00:00
src [turbofan] Bailout if LoadBuffer typing assumption doesn't hold. 2016-02-26 11:06:30 +00:00
test [turbofan] Bailout if LoadBuffer typing assumption doesn't hold. 2016-02-26 11:06:30 +00:00
testing Converted V8 CQ config to proto-format 2015-05-28 15:02:53 +00:00
third_party/binutils Update binutils version. 2015-08-07 08:09:49 +00:00
tools [Interpreter] Add support for cpu profiler logging. 2016-02-26 11:04:55 +00:00
.clang-format [formatting] Remove the formatting requirement for 2 empty lines between declarations. 2016-01-25 09:50:17 +00:00
.gitignore [Swarming] Speed up test262 upload/download. 2016-02-19 14:41:29 +00:00
.ycm_extra_conf.py [ycm] The YouCompleteMe configuration is not VIM specific. 2015-02-12 07:21:13 +00:00
AUTHORS Optimize JSON stringifying when replacer and space are falsey. 2016-02-20 07:55:57 +00:00
BUILD.gn Reland "Replace slots buffer with remembered set. (patchset #14 id:250001 of https://codereview.chromium.org/1703823002/ )" 2016-02-25 17:29:22 +00:00
ChangeLog [Release] Update ChangeLog file 2016-02-17 21:29:09 +00:00
codereview.settings Use v8-reviews@ for review mail, so v8-dev@ is free for dev discussions 2015-09-09 08:14:11 +00:00
DEPS Revert of Test262 roll, 2016-2-23 (patchset #2 id:20001 of https://codereview.chromium.org/1738033002/ ) 2016-02-26 05:25:51 +00:00
LICENSE Updates to the license information of third party components. 2015-06-16 12:37:50 +00:00
LICENSE.strongtalk Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
LICENSE.v8 Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
LICENSE.valgrind Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
Makefile Add a library suitable for libfuzzer with a small unit test runner shell 2016-01-26 10:39:03 +00:00
Makefile.android Reland [android] Migrate more configs to gyp. 2015-06-26 12:04:09 +00:00
Makefile.nacl Use the pnacl-clang toolchain for (P)NaCL builds 2014-10-06 08:10:50 +00:00
OWNERS Update OWNERS file. 2015-07-16 11:37:51 +00:00
PRESUBMIT.py [cq] Automatically use the same bots for git cl try. 2016-01-14 11:15:16 +00:00
README.md [Docs] Removed unused docs because they are moved to GitHub 2015-11-19 10:23:30 +00:00
snapshot_toolchain.gni Map arm64 and mips64el -> x64 for mksnapshot 2015-12-16 15:17:37 +00:00
WATCHLISTS [Interpreter] Make InterpreterAssembler a subclass of CodeStubAssembler. 2016-02-10 16:39:32 +00:00

README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://github.com/v8/v8/wiki

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned on the V8 wiki.