commit | 5cb7468791489ae8517021b446b785ca1963b177 | [log] [tgz] |
---|---|---|
author | hans <hans@chromium.org> | Tue Mar 03 19:13:30 2015 -0800 |
committer | Torne (Richard Coles) <torne@google.com> | Wed May 27 18:44:14 2015 +0100 |
tree | 1d19688c879cfe0d4aa732b05e5373033c6d0531 | |
parent | b93c15fdb1adc488ef0b445eb8100981990a8843 [diff] |
Cherry-pick "ARM assembler: fix undefined behaviour in fits_shifter" It appears that some change to the toolchain and/or compiler flags in AOSP master has caused this UB to be a problem for webview, causing crashes in V8 on ARM (it wasn't an issue when using the L MR1 build config/toolchain). Cherrypick the trivial UB fix, which avoids the crashes. > Bit-shifts have undefined behaviour if the shift amount is greater > or equal to the width of the type. > > In this case the code would do imm32 >> 32 when rot == 0. > > A newer version of Clang unrolled the loop, optimized the first > iteration away, causing the test suite to fail with: > > # > # Fatal error in ../src/arm/assembler-arm.cc, line 1212 > # Check failed: !rn.is(ip). > # > > as well as crashing when running Chromium tests on Android (at least > we think this was the cause, see the bug). > > BUG=463436, 444089 > LOG=Y > > Review URL: https://codereview.chromium.org/979633002 > > Cr-Commit-Position: refs/heads/master@{#26974} (cherry picked from commit 721fdb56e0fc92c662c7d8b42be8a1d689c3b535) Bug: 20064008
V8 is Google's open source JavaScript engine.
V8 implements ECMAScript as specified in ECMA-262.
V8 is written in C++ and is used in Google Chrome, the open source browser from Google.
V8 can run standalone, or can be embedded into any C++ application.
V8 Project page: https://code.google.com/p/v8/
V8 Git repository: https://chromium.googlesource.com/v8/v8.git GitHub mirror: https://github.com/v8/v8-git-mirror
For fetching all branches, add the following into your remote configuration in .git/config
:
fetch = +refs/branch-heads/*:refs/remotes/branch-heads/* fetch = +refs/tags/*:refs/tags/*