v8/test
Jakob Gruber aecd84376c [compiler] Fix RegExpPrototypeTest reduction
This reduction relies on a known object layout of the regexp instance
in order to access the lastIndex field through a statically-determined
offset. Prior to this CL, we checked only for instance types, not for
the map, and thus it was possible to read garbage from either inside
or outside the current object.

Bug: chromium:1024758,v8:7779
Change-Id: I1eec8220797f443bdf3d05804e54f33b21fa2f00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924353
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65039}
2019-11-19 14:21:12 +00:00
..
benchmarks Remove 'embedded_builtins' variant 2019-10-22 12:58:02 +00:00
cctest [arm64] Intentionally corrupt the upper half of decompressed SMIs 2019-11-19 12:14:12 +00:00
common [codegen] Reduce kMinimalBufferSize and add kDefaultBufferSize 2019-11-14 15:05:31 +00:00
debugger [wasm] Support stepping into Wasm from Javascript 2019-11-18 19:59:32 +00:00
fuzzer [wasm] Remove one {NewNativeModule} method 2019-11-07 18:07:29 +00:00
inspector [wasm] Support stepping into Wasm from Javascript 2019-11-18 19:59:32 +00:00
intl [Intl] Prototype Intl.DisplayNames 2019-11-18 21:48:22 +00:00
js-perf-test [js-perf-tests] Adds performance tests for BigInt subtraction 2019-10-22 13:32:09 +00:00
memory [owners] Remove redundant OWNERS files in test/ 2019-06-24 12:44:32 +00:00
message V8 Wasm locations should always be based on byte offsets 2019-11-05 14:53:45 +00:00
mjsunit [compiler] Fix RegExpPrototypeTest reduction 2019-11-19 14:21:12 +00:00
mkgrokdump [heap] Enable Verify for RO_SPACE when it is shared 2019-11-04 09:55:45 +00:00
mozilla Un-marking tests that were marked SLOW due to TNodification 2019-11-04 13:30:30 +00:00
preparser Revert "Fix an error caused by a bug in Python < 2.7.9" 2019-11-17 17:46:51 +00:00
test262 [class] Remove local test262 private class field tests 2019-11-19 00:34:46 +00:00
torque [torque] fix formatting of union types 2019-10-24 10:05:25 +00:00
unittests [objects] rename kSize to kHeaderSize for JSObject subclasses 2019-11-18 15:17:52 +00:00
wasm-api-tests Remove 'embedded_builtins' variant 2019-10-22 12:58:02 +00:00
wasm-js [wasm] Update spec tests 2019-11-18 12:55:02 +00:00
wasm-spec-tests [wasm] Update spec tests 2019-11-18 12:55:02 +00:00
webkit [builtins] Port %TypedArray%.prototype.set to Torque 2019-11-06 12:51:21 +00:00
BUILD.gn Remove cctest dependency from v8_perf group 2019-10-31 14:09:29 +00:00
OWNERS Use relative paths to OWNERS files 2019-08-12 13:52:52 +00:00