Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
1522203004:
Fix invalid access to layout descriptor in Map::CopyInitialMap() (Closed)
|
Created:
5 years ago by miran.karic Modified:
4 years, 11 months ago Reviewers:
ivica.bogosavljevic, Igor Sheludko, Jakob Kummerow, balazs.kilvady, miran.karic, akos.palfi.imgtec, paul.l... CC:
v8-reviews_googlegroups.com Base URL:
https://chromium.googlesource.com/v8/v8.git@master Target Ref:
refs/pending/heads/master Project:
v8 Visibility:
Public. |
DescriptionFix invalid access to layout descriptor in Map::CopyInitialMap()
Fix invalid usage of layout_descriptor() function on 32-bit arch's,
which doesn't perform necessary checks. Test failure is observed only on
mips32 big-endian, and on mips32 little-endian as an alignment issue,
but the problem appears to be generic for all 32-bit arch's.
TEST=test/mjsunit/es6/classes-subclass-builtins.js
BUG=
Committed: https://crrev.com/291219dafab05f1de26aa39f917f179d8abe44dc
Cr-Commit-Position: refs/heads/master@{#32887}
Patch Set 1 #
Messages
Total messages: 25 (13 generated)
The CQ bit was checked by miran.karic@imgtec.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1522203004/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1522203004/1
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: No L-G-T-M from a valid reviewer yet. Only full committers are accepted. Even if an L-G-T-M may have been provided, it was from a non-committer, _not_ a full super star committer. See http://www.chromium.org/getting-involved/become-a-committer Note that this has nothing to do with OWNERS files.
paul.lind@imgtec.com changed reviewers: + miran.karic@imgtec.com - Miran.Karic@imgtec.com
preliminary LGTM to unblock CQ dry run.
paul.lind@imgtec.com changed reviewers: + ishell@chromium.org, jkummerow@chromium.org
Igor, can you PTAL? The problem was with https://codereview.chromium.org/1431593003, which uses layout_descriptor() even with FLAG_unbox_double_fields false.
lgtm. Thanks for fixing this!
The CQ bit was checked by miran.karic@imgtec.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1522203004/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1522203004/1
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
The CQ bit was unchecked by miran.karic@imgtec.com
The CQ bit was checked by miran.karic@imgtec.com
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1522203004/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1522203004/1
The CQ bit was unchecked by miran.karic@imgtec.com
The CQ bit was checked by miran.karic@imgtec.com
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1522203004/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1522203004/1
Message was sent while issue was closed.
Committed patchset #1 (id:1)
Message was sent while issue was closed.
Description was changed from ========== Fix invalid access to layout descriptor in Map::CopyInitialMap() Fix invalid usage of layout_descriptor() function on 32-bit arch's, which doesn't perform necessary checks. Test failure is observed only on mips32 big-endian, and on mips32 little-endian as an alignment issue, but the problem appears to be generic for all 32-bit arch's. TEST=test/mjsunit/es6/classes-subclass-builtins.js BUG= ========== to ========== Fix invalid access to layout descriptor in Map::CopyInitialMap() Fix invalid usage of layout_descriptor() function on 32-bit arch's, which doesn't perform necessary checks. Test failure is observed only on mips32 big-endian, and on mips32 little-endian as an alignment issue, but the problem appears to be generic for all 32-bit arch's. TEST=test/mjsunit/es6/classes-subclass-builtins.js BUG= Committed: https://crrev.com/291219dafab05f1de26aa39f917f179d8abe44dc Cr-Commit-Position: refs/heads/master@{#32887} ==========
Message was sent while issue was closed.
Patchset 1 (id:??) landed as https://crrev.com/291219dafab05f1de26aa39f917f179d8abe44dc Cr-Commit-Position: refs/heads/master@{#32887}
Message was sent while issue was closed.
Patchset #2 (id:20001) has been deleted |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
