AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
39,250 Commits 1 Branch 0 Tags 839 MiB
C++ 67.6%
JavaScript 30.1%
Python 1.2%
C 0.3%
TypeScript 0.3%
Other 0.4%
ec772a4fd8
Go to file
Eric Holk ec772a4fd8 Restrict range for int64_t to immediate conversions 
The included test case illustrates the problem. It subtracts (16 << 27)
from another number. The Machine Operator Reducer would replace the
shift computation with 0x0000000080000000, and then change the subtract
to an add of -(0x0000000080000000), which is 0xffffffff80000000.
The instruction selector would determine that this value could be an
immediate, because it fits in 32 bits, so it would select the lea
instruction. Finally, the code generator would detect that the
immediate was less than 0, flip the sign and replace the add with a
subtract of 0x80000000. Because the x64 subtract instruction's
immediate field is 32 bits, the processor would interpret this as
0xffffffff80000000 instead of an unsigned value.

This change fixes the issue by making the CanBeImmediate check
explicitly compare against INT_MIN and INT_MAX. We disallow INT_MIN
as an immediate precisely because we cannot tell 0x0000000080000000
from 0xffffffff80000000 when truncated to 32 bits.

Bug: chromium:711203
Change-Id: Ie371b8ea290684a6bb723bae9c693a866f961850
Reviewed-on: https://chromium-review.googlesource.com/482448
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44758}
2017-04-20 21:03:31 +00:00
benchmarks Revert "Refactoring: Make gtest testsuite the default." 2014-09-02 09:17:26 +00:00
build_overrides Remove build_overrides/v8.gni. 2017-01-26 20:18:58 +00:00
docs [Docs] Removed unused docs because they are moved to GitHub 2015-11-19 10:23:30 +00:00
gni [build] Remove remaining disable-inspector options in GN 2017-04-05 17:59:07 +00:00
gypfiles Introduce mkgrokdump to update tools/v8heapconst.py. 2017-04-20 06:15:02 +00:00
include [modules] Allow resolve-callback to signal failure. 2017-04-19 18:28:09 +00:00
infra [cq] Get codereview coverage bot's experiment percentage back to 100 2017-04-11 15:04:39 +00:00
samples Reland of land "Turn libbase into a component" (patchset #1 id:1 of https://codereview.chromium.org/2396933002/ ) 2016-10-07 07:56:52 +00:00
src Restrict range for int64_t to immediate conversions 2017-04-20 21:03:31 +00:00
test Restrict range for int64_t to immediate conversions 2017-04-20 21:03:31 +00:00
testing Use GTEST_LANG_CXX11 in V8 2016-07-25 13:06:42 +00:00
third_party Adapt String::find method via StringUtil adapter. 2017-02-03 22:17:24 +00:00
tools [gm.py] Add support for building mkgrokdump 2017-04-20 19:37:09 +00:00
.clang-format [clang-format] Don't derive pointer alignment 2017-01-17 09:28:19 +00:00
.gitignore Revert "Reland "ARM64: Add NEON support"" 2017-04-15 10:27:17 +00:00
.gn [build] Add v8gen support for PPC/s390 architecture 2017-03-13 15:05:51 +00:00
.ycm_extra_conf.py Use C++11 / gnu++11, not 0x 2016-03-22 15:24:43 +00:00
AUTHORS Migrate Number constants and undefined to C++ 2017-02-27 08:20:45 +00:00
BUILD.gn [console] fast console.assert(true) 2017-04-20 17:17:18 +00:00
ChangeLog [Release] Update ChangeLog file 2016-02-17 21:29:09 +00:00
CODE_OF_CONDUCT.md Explicitly state that the Chromium Code of Conduct also applies to V8 2016-03-02 09:51:24 +00:00
codereview.settings Use v8-reviews@ for review mail, so v8-dev@ is free for dev discussions 2015-09-09 08:14:11 +00:00
DEPS Update V8 DEPS. 2017-04-20 06:14:51 +00:00
LICENSE Updates to the license information of third party components. 2015-06-16 12:37:50 +00:00
LICENSE.fdlibm Add LICENSE.fdlibm for all the fdlibm imported sources. 2016-06-09 07:17:03 +00:00
LICENSE.strongtalk Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
LICENSE.v8 Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
LICENSE.valgrind Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
Makefile Introduce mkgrokdump to update tools/v8heapconst.py. 2017-04-20 06:15:02 +00:00
Makefile.android [build] Fix d8-for-Android builds 2016-05-20 12:10:45 +00:00
OWNERS Update to OWNER files. 2017-03-21 10:01:16 +00:00
PRESUBMIT.py [test] Enforce tracker prefix for all BUG entries 2017-03-14 16:16:22 +00:00
README.md [Docs] Removed unused docs because they are moved to GitHub 2015-11-19 10:23:30 +00:00
snapshot_toolchain.gni Use clang for snapshot_toolchain by default, except on ChromeOS. 2016-08-23 14:04:27 +00:00
WATCHLISTS Add jbroman to WATCHLISTS for src/value-serializer.*. 2017-03-28 12:51:29 +00:00

README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://github.com/v8/v8/wiki

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned on the V8 wiki.