AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
7e0f961e4d
v8/test
History
Simon Zünd 7e0f961e4d [deoptimizer] Handle continuation frames that are not preceded by adapter frames 
This CL teaches the deoptimizer about JavaScriptBuiltinContinuation
frames that are not preceded by argument adapter frames. This pattern
is used when calling C++ API functions from TurboFan.

This CL fixes a crash when the deoptimizer encounters the pattern
described above. The crash was caused when the deoptimizer tried to
read the arguments of the continuation frame. As no adapter frame
was present, the argument count was read from the SharedFunctionInfo
which had the kDontAdaptArgumentsSentinel value. This translated to
an argument count of ~65000 later down the line, which caused a
FATAL error when the deoptimizer tried to re-construct ~65000
non-existent values.

Bug: chromium:980529
Change-Id: Id2de3bf7607102ab5a16de344c649015e968b185
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687417
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62547}
2019-07-08 08:39:04 +00:00
..
benchmarks [test] Skip flaky test on predictable mode 2019-05-07 13:57:18 +00:00
cctest [turbofan] Disentangle header include chains 2019-07-05 14:26:05 +00:00
common [turbofan] Disentangle header include chains 2019-07-05 14:26:05 +00:00
debugger [debugger] Fix debug-evaluate for context-allocated this. 2019-07-05 12:14:35 +00:00
fuzzer [cleanup] Drop some occurrences of Isolate::Current 2019-06-26 19:39:21 +00:00
inspector [stack-trace] Separate stack-trace symbolization and serialization 2019-07-04 07:34:53 +00:00
intl Roll icu and fix tests 2019-07-02 06:39:21 +00:00
js-perf-test [IC] Add calls micro-benchmark tests 2019-07-04 14:26:09 +00:00
memory [owners] Remove redundant OWNERS files in test/ 2019-06-24 12:44:32 +00:00
message [test] Fix {assertNotSame} in mjsunit test harness. 2019-07-03 15:20:57 +00:00
mjsunit [deoptimizer] Handle continuation frames that are not preceded by adapter frames 2019-07-08 08:39:04 +00:00
mkgrokdump [roheap] Move read_only_heap() from heap to isolate 2019-07-05 14:25:00 +00:00
mozilla Reland "[array] Move Array#sort pre-processing to Torque" 2019-05-24 12:13:17 +00:00
preparser Add OWNERS files for src and test 2019-05-30 04:51:21 +00:00
test262 Revert "Reland "Let all early errors be SyntaxErrors."" 2019-07-03 12:47:41 +00:00
torque [torque] Support 'real' internal classes 2019-06-21 16:09:28 +00:00
unittests [turbofan] Disentangle header include chains 2019-07-05 14:26:05 +00:00
wasm-api-tests [wasm-c-api] Add finalization test 2019-07-03 12:02:47 +00:00
wasm-js [testrunner] generalize test loader to accept multiple extensions 2019-06-25 12:12:11 +00:00
wasm-spec-tests [wasm] Update spec tests 2019-05-22 14:58:45 +00:00
webkit Revert "Reland "Let all early errors be SyntaxErrors."" 2019-07-03 12:47:41 +00:00
BUILD.gn [wasm-c-api] Add tests and fixes 2019-05-28 09:57:04 +00:00
OWNERS [owners] Make test/ owned by COMMON_OWNERS 2019-06-06 20:56:09 +00:00