Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(87)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2348293002: [crankshaft] Protect against deopt loops from string length overflows. (Closed)

Created:
4 years, 3 months ago by Benedikt Meurer
Modified:
4 years, 3 months ago
CC:
v8-reviews_googlegroups.com, Hannes Payer (out of office), ulan
Target Ref:
refs/pending/heads/master
Project:
v8
Visibility:
Public.

Description

[crankshaft] Protect against deopt loops from string length overflows. Crankshaft just unconditionally deoptimizes the code when the length of a string addition result would overflow. In order to protect against deopt loops we insert a global protector cell. We will use the same mechanism for inlining certain string additions into TurboFan as well, and protecting against overflow (we will also extend this to deal with String.prototype.concat and friends once we get there). BUG=v8:5404 R=jarin@chromium.org,hpayer@chromium.org CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux64_msan_rel Committed: https://crrev.com/cb19257a926a55209a6d6858ce26d51a0447ba71 Committed: https://crrev.com/d86038db25064fb40fbce6fc3b2fb67831f9e7b1 Cr-Original-Commit-Position: refs/heads/master@{#39511} Cr-Commit-Position: refs/heads/master@{#39525}

Patch Set 1 #

Patch Set 2 : Fix MSAN #

Unified diffs Side-by-side diffs Delta from patch set Stats (+52 lines, -14 lines) Patch
M src/crankshaft/hydrogen.h View 2 chunks +8 lines, -0 lines 0 comments Download
M src/crankshaft/hydrogen.cc View 1 3 chunks +3 lines, -1 line 0 comments Download
M src/factory.h View 1 chunk +1 line, -3 lines 0 comments Download
M src/factory.cc View 1 chunk +7 lines, -0 lines 0 comments Download
M src/heap/heap.h View 1 chunk +1 line, -0 lines 0 comments Download
M src/heap/heap.cc View 1 chunk +4 lines, -0 lines 0 comments Download
M src/isolate.h View 2 chunks +2 lines, -0 lines 0 comments Download
M src/isolate.cc View 1 chunk +9 lines, -0 lines 0 comments Download
M src/isolate-inl.h View 1 chunk +5 lines, -0 lines 0 comments Download
M src/runtime/runtime-internal.cc View 1 chunk +1 line, -2 lines 0 comments Download
A + test/mjsunit/regress/regress-5404.js View 1 chunk +11 lines, -8 lines 0 comments Download

Messages

Total messages: 22 (12 generated)
Benedikt Meurer
4 years, 3 months ago (2016-09-19 13:42:51 UTC) #1
Hannes Payer (out of office)
lgtm
4 years, 3 months ago (2016-09-19 14:07:35 UTC) #4
Jarin
lgtm
4 years, 3 months ago (2016-09-19 15:01:15 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2348293002/1
4 years, 3 months ago (2016-09-19 18:48:40 UTC) #9
commit-bot: I haz the power
Committed patchset #1 (id:1)
4 years, 3 months ago (2016-09-19 18:53:00 UTC) #10
commit-bot: I haz the power
Patchset 1 (id:??) landed as https://crrev.com/cb19257a926a55209a6d6858ce26d51a0447ba71 Cr-Commit-Position: refs/heads/master@{#39511}
4 years, 3 months ago (2016-09-19 21:01:40 UTC) #12
Michael Achenbach
A revert of this CL (patchset #1 id:1) has been created in https://codereview.chromium.org/2357433002/ by machenbach@chromium.org. ...
4 years, 3 months ago (2016-09-19 21:49:29 UTC) #13
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2348293002/20001
4 years, 3 months ago (2016-09-20 05:13:12 UTC) #18
commit-bot: I haz the power
Committed patchset #2 (id:20001)
4 years, 3 months ago (2016-09-20 05:58:46 UTC) #20
commit-bot: I haz the power
4 years, 3 months ago (2016-09-20 05:59:47 UTC) #22
Message was sent while issue was closed. 
Patchset 2 (id:??) landed as
https://crrev.com/d86038db25064fb40fbce6fc3b2fb67831f9e7b1
Cr-Commit-Position: refs/heads/master@{#39525}

Powered by Google App Engine
This is Rietveld 408576698