AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
fddcf5a675
v8/test/mjsunit/regress/wasm
History
Clemens Hammacher 16af1baac4 [Liftoff] Zero-extend i32 stack parameters 
i32 stack parameters can be loaded by Turbofan as 64-bit value, hence
they would not be zero extended. If this loaded value is then passed to
Liftoff (which assumes zero-extended i32 values), we could use it for
memory accesses, which would be out of bounds.

R=mstarzinger@chromium.org

Bug: chromium:864509, v8:6600
Change-Id: I0f45a269b1fb1c2befc2e6bc660c559a88323767
Reviewed-on: https://chromium-review.googlesource.com/1140168
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54500}
2018-07-17 16:59:14 +00:00
..
loop-stack-check.js
regress-5531.js
regress-5800.js
regress-5860.js
regress-5884.js
regress-6054.js
regress-6164.js
regress-6931.js
regress-7033.js [Liftoff] Fix binop code generation bug 2017-11-06 11:45:44 +00:00
regress-7035.js [Liftoff] Fix register reuse in merge init 2017-11-06 17:35:07 +00:00
regress-7049.js [wasm] Mark C_WASM_ENTRY as no tagged_params 2017-11-08 12:55:17 +00:00
regress-7353.js [Liftoff] Fill registers as the right type 2018-01-23 11:45:15 +00:00
regress-7364.js [wasm] Reexported wasm functions should be identical to imports 2018-02-12 14:27:18 +00:00
regress-7366.js [Liftoff] Fix register spilling on stack transfer 2018-01-24 19:42:48 +00:00
regress-7422.js [Liftoff] Fix caller frame slots generated from stack values 2018-02-08 13:47:20 +00:00
regress-7499.js [Liftoff][ia32] Handle overflow in memory offset 2018-02-27 15:06:24 +00:00
regress-7508.js [Liftoff] Fix get_use_count for register pairs 2018-03-01 13:06:17 +00:00
regress-7565.js [Liftoff][x64] Fix and optimize spilling i64 constants 2018-03-16 11:05:11 +00:00
regress-7579.js [Liftoff] Fix stack slot overwrite 2018-03-21 15:38:39 +00:00
regress-7582.js [Liftoff] Fix conditional spilling 2018-03-22 18:45:17 +00:00
regress-7785.js [wasm] Avoid embedding {null} values in WasmCode. 2018-05-25 08:33:06 +00:00
regress-7914.js [wasm] Add regression test for issue 7914 2018-07-03 17:03:37 +00:00
regress-02256.js
regress-02256b.js
regress-02862.js
regress-643595.js
regress-644682.js
regress-647649.js
regress-648079.js
regress-651961.js
regress-654377.js
regress-663994.js
regress-666741.js
regress-667745.js
regress-670683.js
regress-674447.js
regress-680938.js
regress-684858.js
regress-688876.js
regress-689450.js
regress-694433.js
regress-698587.js
regress-699485.js
regress-702460.js
regress-702839.js
regress-703568.js
regress-708714.js
regress-709684.js
regress-710844.js
regress-711203.js
regress-712569.js
regress-715216a.js
regress-715216b.js
regress-717056.js
regress-717194.js
regress-719175.js
regress-722445.js
regress-724846.js
regress-724851.js
regress-724972.js
regress-727219.js
regress-727222.js
regress-727560.js
regress-729991.js
regress-731351.js
regress-734108.js
regress-734246.js
regress-734345.js
regress-736584.js
regress-737069.js
regress-739768.js
regress-752423.js
regress-753496.js
regress-757217.js
regress-763439.js
regress-763697.js
regress-766003.js
regress-769637.js [wasm] Rename regression test to follow convention 2018-04-09 20:45:22 +00:00
regress-769846.js
regress-771243.js
regress-772332.js
regress-775366.js
regress-775710.js
regress-776677.js
regress-778917.js
regress-782280.js Reland "[Liftoff] Implement parallel register moves" 2017-11-10 12:18:08 +00:00
regress-784050.js [Liftoff] Don't force unrelated stack slots into registers 2017-11-16 17:34:17 +00:00
regress-789952.js Reland "[wasm] Gracefully handle malformed custom sections in WebAssembly.Module.customSections()." 2017-12-01 14:39:57 +00:00
regress-791810.js [Liftoff] Fix cache state initialization 2017-12-07 10:51:46 +00:00
regress-793551.js [Liftoff] Fix redundant register moves 2017-12-11 13:47:02 +00:00
regress-797846.js [d8] Run the message loop in the same RealmScope as the script 2018-01-09 13:51:41 +00:00
regress-799952.js [wasm] Add missing WebAssembly.instantiate regression test. 2018-05-29 10:37:32 +00:00
regress-800756.js [Liftoff] Fix i32.eqz on ia32 2018-01-11 14:55:24 +00:00
regress-801785.js [wasm] Fix printing of reloc info on the native heap 2018-01-22 13:49:21 +00:00
regress-801850.js [wasm] Fix serialization of empty modules. 2018-01-15 14:25:18 +00:00
regress-802244.js [Liftoff] Fix registers spilling 2018-01-17 09:41:04 +00:00
regress-803427.js [wasm] Remove {NativeModule::lazy_builtin} field. 2018-01-22 17:27:15 +00:00
regress-803788.js [wasm] Fix lazy compilation with native-heap code. 2018-01-22 13:11:11 +00:00
regress-808012.js [wasm] Ensure WasmCode always has protected instructions. 2018-02-05 22:01:56 +00:00
regress-808848.js [test] Remove eval string confusing the fuzzer. 2018-07-13 10:07:22 +00:00
regress-808980.js [wasm] Set wasm_compiled_module for script of deserialized module 2018-02-05 16:48:00 +00:00
regress-810973.js [asm.js] Enforce maximum number of parameters for asm.js. 2018-02-12 19:42:12 +00:00
regress-812005.js [Liftoff] Fix result type of f64 binops 2018-02-19 16:12:30 +00:00
regress-816226.js [typed arrays] GetBuffer returns old buffer for guarded buffers 2018-02-27 20:36:54 +00:00
regress-817380.js [wasm] Fix DCHECK for lazy compilation 2018-03-02 09:48:11 +00:00
regress-819869.js [wasm] Avoid integer overflow on function locals check 2018-03-08 17:00:55 +00:00
regress-820802.js [Liftoff] Fix stack pointer corruption 2018-03-14 08:13:12 +00:00
regress-824681.js [wasm] Fix deadlock on async compilation 2018-03-22 11:57:21 +00:00
regress-825087a.js [wasm] clear is_wasm_memory flag when neutering ArrayBuffers 2018-03-24 00:30:23 +00:00
regress-825087b.js [wasm] clear is_wasm_memory flag when neutering ArrayBuffers 2018-03-24 00:30:23 +00:00
regress-827806.js [wasm] Add regression test for chromium:827806 2018-04-05 18:49:23 +00:00
regress-831463.js [wasm][interpreter] Check signature before getting code 2018-04-11 09:52:19 +00:00
regress-834619.js [wasm] Fix target instance for indirect calls to imports 2018-04-27 08:27:56 +00:00
regress-834624.js [wasm][interpreter] Clear thread in wasm flag on exceptional return 2018-04-30 17:13:19 +00:00
regress-834693.js [wasm] Register trap handler data for lazily compiled functions 2018-04-23 18:30:24 +00:00
regress-836141.js [wasm] Do an additional IsWasmModuleObject check during instantiation 2018-04-27 17:34:05 +00:00
regress-837417.js [wasm] Reimplement WebAssembly.instantiate without desugaring 2018-05-24 22:15:52 +00:00
regress-840757.js Reland "Fix SourcePositionInfo for wasm" 2018-05-09 16:39:55 +00:00
regress-842501.js [turbofan] Binop Instructions can have up to 5 input operands 2018-05-14 10:38:47 +00:00
regress-843563.js [wasm] Call imports via import table in js-to-wasm wrappers 2018-05-18 12:56:26 +00:00
regress-853453.js [wasm] Catch invalid flags correctly 2018-06-22 15:06:39 +00:00
regress-854011.js [Liftoff][arm64] Fix i64 constants passed via stack 2018-07-03 17:04:49 +00:00
regress-854050.js Reland "[Liftoff] Fix register use count" 2018-06-22 17:41:21 +00:00
regress-864509.js [Liftoff] Zero-extend i32 stack parameters 2018-07-17 16:59:14 +00:00