diff options
Diffstat (limited to 'deps/v8/src/runtime/runtime-internal.cc')
-rw-r--r-- | deps/v8/src/runtime/runtime-internal.cc | 44 |
1 files changed, 39 insertions, 5 deletions
diff --git a/deps/v8/src/runtime/runtime-internal.cc b/deps/v8/src/runtime/runtime-internal.cc index 21b1b1ef7c..4b8a0e38a1 100644 --- a/deps/v8/src/runtime/runtime-internal.cc +++ b/deps/v8/src/runtime/runtime-internal.cc @@ -8,11 +8,11 @@ #include "src/ast/ast-traversal-visitor.h" #include "src/ast/prettyprinter.h" #include "src/builtins/builtins.h" +#include "src/common/message-template.h" #include "src/debug/debug.h" #include "src/execution/arguments-inl.h" #include "src/execution/frames-inl.h" #include "src/execution/isolate-inl.h" -#include "src/execution/message-template.h" #include "src/init/bootstrapper.h" #include "src/logging/counters.h" #include "src/numbers/conversions.h" @@ -94,6 +94,22 @@ RUNTIME_FUNCTION(Runtime_ThrowSymbolAsyncIteratorInvalid) { THROW_NEW_ERROR_RETURN_FAILURE(isolate, call(message_id, arg0, arg1, arg2)); RUNTIME_FUNCTION(Runtime_ThrowRangeError) { + if (FLAG_correctness_fuzzer_suppressions) { + DCHECK_LE(1, args.length()); + CONVERT_SMI_ARG_CHECKED(message_id_smi, 0); + + // If the result of a BigInt computation is truncated to 64 bit, Turbofan + // can sometimes truncate intermediate results already, which can prevent + // those from exceeding the maximum length, effectively preventing a + // RangeError from being thrown. As this is a performance optimization, this + // behavior is accepted. To prevent the correctness fuzzer from detecting + // this difference, we crash the program. + if (MessageTemplateFromInt(message_id_smi) == + MessageTemplate::kBigIntTooBig) { + FATAL("Aborting on invalid BigInt length"); + } + } + THROW_ERROR(isolate, args, NewRangeError); } @@ -287,13 +303,25 @@ RUNTIME_FUNCTION(Runtime_BytecodeBudgetInterrupt) { RUNTIME_FUNCTION(Runtime_AllocateInYoungGeneration) { HandleScope scope(isolate); - DCHECK_EQ(1, args.length()); + DCHECK_EQ(2, args.length()); CONVERT_SMI_ARG_CHECKED(size, 0); + CONVERT_SMI_ARG_CHECKED(flags, 1); + bool double_align = AllocateDoubleAlignFlag::decode(flags); + bool allow_large_object_allocation = + AllowLargeObjectAllocationFlag::decode(flags); CHECK(IsAligned(size, kTaggedSize)); CHECK_GT(size, 0); CHECK(FLAG_young_generation_large_objects || size <= kMaxRegularHeapObjectSize); - return *isolate->factory()->NewFillerObject(size, false, + if (!allow_large_object_allocation) { + CHECK(size <= kMaxRegularHeapObjectSize); + } + + // TODO(v8:9472): Until double-aligned allocation is fixed for new-space + // allocations, don't request it. + double_align = false; + + return *isolate->factory()->NewFillerObject(size, double_align, AllocationType::kYoung); } @@ -302,9 +330,14 @@ RUNTIME_FUNCTION(Runtime_AllocateInOldGeneration) { DCHECK_EQ(2, args.length()); CONVERT_SMI_ARG_CHECKED(size, 0); CONVERT_SMI_ARG_CHECKED(flags, 1); + bool double_align = AllocateDoubleAlignFlag::decode(flags); + bool allow_large_object_allocation = + AllowLargeObjectAllocationFlag::decode(flags); CHECK(IsAligned(size, kTaggedSize)); CHECK_GT(size, 0); - bool double_align = AllocateDoubleAlignFlag::decode(flags); + if (!allow_large_object_allocation) { + CHECK(size <= kMaxRegularHeapObjectSize); + } return *isolate->factory()->NewFillerObject(size, double_align, AllocationType::kOld); } @@ -695,7 +728,8 @@ RUNTIME_FUNCTION(Runtime_GetTemplateObject) { CONVERT_ARG_HANDLE_CHECKED(SharedFunctionInfo, shared_info, 1); CONVERT_SMI_ARG_CHECKED(slot_id, 2); - Handle<Context> native_context(isolate->context().native_context(), isolate); + Handle<NativeContext> native_context(isolate->context().native_context(), + isolate); return *TemplateObjectDescription::GetTemplateObject( isolate, native_context, description, shared_info, slot_id); } |