Google Git
Sign in
chromium / v8 / v8.git / e0644f3e0cb01d99058a959e7587b6e96665af0f
commite0644f3e0cb01d99058a959e7587b6e96665af0f[log] [tgz]
authorJakob Linke <jgruber@chromium.org>Wed Feb 08 10:53:39 2023
committerV8 LUCI CQ <v8-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Feb 08 13:07:27 2023
tree05ba821c111d5e78288288cc02cbb415c111d655
parent906d6166c9de653d9c6e5efe84e4a6531d8c61ae [diff]
[regexp] Fix stack iteration when -fomit-frame-pointer is enabled

.. and don't misuse CallCFunction by calling it recursively.

Even after the recent addition of the StackFrame::IRREGEXP marker,
iteration is still broken when -fomit-frame-pointer is set (because we
cannot reliably determine the caller_fp). We fix this by not setting
fast_c_call_caller_fp and fast_c_call_caller_pc from Irregexp code,
effectively skipping over Irregexp frames in stack iteration.

Note this also fixes a misuse of CallCFunction, which was never
intended to be called recursively. The original assumption was
'targets may not call back into JS, thus no reentrancy'; but this
didn't hold for Irregexp code, which itself can be called using
CallCFunction.

Fixed: v8:12670
Change-Id: I3891a866b79de77dc9a12d09e9d31caf89b25b00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4231973
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85731}
16 files changed
tree: 05ba821c111d5e78288288cc02cbb415c111d655
  1. .github/
  2. bazel/
  3. build_overrides/
  4. custom_deps/
  5. docs/
  6. gni/
  7. include/
  8. infra/
  9. samples/
  10. src/
  11. test/
  12. testing/
  13. third_party/
  14. tools/
  15. .bazelrc
  16. .clang-format
  17. .clang-tidy
  18. .editorconfig
  19. .flake8
  20. .git-blame-ignore-revs
  21. .gitattributes
  22. .gitignore
  23. .gn
  24. .mailmap
  25. .style.yapf
  26. .vpython3
  27. .ycm_extra_conf.py
  28. AUTHORS
  29. BUILD.bazel
  30. BUILD.gn
  31. CODE_OF_CONDUCT.md
  32. codereview.settings
  33. COMMON_OWNERS
  34. DEPS
  35. DIR_METADATA
  36. ENG_REVIEW_OWNERS
  37. INFRA_OWNERS
  38. INTL_OWNERS
  39. LICENSE
  40. LICENSE.fdlibm
  41. LICENSE.strongtalk
  42. LICENSE.v8
  43. LOONG_OWNERS
  44. MIPS_OWNERS
  45. OWNERS
  46. PPC_OWNERS
  47. PRESUBMIT.py
  48. README.md
  49. RISCV_OWNERS
  50. S390_OWNERS
  51. WATCHLISTS
  52. WORKSPACE
README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://v8.dev/docs

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned at v8.dev/docs/contribute.