Reviewers: Hannes Payer, Michael Achenbach,
Message:
Hi Hannes, hi Michael,
Here is the issue we discussed.
Thanks,
--Michael
Description:
We shouldn't throw under FLAG_debug_code, rather abort.
Throwing under FLAG_debug_code confuses the rest of our infrastructure
which expects a safe point at the site of call into the runtime
for throw. We were doing that to make a clusterfuzz test happy, but
the better solution is to assert/abort under debug_code, and prevent
clusterfuzz from fuzzing on internal APIs that crash on incorrect
values.
We'll need to alter the fuzzer to turn off fuzzing for:
string-natives.js
lithium/SeqStringSetChar.js
regress/regress-seqstrsetchar-ex3.js
regress/regress-seqstrsetchar-ex1.js
regress/regress-crbug-320922.js
So as to prevent the fuzzer from running
%_OneByteSeqStringSetChar() and
%_TwoByteSeqStringSetChar().
BUG=
Please review this at https://codereview.chromium.org/139903005/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files (+35, -117 lines):
D test/mjsunit/regress/regress-320948.js
M src/arm/full-codegen-arm.cc
M src/arm/macro-assembler-arm.cc
M src/ia32/full-codegen-ia32.cc
M src/ia32/macro-assembler-ia32.cc
M src/mips/full-codegen-mips.cc
M src/mips/macro-assembler-mips.cc
M src/x64/full-codegen-x64.cc
M src/x64/macro-assembler-x64.cc
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
