New issue
Advanced search Search tips
Starred by 6 users

Issue metadata

Status: Assigned
Owner:
Cc:
HW: ----
NextAction: ----
OS: ----
Priority: 2
Type: Bug


Sign in to add a comment
link

Issue 3770: V8 is not UBSan-clean

Reported by svenpanne@chromium.org, Dec 18 2014

Issue description

This is a meta issue for tracking things that need to be done to make clang's -fsanitize=undefined happy. This flag can be split up into various finer-grained flags, see http://clang.llvm.org/docs/UsersManual.html#controlling-code-generation, and we need to tackle those step by step. As it is, we are only OK for -fsanitize=vptr.

2018 Update: Overview document of new Object classes: https://docs.google.com/document/d/1_w49sakC1XM1OptjTurBDqO86NE16FH8LwbeUAtrbCo/edit
 
Showing comments 33 - 132 of 132 Older

Comment 33 by bugdroid1@chromium.org, Oct 19

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/5c46c24de9f8a76e102027d1d647725e0353e283

commit 5c46c24de9f8a76e102027d1d647725e0353e283
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri Oct 19 00:30:52 2018

[ubsan] Use Address type inside of IdentityMap and HandleBase

This refactors the innards of HandleBase and IdentityMap
to use Address instead of Object*, as part of the quest
to get rid of Object* entirely.

Bug: v8:3770
Change-Id: I82bd9547ef0d208b1e42636792e21c9064af4cea
Reviewed-on: https://chromium-review.googlesource.com/c/1285396
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56797}
[modify] https://crrev.com/5c46c24de9f8a76e102027d1d647725e0353e283/src/address-map.h
[modify] https://crrev.com/5c46c24de9f8a76e102027d1d647725e0353e283/src/handles-inl.h
[modify] https://crrev.com/5c46c24de9f8a76e102027d1d647725e0353e283/src/handles.cc
[modify] https://crrev.com/5c46c24de9f8a76e102027d1d647725e0353e283/src/handles.h
[modify] https://crrev.com/5c46c24de9f8a76e102027d1d647725e0353e283/src/identity-map.cc
[modify] https://crrev.com/5c46c24de9f8a76e102027d1d647725e0353e283/src/identity-map.h
[modify] https://crrev.com/5c46c24de9f8a76e102027d1d647725e0353e283/test/cctest/test-identity-map.cc

Comment 34 by bugdroid1@chromium.org, Oct 19

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/747d71e14ec367e496998325cc7aed99014f2a3b

commit 747d71e14ec367e496998325cc7aed99014f2a3b
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri Oct 19 02:42:02 2018

[refactoring] Specify full type in ROOT_LIST

Instead of putting "Foo" as type into the list macro, and
then extending to "type*" at consumer macros, put "Foo*"
into the macro.
This is in preparation for incremental transition to ObjectPtr,
where some roots will return pointer types and others won't.
When that migration is complete, everything will be uniform
(and without "*") again.

Bug: v8:3770
Change-Id: Ib4a9900b1fc6e59f5fc924b779ed7e94dc136ad0
Reviewed-on: https://chromium-review.googlesource.com/c/1285397
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56798}
[modify] https://crrev.com/747d71e14ec367e496998325cc7aed99014f2a3b/src/heap/factory-inl.h
[modify] https://crrev.com/747d71e14ec367e496998325cc7aed99014f2a3b/src/heap/factory.h
[modify] https://crrev.com/747d71e14ec367e496998325cc7aed99014f2a3b/src/heap/heap-inl.h
[modify] https://crrev.com/747d71e14ec367e496998325cc7aed99014f2a3b/src/heap/heap.h
[modify] https://crrev.com/747d71e14ec367e496998325cc7aed99014f2a3b/src/objects-definitions.h
[modify] https://crrev.com/747d71e14ec367e496998325cc7aed99014f2a3b/src/roots-inl.h
[modify] https://crrev.com/747d71e14ec367e496998325cc7aed99014f2a3b/src/roots.h

Comment 35 by bugdroid1@chromium.org, Oct 24

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/266c0b967b0fb825583d77c257aa83220c73e04b

commit 266c0b967b0fb825583d77c257aa83220c73e04b
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Wed Oct 24 00:14:20 2018

[ubsan,heap] Replace Object** with ObjectSlot

as part of the continuing quest to get rid of Object*/Object**.
This is a fairly mechanical replacement of Object**/MaybeObject** with
wrapper objects carrying the same data. No change in behavior is intended.
Overloaded operators are provided to minimize code churn.

Bug: v8:3770
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I76cee82b8bf2dd80a1b66f09dd2bb2b65038eeb7
Reviewed-on: https://chromium-review.googlesource.com/c/1287889
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56920}
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/BUILD.gn
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/api-arguments.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/api.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/arguments.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/bootstrapper.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/compilation-cache.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/contexts-inl.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/contexts.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/debug/debug.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/elements.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/feedback-vector-inl.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/feedback-vector.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/frames.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/frames.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/global-handles.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/globals.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/concurrent-marking.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/factory.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/heap-write-barrier-inl.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/heap-write-barrier.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/heap.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/heap.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/incremental-marking-inl.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/incremental-marking.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/incremental-marking.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/mark-compact-inl.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/mark-compact.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/mark-compact.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/object-stats.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/objects-visiting-inl.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/objects-visiting.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/objects-visiting.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/remembered-set.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/scavenger-inl.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/scavenger.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/scavenger.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/slot-set.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/heap/spaces.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/interpreter/interpreter.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/isolate.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/objects-body-descriptors-inl.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/objects-inl.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/objects.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/objects.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/objects/descriptor-array.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/objects/fixed-array-inl.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/objects/fixed-array.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/objects/js-objects-inl.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/objects/js-objects.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/objects/js-weak-refs-inl.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/objects/js-weak-refs.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/objects/maybe-object.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/objects/property-array-inl.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/objects/property-array.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/objects/shared-function-info-inl.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/objects/shared-function-info.h
[add] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/objects/slots-inl.h
[add] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/objects/slots.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/roots.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/runtime/runtime-strings.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/snapshot/builtin-deserializer.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/snapshot/builtin-serializer.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/snapshot/builtin-serializer.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/snapshot/code-serializer.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/snapshot/deserializer.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/snapshot/deserializer.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/snapshot/object-deserializer.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/snapshot/partial-deserializer.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/snapshot/partial-serializer.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/snapshot/read-only-deserializer.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/snapshot/read-only-serializer.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/snapshot/roots-serializer.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/snapshot/roots-serializer.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/snapshot/serializer-common.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/snapshot/serializer.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/snapshot/serializer.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/snapshot/startup-serializer.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/snapshot/startup-serializer.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/transitions-inl.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/transitions.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/transitions.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/utils.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/src/visitors.h
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/test/cctest/test-js-weak-refs.cc
[modify] https://crrev.com/266c0b967b0fb825583d77c257aa83220c73e04b/test/unittests/heap/slot-set-unittest.cc

Comment 36 by bugdroid1@chromium.org, Oct 24

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/7d1000f30f8f9cb6d6275af441422ab319038df8

commit 7d1000f30f8f9cb6d6275af441422ab319038df8
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Wed Oct 24 03:59:48 2018

[ubsan,snapshot] Replace Object** in src/snapshot/

as part of the ongoing quest to get rid of Object*/Object** entirely.
Turns out the Deserializer was actually using unaligned MaybeObject**
pointers, which is undefined behavior. This patch makes the unaligned
values obvious (as "UnalignedSlot") and safe.

Bug: v8:3770
Change-Id: I20f2cca10cc025fa4867e56d9d740a3653837749
Reviewed-on: https://chromium-review.googlesource.com/c/1295792
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56924}
[modify] https://crrev.com/7d1000f30f8f9cb6d6275af441422ab319038df8/src/objects/slots.h
[modify] https://crrev.com/7d1000f30f8f9cb6d6275af441422ab319038df8/src/snapshot/deserializer.cc
[modify] https://crrev.com/7d1000f30f8f9cb6d6275af441422ab319038df8/src/snapshot/deserializer.h
[modify] https://crrev.com/7d1000f30f8f9cb6d6275af441422ab319038df8/src/snapshot/serializer.cc

Comment 37 by bugdroid1@chromium.org, Oct 24

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/76968a2ff31b6540dfd5aefc771a5a962383d333

commit 76968a2ff31b6540dfd5aefc771a5a962383d333
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Wed Oct 24 18:27:31 2018

[ubsan] Introduce ObjectPtr and port PropertyArray

This CL gives a first look at the new way to represent tagged object
pointers in C++.
It adds infrastructure in Handles and the garbage collector to deal
with the new object type, and ports a first class to the new world.

Design overview: https://goo.gl/Ph4CGz

Bug: v8:3770
Change-Id: I3e37fbf399612f95540cb386710a595069fb9d55
Reviewed-on: https://chromium-review.googlesource.com/c/1292673
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56964}
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/BUILD.gn
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/compiler/code-assembler.h
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/globals.h
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/handles-inl.h
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/handles.h
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/heap/concurrent-marking.cc
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/heap/factory.cc
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/heap/heap-inl.h
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/heap/heap-write-barrier-inl.h
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/heap/heap-write-barrier.h
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/heap/heap.h
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/heap/object-stats.cc
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/heap/objects-visiting-inl.h
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/heap/objects-visiting.h
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/heap/spaces.cc
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/heap/spaces.h
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/identity-map.h
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/objects-debug.cc
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/objects-inl.h
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/objects-printer.cc
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/objects.h
[add] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/objects/heap-object-inl.h
[add] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/objects/heap-object.h
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/objects/js-objects-inl.h
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/objects/js-objects.h
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/objects/object-macros-undef.h
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/objects/object-macros.h
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/objects/property-array-inl.h
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/objects/property-array.h
[modify] https://crrev.com/76968a2ff31b6540dfd5aefc771a5a962383d333/src/roots.h

Comment 38 by bugdroid1@chromium.org, Oct 26

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/e7b8699910c02ba3061b5913f83cae02887ded31

commit e7b8699910c02ba3061b5913f83cae02887ded31
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri Oct 26 01:08:30 2018

[ubsan] Port MaybeObject to new design

This CL applies the equivalent of the Object -> ObjectPtr
transformation to MaybeObject and HeapObjectReference. We
need no renaming in this case because we can just migrate
them both in one go.

Bug: v8:3770
Change-Id: Ie1259c3e8c556eff00f8bcf534d7270ca9fe00e1
Reviewed-on: https://chromium-review.googlesource.com/c/1298386
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57010}
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/code-stub-assembler.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/compiler/js-heap-broker.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/feedback-vector-inl.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/feedback-vector.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/feedback-vector.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/globals.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/heap/concurrent-marking.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/heap/factory.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/heap/heap-inl.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/heap/heap-write-barrier-inl.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/heap/heap-write-barrier.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/heap/heap.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/heap/heap.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/heap/incremental-marking-inl.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/heap/incremental-marking.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/heap/incremental-marking.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/heap/mark-compact-inl.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/heap/mark-compact.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/heap/mark-compact.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/heap/object-stats.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/heap/scavenger-inl.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/heap/scavenger.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/heap/scavenger.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/ic/handler-configuration.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/ic/handler-configuration.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/ic/ic-inl.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/ic/ic.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/ic/stub-cache.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/ic/stub-cache.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/isolate.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/maybe-handles-inl.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/maybe-handles.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/objects-debug.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/objects-inl.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/objects-printer.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/objects.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/objects.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/objects/code-inl.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/objects/code.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/objects/data-handler.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/objects/descriptor-array.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/objects/fixed-array-inl.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/objects/fixed-array.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/objects/map.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/objects/maybe-object-inl.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/objects/maybe-object.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/objects/object-macros-undef.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/objects/object-macros.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/objects/prototype-info-inl.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/objects/prototype-info.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/objects/slots-inl.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/objects/slots.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/profiler/tick-sample.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/runtime/runtime-test.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/snapshot/deserializer.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/snapshot/deserializer.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/snapshot/serializer.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/transitions-inl.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/transitions.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/transitions.h
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/wasm/wasm-objects.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/src/x64/macro-assembler-x64.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/test/cctest/heap/test-weak-references.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/test/cctest/interpreter/test-interpreter.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/test/cctest/test-accessor-assembler.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/test/cctest/test-compiler.cc
[modify] https://crrev.com/e7b8699910c02ba3061b5913f83cae02887ded31/test/cctest/test-serialize.cc

Comment 39 by yangguo@chromium.org, Oct 30

Jakob, could you link your doc that gives an overview over Address, Object, ObjectPtr and ObjectSlot?

Comment 40 by jkummerow@chromium.org, Oct 30

Description: Show this description

Comment 41 by jkummerow@chromium.org, Oct 30

#39: Done, I've put a link into the description. Here's the link again, for good measure: 
https://docs.google.com/document/d/1_w49sakC1XM1OptjTurBDqO86NE16FH8LwbeUAtrbCo/edit

Comment 42 by bugdroid1@chromium.org, Oct 31

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/9392727982e67276ba576a1d9935f12a24583322

commit 9392727982e67276ba576a1d9935f12a24583322
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Wed Oct 31 00:28:40 2018

[ubsan] Replace Object** in GlobalHandles

as part of the continuing quest to get rid of Object*/Object** entirely.
Since it fits nicely, this CL as a bonus includes the planned change to
make Handle::location() return an Address*, in the process dropping the
temporarily needed duplicate Handle::location_as_address_ptr().

Bug: v8:3770
Change-Id: I87480289ce2a62ea1ae503e73d179256b7108c5c
Reviewed-on: https://chromium-review.googlesource.com/c/1298389
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57153}
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/allocation-site-scopes.h
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/api.cc
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/ast/ast-value-factory.h
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/compiler-dispatcher/compiler-dispatcher.cc
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/debug/debug.cc
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/debug/debug.h
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/elements.cc
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/global-handles.cc
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/global-handles.h
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/handles.cc
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/handles.h
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/heap/factory.cc
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/objects/bigint.cc
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/objects/heap-object-inl.h
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/objects/heap-object.h
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/objects/literal-objects.cc
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/objects/managed.h
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/objects/slots.h
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/objects/string.h
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/profiler/allocation-tracker.cc
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/snapshot/code-serializer.cc
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/string-builder-inl.h
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/string-stream.h
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/value-serializer.cc
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/wasm/wasm-interpreter.cc
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/src/wasm/wasm-js.cc
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/test/cctest/test-api.cc
[modify] https://crrev.com/9392727982e67276ba576a1d9935f12a24583322/test/cctest/wasm/test-wasm-shared-engine.cc

Comment 43 by bugdroid1@chromium.org, Oct 31

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/5cce694d604dcac1af3cef4989605768d8eae761

commit 5cce694d604dcac1af3cef4989605768d8eae761
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Wed Oct 31 05:17:16 2018

[ubsan] More Object** replacements

mostly in HandleScopeImplementer and related classes.

Bug: v8:3770
Change-Id: I9da757c60be99434b711fe74a5f5d296a0f08b22
Reviewed-on: https://chromium-review.googlesource.com/c/1300854
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57154}
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/api-inl.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/api.cc
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/api.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/arm/assembler-arm-inl.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/arm64/assembler-arm64-inl.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/arm64/macro-assembler-arm64.cc
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/compiler/instruction.cc
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/compiler/js-heap-broker.cc
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/elements.cc
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/frames.cc
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/handles-inl.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/handles.cc
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/handles.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/heap/scavenger-inl.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/ia32/assembler-ia32.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/isolate.cc
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/isolate.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/log.cc
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/log.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/mips/assembler-mips-inl.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/mips/assembler-mips.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/mips64/assembler-mips64-inl.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/mips64/assembler-mips64.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/objects/slots-inl.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/objects/slots.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/ppc/assembler-ppc-inl.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/roots-inl.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/roots.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/s390/assembler-s390-inl.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/src/utils.h
[modify] https://crrev.com/5cce694d604dcac1af3cef4989605768d8eae761/test/cctest/test-identity-map.cc

Comment 44 by bugdroid1@chromium.org, Nov 1

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/6b226ea2ff6d2f05e5e1809292f12ec476b56329

commit 6b226ea2ff6d2f05e5e1809292f12ec476b56329
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Thu Nov 01 05:20:04 2018

[ubsan] Replace AtomicElement with UB-safe alternative

The previous AtomicElement wrapper fundamentally relied on
reinterpret_casting a heap address to an instance of a C++
object, which is an invalid cast. This patch replaces that
pattern with an ObjectSlot-based alternative that does not
rely on UB.

Bug: v8:3770
Change-Id: I62fb3c7589ac59e9e18139b525174de77e0e2149
Reviewed-on: https://chromium-review.googlesource.com/c/1309297
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57197}
[modify] https://crrev.com/6b226ea2ff6d2f05e5e1809292f12ec476b56329/BUILD.gn
[modify] https://crrev.com/6b226ea2ff6d2f05e5e1809292f12ec476b56329/src/base/atomic-utils.h
[modify] https://crrev.com/6b226ea2ff6d2f05e5e1809292f12ec476b56329/src/elements.cc
[modify] https://crrev.com/6b226ea2ff6d2f05e5e1809292f12ec476b56329/src/objects.cc
[add] https://crrev.com/6b226ea2ff6d2f05e5e1809292f12ec476b56329/src/objects/slots-atomic-inl.h
[modify] https://crrev.com/6b226ea2ff6d2f05e5e1809292f12ec476b56329/src/objects/slots.h

Comment 45 by bugdroid1@chromium.org, Nov 4

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/ad8169a0c3242bc73c5cd7371574a30f5464c050

commit ad8169a0c3242bc73c5cd7371574a30f5464c050
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Sun Nov 04 03:44:32 2018

[ubsan] Replace Object** in StrongRootsList with ObjectSlot

as part of the ongoing quest to get rid of Object*/Object** entirely.

Bug: v8:3770
Change-Id: Id3c6112a48a7a7ddb5441c72d81f4e4be61e3eae
Reviewed-on: https://chromium-review.googlesource.com/c/1316610
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57225}
[modify] https://crrev.com/ad8169a0c3242bc73c5cd7371574a30f5464c050/src/deoptimizer.cc
[modify] https://crrev.com/ad8169a0c3242bc73c5cd7371574a30f5464c050/src/heap/heap.cc
[modify] https://crrev.com/ad8169a0c3242bc73c5cd7371574a30f5464c050/src/heap/heap.h
[modify] https://crrev.com/ad8169a0c3242bc73c5cd7371574a30f5464c050/src/identity-map.cc

Comment 46 by bugdroid1@chromium.org, Nov 5

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/6d706ae3a0153cf0272760132b775ae06ef13b1a

commit 6d706ae3a0153cf0272760132b775ae06ef13b1a
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Mon Nov 05 20:52:51 2018

[ubsan] Port Smi to the new design

and split Smi out of objects.h into smi.h.

Bug: v8:3770, v8:5402
Change-Id: I5ff7461495d29c785a76c79aca2616816a29ab1e
Reviewed-on: https://chromium-review.googlesource.com/c/1313035
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57252}
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/include/v8-internal.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/include/v8config.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/api.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/arm/assembler-arm-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/arm/assembler-arm.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/arm/code-stubs-arm.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/arm/macro-assembler-arm.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/arm/macro-assembler-arm.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/arm64/assembler-arm64-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/arm64/macro-assembler-arm64-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/arm64/macro-assembler-arm64.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/arm64/macro-assembler-arm64.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/ast/ast.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/ast/ast.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/builtins/arm/builtins-arm.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/builtins/arm64/builtins-arm64.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/builtins/builtins-array.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/builtins/builtins-intl.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/builtins/builtins-promise-gen.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/builtins/ia32/builtins-ia32.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/builtins/mips/builtins-mips.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/builtins/mips64/builtins-mips64.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/builtins/ppc/builtins-ppc.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/builtins/s390/builtins-s390.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/builtins/setup-builtins-internal.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/builtins/x64/builtins-x64.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/code-stub-assembler.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/code-stub-assembler.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/compiler/arm/code-generator-arm.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/compiler/arm64/code-generator-arm64.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/compiler/bytecode-graph-builder.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/compiler/code-assembler.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/compiler/code-assembler.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/compiler/code-generator.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/compiler/ia32/code-generator-ia32.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/compiler/x64/code-generator-x64.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/contexts-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/contexts.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/date.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/date.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/deoptimizer.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/external-reference.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/feedback-vector-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/feedback-vector.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/field-type.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/frames.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/handles-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/handles.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/heap/factory.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/heap/factory.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/heap/heap.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/heap/incremental-marking.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/heap/setup-heap-internal.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/ia32/assembler-ia32.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/ia32/code-stubs-ia32.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/ia32/macro-assembler-ia32.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/ic/accessor-assembler.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/ic/handler-configuration-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/ic/handler-configuration.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/ic/handler-configuration.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/ic/ic-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/ic/ic.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/interpreter/bytecode-array-accessor.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/interpreter/bytecode-array-accessor.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/interpreter/bytecode-array-builder.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/interpreter/bytecode-array-builder.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/interpreter/bytecode-generator.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/interpreter/constant-array-builder.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/interpreter/constant-array-builder.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/isolate-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/isolate.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/isolate.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/json-stringifier.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/layout-descriptor-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/layout-descriptor.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/math-random.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/math-random.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/maybe-handles.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/mips/assembler-mips.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/mips/macro-assembler-mips.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/mips/macro-assembler-mips.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/mips64/assembler-mips64.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/mips64/macro-assembler-mips64.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/mips64/macro-assembler-mips64.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects-debug.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects-printer.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/bigint.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/code-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/code.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/compilation-cache-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/compilation-cache.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/dictionary.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/fixed-array-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/fixed-array.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/frame-array-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/frame-array.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/hash-table.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/heap-object.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/js-array-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/js-array.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/js-objects-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/js-objects.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/js-regexp-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/js-weak-refs-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/literal-objects.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/maybe-object-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/maybe-object.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/microtask-queue-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/object-macros-undef.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/object-macros.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/ordered-hash-table.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/property-array-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/prototype-info-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/prototype-info.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/script-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/shared-function-info.h
[add] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/smi-inl.h
[add] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/smi.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/string-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/objects/string.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/ppc/assembler-ppc.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/ppc/macro-assembler-ppc.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/ppc/macro-assembler-ppc.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/property-details.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/property.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/roots.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/runtime/runtime-classes.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/runtime/runtime-numbers.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/runtime/runtime-scopes.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/runtime/runtime-strings.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/runtime/runtime-test.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/runtime/runtime-utils.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/runtime/runtime.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/s390/assembler-s390.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/s390/macro-assembler-s390.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/s390/macro-assembler-s390.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/snapshot/deserializer.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/snapshot/serializer.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/snapshot/serializer.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/string-builder-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/string-builder.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/transitions-inl.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/value-serializer.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/value-serializer.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/wasm/baseline/liftoff-compiler.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/x64/assembler-x64.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/x64/code-stubs-x64.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/x64/macro-assembler-x64.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/src/x64/macro-assembler-x64.h
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/test/cctest/compiler/test-code-generator.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/test/cctest/heap/test-weak-references.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/test/cctest/interpreter/test-interpreter.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/test/cctest/test-accessor-assembler.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/test/cctest/test-code-stub-assembler.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/test/cctest/test-conversions.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/test/cctest/test-macro-assembler-x64.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/test/cctest/test-smi-lexicographic-compare.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/test/cctest/trace-extension.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/test/unittests/background-compile-task-unittest.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/test/unittests/base/logging-unittest.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/test/unittests/interpreter/bytecode-array-builder-unittest.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/test/unittests/interpreter/bytecode-array-iterator-unittest.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/test/unittests/interpreter/bytecode-array-random-iterator-unittest.cc
[modify] https://crrev.com/6d706ae3a0153cf0272760132b775ae06ef13b1a/test/unittests/interpreter/constant-array-builder-unittest.cc

Comment 47 by bugdroid1@chromium.org, Nov 6

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/e0f875fdec175966493db8567ed51695e5b7114b

commit e0f875fdec175966493db8567ed51695e5b7114b
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Tue Nov 06 17:22:17 2018

[ubsan] Port FieldType to the new design

Bug: v8:3770
Change-Id: I6e2782a7f8589c466b54987c850d41d4ff5f6489
Reviewed-on: https://chromium-review.googlesource.com/c/1316618
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57292}
[modify] https://crrev.com/e0f875fdec175966493db8567ed51695e5b7114b/src/field-type.cc
[modify] https://crrev.com/e0f875fdec175966493db8567ed51695e5b7114b/src/field-type.h
[modify] https://crrev.com/e0f875fdec175966493db8567ed51695e5b7114b/src/ic/accessor-assembler.cc
[modify] https://crrev.com/e0f875fdec175966493db8567ed51695e5b7114b/src/map-updater.cc
[modify] https://crrev.com/e0f875fdec175966493db8567ed51695e5b7114b/src/map-updater.h
[modify] https://crrev.com/e0f875fdec175966493db8567ed51695e5b7114b/src/maybe-handles.h
[modify] https://crrev.com/e0f875fdec175966493db8567ed51695e5b7114b/src/objects-debug.cc
[modify] https://crrev.com/e0f875fdec175966493db8567ed51695e5b7114b/src/objects-inl.h
[modify] https://crrev.com/e0f875fdec175966493db8567ed51695e5b7114b/src/objects-printer.cc
[modify] https://crrev.com/e0f875fdec175966493db8567ed51695e5b7114b/src/objects.cc
[modify] https://crrev.com/e0f875fdec175966493db8567ed51695e5b7114b/src/objects/descriptor-array.h
[modify] https://crrev.com/e0f875fdec175966493db8567ed51695e5b7114b/src/objects/map-inl.h
[modify] https://crrev.com/e0f875fdec175966493db8567ed51695e5b7114b/src/objects/map.h
[modify] https://crrev.com/e0f875fdec175966493db8567ed51695e5b7114b/src/objects/maybe-object.h
[modify] https://crrev.com/e0f875fdec175966493db8567ed51695e5b7114b/test/cctest/test-field-type-tracking.cc
[modify] https://crrev.com/e0f875fdec175966493db8567ed51695e5b7114b/test/cctest/test-transitions.cc

Comment 48 by bugdroid1@chromium.org, Nov 7

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77

commit d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Wed Nov 07 04:05:30 2018

[ubsan] Replace Object** in Arguments and friends

as part of the ongoing quest to get rid of Object*/Object** entirely.
Design overview: https://goo.gl/Ph4CGz

Bug: v8:3770
Change-Id: Ie79a461a61203ea5a6efcd7b2a31bff1834169dd
Reviewed-on: https://chromium-review.googlesource.com/c/1316607
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57306}
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/api-arguments-inl.h
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/api-arguments.cc
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/api-arguments.h
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/api.cc
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/arguments-inl.h
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/arguments.h
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/builtins/builtins-api.cc
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/builtins/builtins-array.cc
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/builtins/builtins-arraybuffer.cc
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/builtins/builtins-utils.h
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/builtins/builtins.cc
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/builtins/setup-builtins-internal.cc
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/external-reference-table.cc
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/objects.cc
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/objects.h
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/objects/heap-object-inl.h
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/objects/heap-object.h
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/objects/slots-inl.h
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/objects/slots.h
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/runtime/runtime-array.cc
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/runtime/runtime-classes.cc
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/runtime/runtime-debug.cc
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/runtime/runtime-futex.cc
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/runtime/runtime-generator.cc
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/runtime/runtime-literals.cc
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/runtime/runtime-promise.cc
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/runtime/runtime-regexp.cc
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/runtime/runtime-scopes.cc
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/runtime/runtime-test.cc
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/runtime/runtime.cc
[modify] https://crrev.com/d1cb4ef48ab560dd6d9fd4286364c9a5a90fac77/src/runtime/runtime.h

Comment 49 by bugdroid1@chromium.org, Nov 10

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/e2a3e10285b5ed7565f8db4cdcdb376242ec99df

commit e2a3e10285b5ed7565f8db4cdcdb376242ec99df
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Sat Nov 10 02:28:23 2018

[ubsan] Replace Object** in runtime-scopes.cc

as part of the ongoing quest to get rid of Object**/Object* entirely.

Bug: v8:3770
Change-Id: Ibe05801fad78b26ca27b044c8091a26ccab5469a
Reviewed-on: https://chromium-review.googlesource.com/c/1330909
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57414}
[modify] https://crrev.com/e2a3e10285b5ed7565f8db4cdcdb376242ec99df/src/runtime/runtime-scopes.cc

Comment 50 by bugdroid1@chromium.org, Nov 12

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/0738a21ab2c4cfa724a35ffaf8a3bf0795a47fa1

commit 0738a21ab2c4cfa724a35ffaf8a3bf0795a47fa1
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Mon Nov 12 08:00:07 2018

[ubsan] Adapt ZoneHandleSet to new Handle internals

By matching ZoneHandleSet's internals to Handle's internals,
we can avoid a few unnecessary casts, and get rid of a few
more occurrences of Object**.

Bug: v8:3770
Change-Id: I24d6bad3a4959d977abf1f6b8db9be50bb2bc6d8
Reviewed-on: https://chromium-review.googlesource.com/c/1330907
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57418}
[modify] https://crrev.com/0738a21ab2c4cfa724a35ffaf8a3bf0795a47fa1/src/zone/zone-handle-set.h

Comment 51 by bugdroid1@chromium.org, Nov 12

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/fe61cd6487913df5828a5d711774e16208fbb31d

commit fe61cd6487913df5828a5d711774e16208fbb31d
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Mon Nov 12 18:47:04 2018

[ubsan] Port Code to the new design

Bug: v8:3770
Change-Id: I413ce57f7fa91cef2445995ca22650477f92b0df
Reviewed-on: https://chromium-review.googlesource.com/c/1321892
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57445}
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/arm/assembler-arm-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/arm/assembler-arm.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/arm/assembler-arm.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/arm64/assembler-arm64-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/arm64/assembler-arm64.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/arm64/assembler-arm64.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/builtins/builtins.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/builtins/builtins.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/builtins/setup-builtins-internal.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/code-events.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/code-stubs.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/code-stubs.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/compiler.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/compiler/code-assembler.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/contexts.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/contexts.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/debug/debug-evaluate.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/debug/debug.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/deoptimizer.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/deoptimizer.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/disassembler.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/elements.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/extensions/statistics-extension.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/external-reference.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/feedback-vector-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/feedback-vector.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/feedback-vector.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/frames-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/frames.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/frames.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/gdb-jit.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/globals.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/handler-table.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/handler-table.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/handles-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/handles.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/heap/code-stats.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/heap/concurrent-marking.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/heap/factory.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/heap/heap-write-barrier-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/heap/heap-write-barrier.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/heap/heap.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/heap/heap.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/heap/incremental-marking.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/heap/incremental-marking.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/heap/mark-compact-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/heap/mark-compact.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/heap/mark-compact.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/heap/object-stats.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/heap/objects-visiting.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/heap/objects-visiting.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/heap/remembered-set.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/ia32/assembler-ia32-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/ia32/assembler-ia32.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/ia32/assembler-ia32.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/ic/ic-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/instruction-stream.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/instruction-stream.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/interpreter/interpreter.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/interpreter/interpreter.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/isolate-data.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/isolate.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/isolate.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/log.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/log.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/mips/assembler-mips-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/mips/assembler-mips.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/mips/assembler-mips.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/mips64/assembler-mips64-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/mips64/assembler-mips64.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/mips64/assembler-mips64.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/objects-body-descriptors-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/objects-debug.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/objects-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/objects-printer.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/objects.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/objects/code-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/objects/code.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/objects/heap-object-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/objects/heap-object.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/objects/js-objects-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/objects/js-objects.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/objects/object-macros-undef.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/objects/object-macros.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/objects/property-array.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/objects/shared-function-info-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/objects/shared-function-info.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/objects/slots-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/objects/slots.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/perf-jit.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/perf-jit.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/ppc/assembler-ppc-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/ppc/assembler-ppc.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/profiler/profiler-listener.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/profiler/profiler-listener.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/regexp/arm/regexp-macro-assembler-arm.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/regexp/arm/regexp-macro-assembler-arm.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/regexp/arm64/regexp-macro-assembler-arm64.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/regexp/arm64/regexp-macro-assembler-arm64.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/regexp/ia32/regexp-macro-assembler-ia32.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/regexp/ia32/regexp-macro-assembler-ia32.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/regexp/jsregexp.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/regexp/jsregexp.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/regexp/mips/regexp-macro-assembler-mips.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/regexp/mips/regexp-macro-assembler-mips.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/regexp/mips64/regexp-macro-assembler-mips64.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/regexp/mips64/regexp-macro-assembler-mips64.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/regexp/ppc/regexp-macro-assembler-ppc.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/regexp/ppc/regexp-macro-assembler-ppc.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/regexp/regexp-macro-assembler.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/regexp/regexp-macro-assembler.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/regexp/s390/regexp-macro-assembler-s390.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/regexp/s390/regexp-macro-assembler-s390.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/regexp/x64/regexp-macro-assembler-x64.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/regexp/x64/regexp-macro-assembler-x64.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/reloc-info.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/reloc-info.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/roots.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/s390/assembler-s390-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/s390/assembler-s390.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/s390/assembler-s390.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/safepoint-table.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/safepoint-table.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/setup-isolate.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/simulator.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/snapshot/code-serializer.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/snapshot/code-serializer.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/snapshot/deserializer.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/snapshot/deserializer.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/snapshot/object-deserializer.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/snapshot/serializer.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/snapshot/serializer.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/snapshot/snapshot-common.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/snapshot/startup-deserializer.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/source-position.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/source-position.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/string-stream.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/string-stream.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/visitors.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/wasm/module-compiler.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/wasm/wasm-code-manager.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/wasm/wasm-objects-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/wasm/wasm-objects.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/x64/assembler-x64-inl.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/x64/assembler-x64.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/src/x64/assembler-x64.h
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/test/cctest/interpreter/test-interpreter.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/test/cctest/test-accessors.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/test/cctest/test-api.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/test/cctest/test-debug.cc
[modify] https://crrev.com/fe61cd6487913df5828a5d711774e16208fbb31d/test/cctest/test-regexp.cc

Comment 52 by bugdroid1@chromium.org, Nov 13

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/0dbda17de5261dab6e6033e2b0bde6738a5e238a

commit 0dbda17de5261dab6e6033e2b0bde6738a5e238a
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Tue Nov 13 06:59:12 2018

[ubsan] Port Map to the new design

Bug: v8:3770
Change-Id: I52660eeda1bd299953793af9af1395f47e89072e
Reviewed-on: https://chromium-review.googlesource.com/c/1331155
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57454}
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/bootstrapper.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/builtins/builtins-array.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/code-stub-assembler.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/code-stub-assembler.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/compiler/access-info.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/compiler/js-heap-broker.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/compiler/js-native-context-specialization.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/contexts-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/contexts.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/elements.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/external-reference.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/feedback-vector.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/feedback-vector.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/field-index-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/field-index.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/field-type.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/field-type.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/handles.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/concurrent-marking.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/factory.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/factory.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/heap-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/heap-write-barrier-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/heap-write-barrier.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/heap.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/heap.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/incremental-marking.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/incremental-marking.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/mark-compact-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/mark-compact.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/mark-compact.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/object-stats.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/objects-visiting-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/objects-visiting.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/scavenger-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/scavenger.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/scavenger.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/setup-heap-internal.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/spaces.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/heap/sweeper.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/ic/call-optimization.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/ic/call-optimization.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/ic/ic.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/ic/ic.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/ic/stub-cache.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/ic/stub-cache.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/isolate.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/keys.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/layout-descriptor-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/layout-descriptor.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/layout-descriptor.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/log.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/log.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/lookup-cache-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/lookup-cache.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/lookup-cache.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/lookup-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/lookup.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/lookup.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/map-updater.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/maybe-handles.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects-body-descriptors-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects-body-descriptors.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects-debug.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects-definitions.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects-printer.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects/arguments-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects/descriptor-array.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects/heap-object-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects/heap-object.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects/js-objects-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects/js-objects.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects/map-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects/map.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects/object-macros.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects/prototype-info-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects/prototype-info.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects/slots-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects/slots.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects/string-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects/string.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/objects/templates.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/property-descriptor.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/prototype-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/prototype.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/regexp/regexp-utils.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/roots-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/roots.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/runtime/runtime-classes.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/runtime/runtime-object.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/snapshot/serializer.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/snapshot/serializer.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/string-stream.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/string-stream.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/transitions-inl.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/transitions.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/src/transitions.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/test/cctest/test-accessor-assembler.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/test/cctest/test-feedback-vector.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/test/cctest/test-field-type-tracking.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/test/cctest/test-transitions.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/test/cctest/test-transitions.h
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/test/cctest/test-unboxed-doubles.cc
[modify] https://crrev.com/0dbda17de5261dab6e6033e2b0bde6738a5e238a/test/mkgrokdump/mkgrokdump.cc

Comment 53 by bugdroid1@chromium.org, Nov 16

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/df99becfca37f29f20ce69400d6c6986cece1107

commit df99becfca37f29f20ce69400d6c6986cece1107
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri Nov 16 09:32:51 2018

[ubsan] Check valid types on ExternalReference-called functions

All C++ functions called directly from generated code must have
a predictable ABI. We ensure that by requiring their return and
argument types to be scalars -- in particular, they must not be
non-pointer ObjectPtr or ObjectSlot types, which is easy to get
wrong and difficult to debug. This patch adds compile-time type
checks enforcing the requirement to the macro used for creating
ExternalReferences for functions.

Bug: v8:3770
Change-Id: I442cf25e2f72b7ea84d4a50c9c665b187b179ca0
Reviewed-on: https://chromium-review.googlesource.com/c/1334974
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57560}
[modify] https://crrev.com/df99becfca37f29f20ce69400d6c6986cece1107/src/external-reference.cc
[modify] https://crrev.com/df99becfca37f29f20ce69400d6c6986cece1107/src/objects.cc
[modify] https://crrev.com/df99becfca37f29f20ce69400d6c6986cece1107/src/objects.h

Comment 54 by bugdroid1@chromium.org, Nov 21

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/ad0afdae9fb4fe3490988364e045c24f1fe8e08d

commit ad0afdae9fb4fe3490988364e045c24f1fe8e08d
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Wed Nov 21 19:43:57 2018

[ubsan] Duplicate FixedArray{,Base} temporarily

In preparation for incrementally migrating subclasses to deriving
from FixedArrayPtr/FixedArrayBasePtr. Once that is done for all
subclasses, this duplication will be dropped again.

Bug: v8:3770
Change-Id: I6d664997fdcb18f7c0f37183d9f920ae30f3b749
Reviewed-on: https://chromium-review.googlesource.com/c/1345325
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57702}
[modify] https://crrev.com/ad0afdae9fb4fe3490988364e045c24f1fe8e08d/src/heap/factory.cc
[modify] https://crrev.com/ad0afdae9fb4fe3490988364e045c24f1fe8e08d/src/heap/factory.h
[modify] https://crrev.com/ad0afdae9fb4fe3490988364e045c24f1fe8e08d/src/objects.cc
[modify] https://crrev.com/ad0afdae9fb4fe3490988364e045c24f1fe8e08d/src/objects/fixed-array-inl.h
[modify] https://crrev.com/ad0afdae9fb4fe3490988364e045c24f1fe8e08d/src/objects/fixed-array.h
[modify] https://crrev.com/ad0afdae9fb4fe3490988364e045c24f1fe8e08d/src/objects/heap-object-inl.h
[modify] https://crrev.com/ad0afdae9fb4fe3490988364e045c24f1fe8e08d/src/objects/heap-object.h

Comment 55 by bugdroid1@chromium.org, Nov 22

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/ce6e40fc3183f0ba7e30f7a65462d1bdf5448003

commit ce6e40fc3183f0ba7e30f7a65462d1bdf5448003
Author: Marja Hölttä <marja@chromium.org>
Date: Thu Nov 22 12:41:34 2018

[ubsan] Fix Map::PrintMapDetails.

Now that Map just contains a pointer, and is passed by value to
Logger::MapDetails, printing the this pointer in Map::PrintMapDetails no longer
makes sense, but we need to print the underlying pointer.

BUG=v8:3770

Change-Id: I87f41c796dbff7a8800731bb1d63a7482b9ff71c
Reviewed-on: https://chromium-review.googlesource.com/c/1347485
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57733}
[modify] https://crrev.com/ce6e40fc3183f0ba7e30f7a65462d1bdf5448003/src/objects-printer.cc

Comment 56 by bugdroid1@chromium.org, Nov 23

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/a1c88a4451a4ad8e315160f682b0f723055e0b49

commit a1c88a4451a4ad8e315160f682b0f723055e0b49
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri Nov 23 09:34:18 2018

[ubsan] Port HashTableBase and subclasses to the new design

Bug: v8:3770
Change-Id: I9a3f289ac6236b88476167150565e8183d6f5461
Reviewed-on: https://chromium-review.googlesource.com/c/1345326
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57764}
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/api.cc
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/builtins/builtins-array.cc
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/code-stubs.cc
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/compilation-cache.cc
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/compiler/code-assembler.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/elements.cc
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/handles.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/heap/concurrent-marking.cc
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/heap/heap-inl.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/heap/heap.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/heap/incremental-marking.cc
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/heap/mark-compact-inl.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/heap/mark-compact.cc
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/heap/mark-compact.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/heap/object-stats.cc
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/heap/objects-visiting.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/json-parser.cc
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/keys.cc
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/lookup.cc
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects-debug.cc
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects-inl.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects-printer.cc
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects.cc
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects/code-inl.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects/code.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects/compilation-cache-inl.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects/compilation-cache.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects/dictionary.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects/hash-table-inl.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects/hash-table.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects/heap-object-inl.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects/heap-object.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects/js-objects-inl.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects/js-objects.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects/map-inl.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects/module-inl.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects/module.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects/object-macros.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/objects/string-table.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/roots.h
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/runtime/runtime-object.cc
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/src/value-serializer.cc
[modify] https://crrev.com/a1c88a4451a4ad8e315160f682b0f723055e0b49/test/cctest/test-dictionary.cc

Comment 57 by bugdroid1@chromium.org, Nov 23

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/56e161e81195ac3532f8405f264ffcbec51c76c0

commit 56e161e81195ac3532f8405f264ffcbec51c76c0
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri Nov 23 11:03:54 2018

[ubsan] Port Context to the new design

Bug: v8:3770
Change-Id: I07f48b1ee8814a006e6787ad8261fa8388b4298d
Reviewed-on: https://chromium-review.googlesource.com/c/1345327
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57771}
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/accessors.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/api-inl.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/api.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/api.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/arguments.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/bootstrapper.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/builtins/builtins-utils.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/compiler.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/compiler/js-heap-broker.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/compiler/js-inlining.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/compiler/pipeline.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/contexts-inl.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/contexts.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/contexts.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/d8.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/debug/debug-scopes.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/deoptimizer.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/deoptimizer.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/elements.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/elements.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/frames.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/handles.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/heap/factory.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/heap/heap.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/heap/object-stats.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/heap/objects-visiting-inl.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/heap/objects-visiting.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/heap/objects-visiting.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/ic/call-optimization.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/ic/call-optimization.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/isolate-inl.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/isolate.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/isolate.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/math-random.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/math-random.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/objects-debug.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/objects-inl.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/objects-printer.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/objects.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/objects/arguments-inl.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/objects/arguments.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/objects/code.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/objects/js-generator-inl.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/objects/js-generator.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/objects/js-objects-inl.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/objects/js-objects.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/objects/js-weak-refs-inl.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/objects/js-weak-refs.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/objects/microtask-inl.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/objects/microtask.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/objects/promise-inl.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/objects/promise.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/optimized-compilation-info.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/optimized-compilation-info.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/reloc-info.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/runtime/runtime-compiler.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/runtime/runtime-test.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/runtime/runtime-wasm.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/snapshot/partial-serializer.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/snapshot/partial-serializer.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/snapshot/startup-serializer.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/snapshot/startup-serializer.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/string-stream.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/wasm/module-compiler.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/wasm/wasm-objects-inl.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/src/wasm/wasm-objects.h
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/test/cctest/compiler/function-tester.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/test/cctest/compiler/test-js-context-specialization.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/test/cctest/test-api.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/test/cctest/test-parsing.cc
[modify] https://crrev.com/56e161e81195ac3532f8405f264ffcbec51c76c0/test/cctest/test-serialize.cc

Comment 59 by bugdroid1@chromium.org, Nov 24

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/1e049367014fb507a3f7199c043294104e0023f7

commit 1e049367014fb507a3f7199c043294104e0023f7
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Sat Nov 24 02:05:20 2018

[ubsan] Port remaining FixedArray subclasses to new design

Bug: v8:3770
Change-Id: I06f7fb1b2915d1c87162cb464d0ed34d08516e24
Reviewed-on: https://chromium-review.googlesource.com/c/1345909
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57800}
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/api.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/ast/scopes.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/ast/scopes.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/contexts-inl.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/contexts.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/contexts.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/debug/debug-coverage.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/debug/debug-scopes.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/deoptimizer.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/elements.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/frames.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/frames.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/gdb-jit.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/handles.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/heap/factory.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/heap/factory.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/heap/heap-inl.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/heap/heap.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/heap/object-stats.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/isolate.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/log.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects-debug.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects-inl.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects-printer.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/arguments-inl.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/arguments.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/code-inl.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/code.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/debug-objects-inl.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/debug-objects.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/fixed-array-inl.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/fixed-array.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/frame-array-inl.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/frame-array.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/heap-object-inl.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/heap-object.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/literal-objects-inl.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/literal-objects.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/module-inl.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/module.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/object-macros.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/property-descriptor-object-inl.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/property-descriptor-object.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/regexp-match-info.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/scope-info.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/scope-info.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/shared-function-info-inl.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/objects/shared-function-info.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/profiler/profiler-listener.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/roots.h
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/runtime/runtime-compiler.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/runtime/runtime-debug.cc
[modify] https://crrev.com/1e049367014fb507a3f7199c043294104e0023f7/src/source-position.cc

Comment 60 by bugdroid1@chromium.org, Nov 24

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/32c7ab30b9da30e560ceaebb6f90272a411fadb5

commit 32c7ab30b9da30e560ceaebb6f90272a411fadb5
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Sat Nov 24 03:18:53 2018

[ubsan] Port FixedDoubleArray and FixedTypedArray*

to the new design.

Bug: v8:3770
Change-Id: I3cd0a66eefefedc98a641494302fc79d897a153a
Reviewed-on: https://chromium-review.googlesource.com/c/1345910
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57801}
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/builtins/builtins-array.cc
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/compiler/code-assembler.h
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/compiler/js-heap-broker.cc
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/elements.cc
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/handles.h
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/heap/concurrent-marking.cc
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/heap/factory-inl.h
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/heap/factory.cc
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/heap/factory.h
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/heap/objects-visiting.h
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/heap/setup-heap-internal.cc
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/math-random.cc
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/objects-debug.cc
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/objects-inl.h
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/objects-printer.cc
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/objects.cc
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/objects.h
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/objects/fixed-array-inl.h
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/objects/fixed-array.h
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/objects/js-array-buffer-inl.h
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/objects/js-objects-inl.h
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/roots-inl.h
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/roots.h
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/runtime/runtime-array.cc
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/runtime/runtime-literals.cc
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/snapshot/deserializer.cc
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/src/snapshot/serializer.cc
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/test/cctest/compiler/test-run-stubs.cc
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/test/cctest/test-code-stub-assembler.cc
[modify] https://crrev.com/32c7ab30b9da30e560ceaebb6f90272a411fadb5/test/cctest/test-macro-assembler-mips.cc

Comment 61 by bugdroid1@chromium.org, Nov 24

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/4ff869ed3cab620e6cebb4af853ae0376f01e49f

commit 4ff869ed3cab620e6cebb4af853ae0376f01e49f
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Sat Nov 24 09:29:14 2018

[ubsan] Port ByteArray and subclasses to the new design

Bug: v8:3770
Change-Id: I49d4fdc1cac6c4bde81fbe0bf76341be12711109
Reviewed-on: https://chromium-review.googlesource.com/c/1345911
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57803}
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/deoptimizer.cc
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/deoptimizer.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/extensions/statistics-extension.cc
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/handler-table.cc
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/handler-table.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/handles.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/heap/factory.cc
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/heap/incremental-marking.cc
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/heap/mark-compact.cc
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/heap/objects-visiting.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/layout-descriptor-inl.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/layout-descriptor.cc
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/layout-descriptor.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/log.cc
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/log.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/math-random.cc
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/objects-inl.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/objects-printer.cc
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/objects.cc
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/objects.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/objects/code-inl.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/objects/code.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/objects/fixed-array-inl.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/objects/fixed-array.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/objects/heap-object-inl.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/objects/heap-object.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/objects/map-inl.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/objects/map.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/objects/object-macros-undef.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/objects/object-macros.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/objects/shared-function-info-inl.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/objects/shared-function-info.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/parsing/preparsed-scope-data-impl.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/parsing/preparsed-scope-data.cc
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/regexp/jsregexp.cc
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/regexp/jsregexp.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/reloc-info.cc
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/reloc-info.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/roots.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/snapshot/serializer.cc
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/source-position-table.cc
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/source-position-table.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/string-stream.cc
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/string-stream.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/wasm/wasm-objects-inl.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/src/wasm/wasm-objects.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/test/cctest/heap/heap-tester.h
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/test/cctest/heap/test-invalidated-slots.cc
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/test/cctest/parsing/test-preparser.cc
[modify] https://crrev.com/4ff869ed3cab620e6cebb4af853ae0376f01e49f/test/cctest/test-unboxed-doubles.cc

Comment 62 by bugdroid1@chromium.org, Nov 24

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/2bec913886087d701e4871277933a0a1f00f34a8

commit 2bec913886087d701e4871277933a0a1f00f34a8
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Sat Nov 24 10:30:42 2018

[ubsan] Port BytecodeArray to the new design

Bug: v8:3770
Change-Id: If5328a4c63d8efe0ce7a0c5a744666c79c02e1ee
Reviewed-on: https://chromium-review.googlesource.com/c/1345912
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57804}
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/compiler/js-heap-broker.cc
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/debug/debug.cc
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/frames.cc
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/frames.h
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/handler-table.cc
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/handler-table.h
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/heap/concurrent-marking.cc
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/heap/mark-compact-inl.h
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/heap/mark-compact.h
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/heap/object-stats.cc
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/heap/objects-visiting.h
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/isolate.cc
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/objects-debug.cc
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/objects-inl.h
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/objects-printer.cc
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/objects.cc
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/objects/code-inl.h
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/objects/code.h
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/objects/debug-objects-inl.h
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/objects/debug-objects.h
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/objects/heap-object.h
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/objects/shared-function-info-inl.h
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/objects/shared-function-info.h
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/runtime-profiler.cc
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/runtime-profiler.h
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/runtime/runtime-debug.cc
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/snapshot/code-serializer.cc
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/src/snapshot/deserializer.cc
[modify] https://crrev.com/2bec913886087d701e4871277933a0a1f00f34a8/test/cctest/test-serialize.cc

Comment 63 by bugdroid1@chromium.org, Nov 25

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54

commit 8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Sun Nov 25 03:08:14 2018

[ubsan] Port FixedArray{,Base} to the new design

Removing the temporarily duplicated classes FixedArrayPtr and
FixedArrayBasePtr.

Bug: v8:3770
Change-Id: I056ad74ff69593e9f134ef5c976766812c4d9275
Reviewed-on: https://chromium-review.googlesource.com/c/1345913
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57807}
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/api.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/bootstrapper.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/bootstrapper.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/builtins/builtins-array-gen.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/builtins/builtins-array.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/compiler/code-assembler.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/compiler/js-heap-broker.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/contexts-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/contexts.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/contexts.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/dateparser-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/dateparser.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/dateparser.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/debug/debug-scopes.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/debug/debug.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/debug/liveedit.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/deoptimizer.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/deoptimizer.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/elements.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/elements.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/frames.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/handles.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/heap/concurrent-marking.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/heap/factory-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/heap/factory.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/heap/factory.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/heap/heap-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/heap/heap-write-barrier-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/heap/heap-write-barrier.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/heap/heap.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/heap/heap.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/heap/mark-compact-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/heap/mark-compact.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/heap/mark-compact.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/heap/object-stats.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/heap/objects-visiting.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/heap/spaces.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/isolate.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/json-stringifier.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/lookup.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/maybe-handles.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/messages.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects-debug.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects-printer.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/arguments-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/arguments.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/code-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/code.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/compilation-cache-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/debug-objects-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/debug-objects.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/debug-objects.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/descriptor-array.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/dictionary.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/fixed-array-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/fixed-array.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/frame-array-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/frame-array.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/hash-table.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/heap-object-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/heap-object.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/js-array.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/js-generator-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/js-generator.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/js-objects-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/js-objects.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/literal-objects-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/literal-objects.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/map-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/map.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/microtask-queue-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/microtask-queue.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/module-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/module.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/ordered-hash-table.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/property-descriptor-object-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/property-descriptor-object.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/regexp-match-info.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/scope-info.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/scope-info.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/script-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/script.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/objects/template-objects.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/regexp/jsregexp.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/regexp/jsregexp.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/roots.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/runtime/runtime-array.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/runtime/runtime-debug.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/runtime/runtime-literals.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/runtime/runtime-regexp.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/runtime/runtime-scopes.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/runtime/runtime-strings.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/snapshot/code-serializer.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/snapshot/startup-serializer.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/snapshot/startup-serializer.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/string-builder-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/string-builder.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/string-stream.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/string-stream.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/value-serializer.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/wasm/wasm-objects-inl.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/src/wasm/wasm-objects.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/test/cctest/compiler/test-code-generator.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/test/cctest/compiler/test-run-stubs.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/test/cctest/heap/test-mark-compact.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/test/cctest/interpreter/bytecode-expectations-printer.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/test/cctest/interpreter/bytecode-expectations-printer.h
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/test/cctest/test-code-stub-assembler.cc
[modify] https://crrev.com/8bb236d7c91cc1cbc5ddb656b57bcaa51eeb5b54/test/cctest/test-debug.cc

Comment 64 by bugdroid1@chromium.org, Nov 25

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/899bf304621cee93bc60782cb91f4a140268422c

commit 899bf304621cee93bc60782cb91f4a140268422c
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Sun Nov 25 04:45:47 2018

[ubsan] Port AbstractCode to the new design

Bug: v8:3770
Change-Id: Id515906744a738d5d40dbb6dee15e243623f020c
Reviewed-on: https://chromium-review.googlesource.com/c/1349111
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57809}
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/src/code-events.h
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/src/frames.cc
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/src/frames.h
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/src/heap/code-stats.cc
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/src/isolate.cc
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/src/log.cc
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/src/log.h
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/src/objects.cc
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/src/objects.h
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/src/objects/code-inl.h
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/src/objects/code.h
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/src/objects/js-objects-inl.h
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/src/objects/js-objects.h
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/src/objects/shared-function-info-inl.h
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/src/objects/shared-function-info.h
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/src/perf-jit.cc
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/src/perf-jit.h
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/src/profiler/profiler-listener.cc
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/src/profiler/profiler-listener.h
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/src/snapshot/serializer.h
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/test/cctest/test-cpu-profiler.cc
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/test/cctest/test-log-stack-tracer.cc
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/test/cctest/test-log.cc
[modify] https://crrev.com/899bf304621cee93bc60782cb91f4a140268422c/test/cctest/test-unwinder.cc

Comment 65 by bugdroid1@chromium.org, Nov 27

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/0f581e4b99ee923e7ebae72e64ee58999ff74b5d

commit 0f581e4b99ee923e7ebae72e64ee58999ff74b5d
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Tue Nov 27 01:42:36 2018

[ubsan] Port Name/String/Symbol to the new design

Bug: v8:3770
Change-Id: I4da6404aa968adca1fbb49029fc304622101d6c3
Reviewed-on: https://chromium-review.googlesource.com/c/1349112
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57853}
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/api.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/ast/scopes.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/bootstrapper.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/bootstrapper.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/builtins/builtins-array-gen.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/builtins/builtins-intl-gen.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/builtins/builtins-string.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/code-events.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/compiler.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/compiler/code-assembler.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/compiler/code-assembler.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/compiler/graph-visualizer.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/compiler/js-native-context-specialization.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/compiler/pipeline.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/conversions.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/conversions.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/debug/debug-scopes.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/elements.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/external-reference.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/feedback-vector-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/feedback-vector.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/feedback-vector.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/frames.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/handles.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/heap/code-stats.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/heap/concurrent-marking.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/heap/heap-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/heap/heap.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/heap/heap.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/heap/mark-compact.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/heap/object-stats.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/heap/objects-visiting-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/heap/objects-visiting.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/heap/scavenger-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/heap/scavenger.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/heap/spaces.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/ic/ic-stats.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/ic/ic.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/ic/stub-cache.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/ic/stub-cache.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/identity-map.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/keys.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/log-utils.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/log-utils.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/log.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/log.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/lookup-cache-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/lookup-cache.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/map-updater.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/map-updater.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects-body-descriptors-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects-debug.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects-printer.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/api-callbacks-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/api-callbacks.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/compilation-cache-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/compilation-cache.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/debug-objects-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/debug-objects.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/descriptor-array.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/dictionary.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/fixed-array.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/heap-object-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/heap-object.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/intl-objects.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/intl-objects.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-break-iterator-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-break-iterator.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-break-iterator.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-list-format-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-list-format.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-locale-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-locale.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-locale.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-number-format-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-number-format.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-objects-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-objects.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-plural-rules-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-plural-rules.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-regexp-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-regexp-string-iterator-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-regexp-string-iterator.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-regexp.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-relative-time-format-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-relative-time-format.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-segmenter-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/js-segmenter.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/module.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/name-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/name.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/ordered-hash-table.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/regexp-match-info.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/scope-info.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/scope-info.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/script-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/shared-function-info-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/shared-function-info.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/string-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/string-table.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/objects/string.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/parsing/scanner-character-streams.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/perf-jit.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/profiler/allocation-tracker.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/profiler/cpu-profiler.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/profiler/cpu-profiler.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/profiler/profile-generator.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/profiler/profiler-listener.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/profiler/profiler-listener.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/profiler/sampling-heap-profiler.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/profiler/strings-storage.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/profiler/strings-storage.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/property-descriptor.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/regexp/arm/regexp-macro-assembler-arm.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/regexp/arm64/regexp-macro-assembler-arm64.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/regexp/ia32/regexp-macro-assembler-ia32.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/regexp/jsregexp.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/regexp/jsregexp.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/regexp/mips/regexp-macro-assembler-mips.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/regexp/mips64/regexp-macro-assembler-mips64.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/regexp/ppc/regexp-macro-assembler-ppc.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/regexp/regexp-macro-assembler.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/regexp/regexp-macro-assembler.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/regexp/s390/regexp-macro-assembler-s390.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/regexp/x64/regexp-macro-assembler-x64.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/roots.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/runtime/runtime-classes.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/runtime/runtime-regexp.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/runtime/runtime-strings.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/snapshot/code-serializer.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/snapshot/deserializer.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/snapshot/deserializer.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/snapshot/object-deserializer.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/snapshot/serializer.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/string-builder-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/string-builder.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/string-hasher-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/string-hasher.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/string-stream.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/string-stream.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/transitions-inl.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/transitions.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/src/transitions.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/test/cctest/compiler/test-run-machops.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/test/cctest/interpreter/bytecode-expectations-printer.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/test/cctest/interpreter/bytecode-expectations-printer.h
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/test/cctest/parsing/test-scanner-streams.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/test/cctest/test-api.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/test/cctest/test-heap-profiler.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/test/cctest/test-mementos.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/test/cctest/test-regexp.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/test/cctest/test-strings.cc
[modify] https://crrev.com/0f581e4b99ee923e7ebae72e64ee58999ff74b5d/test/cctest/test-transitions.cc

Comment 67 by bugdroid1@chromium.org, Nov 28

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d

commit 81620900e93bf9d2c5c84346b29c0f9ec7d7b28d
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Wed Nov 28 21:23:50 2018

[ubsan] Port SharedFunctionInfo to the new design

Bug: v8:3770
Change-Id: If405611d359d29ae1958beebd9202e068434a621
Reviewed-on: https://chromium-review.googlesource.com/c/1350286
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57918}
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/api.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/asmjs/asm-js.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/code-events.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/compiler-dispatcher/compiler-dispatcher.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/compiler-dispatcher/compiler-dispatcher.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/compiler.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/compiler/linkage.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/compiler/wasm-compiler.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/debug/debug-coverage.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/debug/debug-type-profile.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/debug/debug.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/debug/liveedit.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/deoptimizer.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/deoptimizer.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/feedback-vector-inl.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/feedback-vector.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/feedback-vector.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/frames.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/frames.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/gdb-jit.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/handles.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/heap/object-stats.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/heap/objects-visiting-inl.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/heap/objects-visiting.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/ic/ic-stats.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/isolate.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/log.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/log.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/objects-inl.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/objects-printer.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/objects.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/objects.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/objects/code.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/objects/compilation-cache-inl.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/objects/compilation-cache.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/objects/debug-objects-inl.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/objects/debug-objects.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/objects/heap-object-inl.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/objects/heap-object.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/objects/js-objects-inl.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/objects/js-objects.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/objects/module.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/objects/module.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/objects/script-inl.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/objects/script.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/objects/shared-function-info-inl.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/objects/shared-function-info.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/objects/templates-inl.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/perf-jit.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/perf-jit.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/profiler/allocation-tracker.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/profiler/allocation-tracker.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/profiler/profile-generator.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/profiler/profile-generator.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/profiler/profiler-listener.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/profiler/profiler-listener.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/profiler/sampling-heap-profiler.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/runtime-profiler.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/runtime/runtime-debug.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/runtime/runtime-generator.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/runtime/runtime-object.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/runtime/runtime-scopes.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/snapshot/code-serializer.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/snapshot/serializer.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/snapshot/startup-serializer.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/source-position.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/src/source-position.h
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/test/cctest/parsing/test-parse-decision.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/test/cctest/test-cpu-profiler.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/test/cctest/test-log.cc
[modify] https://crrev.com/81620900e93bf9d2c5c84346b29c0f9ec7d7b28d/test/cctest/test-serialize.cc

Comment 68 by bugdroid1@chromium.org, Nov 29

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/862266a2aaef296d407cf131dbdbae5cc74317e0

commit 862266a2aaef296d407cf131dbdbae5cc74317e0
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Thu Nov 29 02:03:20 2018

[ubsan] Port WeakFixedArray and subclasses

TransitionArray, NormalizedMapCache, DependentCode to the new design.

Bug: v8:3770
Change-Id: I8bd56f231fb62b146e0fb05989418aedb62a628b
Reviewed-on: https://chromium-review.googlesource.com/c/1350287
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57921}
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/feedback-vector.cc
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/heap/concurrent-marking.cc
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/heap/factory.cc
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/heap/heap.cc
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/heap/heap.h
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/heap/mark-compact-inl.h
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/heap/mark-compact.cc
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/heap/mark-compact.h
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/heap/objects-visiting.h
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/objects-debug.cc
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/objects-inl.h
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/objects-printer.cc
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/objects.cc
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/objects.h
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/objects/allocation-site-inl.h
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/objects/allocation-site.h
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/objects/code-inl.h
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/objects/code.h
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/objects/fixed-array-inl.h
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/objects/fixed-array.h
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/objects/map-inl.h
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/objects/map.h
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/objects/script-inl.h
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/objects/script.h
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/roots.h
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/transitions-inl.h
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/transitions.cc
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/src/transitions.h
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/test/cctest/test-api.cc
[modify] https://crrev.com/862266a2aaef296d407cf131dbdbae5cc74317e0/test/cctest/test-serialize.cc

Comment 69 by bugdroid1@chromium.org, Nov 29

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/6b67d21a96ecd39703e741b0888f0c71f319573f

commit 6b67d21a96ecd39703e741b0888f0c71f319573f
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Thu Nov 29 03:24:47 2018

[ubsan] Port DescriptorArray to the new design

Bug: v8:3770
Change-Id: If41076a377d12922cc3df859c678e1f20b99b00d
Reviewed-on: https://chromium-review.googlesource.com/c/1351242
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57923}
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/bootstrapper.cc
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/compiler/js-call-reducer.cc
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/handles.h
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/heap/factory.cc
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/heap/mark-compact-inl.h
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/heap/mark-compact.cc
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/heap/mark-compact.h
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/heap/object-stats.cc
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/heap/objects-visiting.h
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/heap/setup-heap-internal.cc
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/ic/ic.cc
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/json-parser.cc
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/layout-descriptor-inl.h
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/layout-descriptor.cc
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/layout-descriptor.h
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/lookup.cc
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/map-updater.cc
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/objects-debug.cc
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/objects-inl.h
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/objects-printer.cc
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/objects.cc
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/objects/descriptor-array.h
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/objects/map-inl.h
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/objects/map.h
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/roots.h
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/runtime/runtime-object.cc
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/string-stream.cc
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/transitions-inl.h
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/transitions.cc
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/src/value-serializer.cc
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/test/cctest/test-field-type-tracking.cc
[modify] https://crrev.com/6b67d21a96ecd39703e741b0888f0c71f319573f/test/cctest/test-unboxed-doubles.cc

Comment 70 by bugdroid1@chromium.org, Nov 29

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/eee67af3e805eb2147bf4ad1c1253cf0f90d9205

commit eee67af3e805eb2147bf4ad1c1253cf0f90d9205
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Thu Nov 29 09:44:34 2018

[ubsan] Be more explicit about casting ObjectPtr

Explicitly disallow implicit casting of ObjectPtr to bool to match
clang's and MSVC's behavior.
Introduce a few function overloads using ObjectPtr instead of Object*.
Fix printing of ObjectPtr for objects-printer.cc and GTest.

Bug: v8:3770
Change-Id: I3c3580d363ae6d9fe8f743c6151abc11a915f05c
Reviewed-on: https://chromium-review.googlesource.com/c/1351245
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57928}
[modify] https://crrev.com/eee67af3e805eb2147bf4ad1c1253cf0f90d9205/src/arm64/macro-assembler-arm64.cc
[modify] https://crrev.com/eee67af3e805eb2147bf4ad1c1253cf0f90d9205/src/arm64/macro-assembler-arm64.h
[modify] https://crrev.com/eee67af3e805eb2147bf4ad1c1253cf0f90d9205/src/global-handles.cc
[modify] https://crrev.com/eee67af3e805eb2147bf4ad1c1253cf0f90d9205/src/global-handles.h
[modify] https://crrev.com/eee67af3e805eb2147bf4ad1c1253cf0f90d9205/src/heap/spaces-inl.h
[modify] https://crrev.com/eee67af3e805eb2147bf4ad1c1253cf0f90d9205/src/heap/spaces.h
[modify] https://crrev.com/eee67af3e805eb2147bf4ad1c1253cf0f90d9205/src/objects-printer.cc
[modify] https://crrev.com/eee67af3e805eb2147bf4ad1c1253cf0f90d9205/src/objects/heap-object.h
[modify] https://crrev.com/eee67af3e805eb2147bf4ad1c1253cf0f90d9205/src/value-serializer.cc
[modify] https://crrev.com/eee67af3e805eb2147bf4ad1c1253cf0f90d9205/test/unittests/test-utils.h

Comment 72 by bugdroid1@chromium.org, Nov 30

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/dda79700be21f8609d845ab14ec75c9c2dacffa2

commit dda79700be21f8609d845ab14ec75c9c2dacffa2
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri Nov 30 18:56:24 2018

[ubsan] Port CodeDataContainer to the new design

Bug: v8:3770
Change-Id: I0ffdd0d9da8629977a0b82fbfdac2b4f903e39ad
Reviewed-on: https://chromium-review.googlesource.com/c/1355626
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57979}
[modify] https://crrev.com/dda79700be21f8609d845ab14ec75c9c2dacffa2/src/heap/objects-visiting.h
[modify] https://crrev.com/dda79700be21f8609d845ab14ec75c9c2dacffa2/src/objects-printer.cc
[modify] https://crrev.com/dda79700be21f8609d845ab14ec75c9c2dacffa2/src/objects/code-inl.h
[modify] https://crrev.com/dda79700be21f8609d845ab14ec75c9c2dacffa2/src/objects/code.h

Comment 73 by bugdroid1@chromium.org, Nov 30

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/f53d4d70a95005e4491f281ac5c31c69a147f177

commit f53d4d70a95005e4491f281ac5c31c69a147f177
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri Nov 30 20:00:20 2018

[ubsan] Port FeedbackVector and FeedbackMetadata

to the new design.

Bug: v8:3770
Change-Id: I63291cc8eccfa1da20e84c6d3e9f48f253409396
Reviewed-on: https://chromium-review.googlesource.com/c/1355627
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57981}
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/compiler.cc
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/debug/debug-coverage.cc
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/debug/debug-type-profile.cc
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/deoptimizer.cc
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/deoptimizer.h
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/feedback-vector-inl.h
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/feedback-vector.cc
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/feedback-vector.h
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/handles.h
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/heap/factory.cc
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/heap/object-stats.cc
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/heap/objects-visiting.h
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/ic/ic.cc
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/ic/ic.h
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/isolate.cc
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/objects-debug.cc
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/objects-inl.h
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/objects-printer.cc
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/objects.cc
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/objects/heap-object-inl.h
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/objects/heap-object.h
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/objects/js-objects-inl.h
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/objects/js-objects.h
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/objects/shared-function-info-inl.h
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/objects/shared-function-info.h
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/roots.h
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/src/runtime-profiler.cc
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/test/cctest/heap/test-weak-references.cc
[modify] https://crrev.com/f53d4d70a95005e4491f281ac5c31c69a147f177/test/cctest/interpreter/interpreter-tester.h

Comment 74 by bugdroid1@chromium.org, Dec 1

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/421807599d54b7856d375b7fdcd97d5a3b280c44

commit 421807599d54b7856d375b7fdcd97d5a3b280c44
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Sat Dec 01 02:43:17 2018

[ubsan] Fix complaint in NewArray when size == 0

While strictly speaking it is legal (though useless) to dynamically
create zero-length arrays with "new T[0]", UBSan does not like it,
so this CL avoids doing it. It fixes the error:

../../src/allocation.h:41:34: runtime error: constructor call on
address 0x... with insufficient space for an object of type 'unsigned char'

Bug: v8:3770
Change-Id: I5017767c59df0d8928f7493f92d2d04519083964
Reviewed-on: https://chromium-review.googlesource.com/c/1356902
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57984}
[modify] https://crrev.com/421807599d54b7856d375b7fdcd97d5a3b280c44/src/interface-descriptors.cc
[modify] https://crrev.com/421807599d54b7856d375b7fdcd97d5a3b280c44/src/interface-descriptors.h

Comment 76 by bugdroid1@chromium.org, Dec 3

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/371ba71f82d583cc4b81fa7ef12cd60765125074

commit 371ba71f82d583cc4b81fa7ef12cd60765125074
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Mon Dec 03 23:35:12 2018

[ubsan] Port WeakArrayList to the new design

and also its pure-static subclass PrototypeUsers, whose porting
is a no-op.

Bug: v8:3770
Change-Id: I075806f784a0631058692149e71c45e455e90f73
Reviewed-on: https://chromium-review.googlesource.com/c/1355631
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58003}
[modify] https://crrev.com/371ba71f82d583cc4b81fa7ef12cd60765125074/src/heap/factory.cc
[modify] https://crrev.com/371ba71f82d583cc4b81fa7ef12cd60765125074/src/heap/heap.cc
[modify] https://crrev.com/371ba71f82d583cc4b81fa7ef12cd60765125074/src/heap/heap.h
[modify] https://crrev.com/371ba71f82d583cc4b81fa7ef12cd60765125074/src/heap/incremental-marking.cc
[modify] https://crrev.com/371ba71f82d583cc4b81fa7ef12cd60765125074/src/objects-debug.cc
[modify] https://crrev.com/371ba71f82d583cc4b81fa7ef12cd60765125074/src/objects-inl.h
[modify] https://crrev.com/371ba71f82d583cc4b81fa7ef12cd60765125074/src/objects.cc
[modify] https://crrev.com/371ba71f82d583cc4b81fa7ef12cd60765125074/src/objects/fixed-array-inl.h
[modify] https://crrev.com/371ba71f82d583cc4b81fa7ef12cd60765125074/src/objects/fixed-array.h
[modify] https://crrev.com/371ba71f82d583cc4b81fa7ef12cd60765125074/src/objects/prototype-info-inl.h
[modify] https://crrev.com/371ba71f82d583cc4b81fa7ef12cd60765125074/src/objects/prototype-info.h
[modify] https://crrev.com/371ba71f82d583cc4b81fa7ef12cd60765125074/src/roots.h
[modify] https://crrev.com/371ba71f82d583cc4b81fa7ef12cd60765125074/src/runtime/runtime-test.cc
[modify] https://crrev.com/371ba71f82d583cc4b81fa7ef12cd60765125074/src/wasm/wasm-objects-inl.h
[modify] https://crrev.com/371ba71f82d583cc4b81fa7ef12cd60765125074/src/wasm/wasm-objects.h
[modify] https://crrev.com/371ba71f82d583cc4b81fa7ef12cd60765125074/test/cctest/heap/test-weak-references.cc

Comment 77 by bugdroid1@chromium.org, Dec 8

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a

commit cfb5bb726f29cb6e4b052672c9235258ff5a6e5a
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Sat Dec 08 04:05:50 2018

[ubsan] Port JSReceiver and subclasses to the new design

Bug: v8:3770
Change-Id: I1d74ffe9e5478b4b8bc0acbf088d20919d458d50
Reviewed-on: https://chromium-review.googlesource.com/c/1363822
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58112}
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/accessors.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/api-arguments-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/api-arguments.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/api-arguments.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/api-natives.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/api.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/bootstrapper.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/bootstrapper.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/builtins/builtins-api.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/builtins/builtins-array.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/builtins/builtins-object.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/builtins/x64/builtins-x64.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/contexts.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/contexts.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/debug/debug-scopes.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/debug/debug.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/debug/debug.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/debug/liveedit.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/deoptimizer.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/deoptimizer.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/elements-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/elements.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/elements.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/external-reference.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/feedback-vector.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/feedback-vector.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/frames.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/frames.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/global-handles.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/handles.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/heap/array-buffer-tracker-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/heap/array-buffer-tracker.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/heap/array-buffer-tracker.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/heap/concurrent-marking.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/heap/embedder-tracing.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/heap/embedder-tracing.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/heap/factory.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/heap/heap.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/heap/heap.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/heap/mark-compact-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/heap/mark-compact.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/heap/mark-compact.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/heap/object-stats.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/heap/objects-visiting-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/heap/objects-visiting.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/heap/spaces-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/heap/spaces.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/heap/spaces.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/ic/call-optimization.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/ic/ic-stats.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/ic/ic-stats.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/ic/ic.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/ic/ic.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/isolate.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/isolate.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/keys.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/log.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/log.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/lookup.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/lookup.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects-debug.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects-printer.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/allocation-site-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/allocation-site.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/arguments-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/arguments.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/embedder-data-slot-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/embedder-data-slot.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/heap-object-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/heap-object.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-array-buffer-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-array-buffer.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-array-buffer.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-array-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-array.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-break-iterator-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-break-iterator.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-collator-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-collator.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-collection-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-collection.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-date-time-format-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-date-time-format.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-generator-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-generator.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-list-format-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-list-format.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-locale-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-locale.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-number-format-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-number-format.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-objects-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-objects.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-plural-rules-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-plural-rules.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-promise-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-promise.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-proxy-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-proxy.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-regexp-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-regexp-string-iterator-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-regexp-string-iterator.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-regexp.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-relative-time-format-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-relative-time-format.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-segment-iterator-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-segment-iterator.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-segmenter-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-segmenter.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-weak-refs-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/js-weak-refs.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/microtask-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/microtask.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/module-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/module.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/module.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/ordered-hash-table.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/promise-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/promise.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/templates-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/objects/templates.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/optimized-compilation-info.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/optimized-compilation-info.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/pending-compilation-error-handler.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/prototype-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/prototype.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/regexp/regexp-utils.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/runtime-profiler.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/runtime-profiler.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/runtime/runtime-array.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/runtime/runtime-classes.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/runtime/runtime-function.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/runtime/runtime-regexp.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/runtime/runtime-wasm.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/snapshot/deserializer.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/snapshot/partial-serializer.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/snapshot/serializer.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/string-stream.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/string-stream.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/value-serializer.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/value-serializer.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/wasm/wasm-objects-inl.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/wasm/wasm-objects.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/src/wasm/wasm-objects.h
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/test/cctest/compiler/function-tester.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/test/cctest/heap/test-array-buffer-tracker.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/test/cctest/heap/test-invalidated-slots.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/test/cctest/heap/test-mark-compact.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/test/cctest/test-api-interceptors.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/test/cctest/test-api.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/test/cctest/test-code-stub-assembler.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/test/cctest/test-debug.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/test/cctest/test-elements-kind.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/test/cctest/test-heap-profiler.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/test/cctest/test-inobject-slack-tracking.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/test/cctest/test-js-weak-refs.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/test/cctest/test-log-stack-tracer.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/test/cctest/test-macro-assembler-mips.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/test/cctest/test-unboxed-doubles.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/test/cctest/wasm/test-run-wasm-module.cc
[modify] https://crrev.com/cfb5bb726f29cb6e4b052672c9235258ff5a6e5a/test/cctest/wasm/test-wasm-breakpoints.cc

Comment 78 by bugdroid1@chromium.org, Dec 14

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/00d6c6677c2c7f0acd8a1cc6f4c3b1954dc698d4

commit 00d6c6677c2c7f0acd8a1cc6f4c3b1954dc698d4
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri Dec 14 20:13:14 2018

[ubsan] Temporarily duplicate Struct and Tuple2

in preparation for incrementally transitioning their subclasses.

Bug: v8:3770
Change-Id: I5ed6adb1969bc1ec7125571fea443834ca255c22
Reviewed-on: https://chromium-review.googlesource.com/c/1377453
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58252}
[modify] https://crrev.com/00d6c6677c2c7f0acd8a1cc6f4c3b1954dc698d4/src/objects-debug.cc
[modify] https://crrev.com/00d6c6677c2c7f0acd8a1cc6f4c3b1954dc698d4/src/objects-printer.cc
[modify] https://crrev.com/00d6c6677c2c7f0acd8a1cc6f4c3b1954dc698d4/src/objects.cc
[modify] https://crrev.com/00d6c6677c2c7f0acd8a1cc6f4c3b1954dc698d4/src/objects/struct-inl.h
[modify] https://crrev.com/00d6c6677c2c7f0acd8a1cc6f4c3b1954dc698d4/src/objects/struct.h

Comment 79 by bugdroid1@chromium.org, Dec 14

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e

commit 4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri Dec 14 20:31:54 2018

[ubsan] Port Struct subclasses, part 1

AccessCheckInfo, AccessorInfo, AccessorPair, AliasedArgumentsEntry

Bug: v8:3770
Change-Id: I4bc3aebae2637daa4b0066d3946f1bfae8055f84
Reviewed-on: https://chromium-review.googlesource.com/c/1377454
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58254}
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/debug/debug.cc
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/elements.cc
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/isolate.cc
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/keys.cc
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/log.cc
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/lookup.cc
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/objects-debug.cc
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/objects-printer.cc
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/objects.cc
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/objects/api-callbacks-inl.h
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/objects/api-callbacks.h
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/objects/arguments-inl.h
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/objects/arguments.h
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/objects/literal-objects.cc
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/objects/struct-inl.h
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/objects/struct.h
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/roots.h
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/runtime/runtime-classes.cc
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/snapshot/deserializer.h
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/snapshot/serializer-common.cc
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/snapshot/serializer-common.h
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/snapshot/startup-serializer.cc
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/src/snapshot/startup-serializer.h
[modify] https://crrev.com/4552a7e66bc78b625d340455ecf8c2cb6c2f9c6e/test/cctest/test-field-type-tracking.cc

Comment 80 by bugdroid1@chromium.org, Dec 14

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/c31f33b212862e70b7ea20377df982f363d33cf9

commit c31f33b212862e70b7ea20377df982f363d33cf9
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri Dec 14 20:43:54 2018

[ubsan] Port Struct subclasses, part 2

AllocationMemento, AllocationSite, ArrayBoilerplateDescription

Bug: v8:3770
Change-Id: I0081d222c73d9d66ba35ae28e73b6388e4e58ac0
Reviewed-on: https://chromium-review.googlesource.com/c/1377455
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58255}
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/allocation-site-scopes.h
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/handles.h
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/heap/factory.cc
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/heap/factory.h
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/heap/heap-inl.h
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/heap/heap.cc
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/heap/heap.h
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/heap/mark-compact.cc
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/heap/object-stats.cc
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/heap/objects-visiting.cc
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/heap/objects-visiting.h
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/objects-inl.h
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/objects-printer.cc
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/objects.cc
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/objects/allocation-site-inl.h
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/objects/allocation-site.h
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/objects/literal-objects-inl.h
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/objects/literal-objects.h
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/roots.h
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/snapshot/deserializer.h
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/src/snapshot/object-deserializer.cc
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/c31f33b212862e70b7ea20377df982f363d33cf9/test/cctest/test-mementos.cc

Comment 81 by bugdroid1@chromium.org, Dec 14

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/79b61ed65321e20776c7c76467da416ad55df025

commit 79b61ed65321e20776c7c76467da416ad55df025
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri Dec 14 20:53:04 2018

[ubsan] Port Struct subclasses, part 3

AsmWasmData, WasmDebugInfo, WasmExceptionTag, WasmExportedFunctionData

Bug: v8:3770
Change-Id: I0343daaa10bdb9dfaba07f28051821077703a106
Reviewed-on: https://chromium-review.googlesource.com/c/1377456
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58256}
[modify] https://crrev.com/79b61ed65321e20776c7c76467da416ad55df025/src/frames.cc
[modify] https://crrev.com/79b61ed65321e20776c7c76467da416ad55df025/src/frames.h
[modify] https://crrev.com/79b61ed65321e20776c7c76467da416ad55df025/src/handles.h
[modify] https://crrev.com/79b61ed65321e20776c7c76467da416ad55df025/src/maybe-handles.h
[modify] https://crrev.com/79b61ed65321e20776c7c76467da416ad55df025/src/objects-printer.cc
[modify] https://crrev.com/79b61ed65321e20776c7c76467da416ad55df025/src/objects.cc
[modify] https://crrev.com/79b61ed65321e20776c7c76467da416ad55df025/src/objects/shared-function-info-inl.h
[modify] https://crrev.com/79b61ed65321e20776c7c76467da416ad55df025/src/objects/shared-function-info.h
[modify] https://crrev.com/79b61ed65321e20776c7c76467da416ad55df025/src/wasm/wasm-debug.cc
[modify] https://crrev.com/79b61ed65321e20776c7c76467da416ad55df025/src/wasm/wasm-objects-inl.h
[modify] https://crrev.com/79b61ed65321e20776c7c76467da416ad55df025/src/wasm/wasm-objects.h

Comment 82 by bugdroid1@chromium.org, Dec 14

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/9005da4b1483f40f8c5a613ed324c73c61d9f338

commit 9005da4b1483f40f8c5a613ed324c73c61d9f338
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri Dec 14 23:47:28 2018

[ubsan] Port Struct subclasses, part 4

AsyncGeneratorRequest, DataHandler, LoadHandler, StoreHandler

Bug: v8:3770
Change-Id: I71198f9af116d2ca37bbe47131ae73b6ae643e01
Reviewed-on: https://chromium-review.googlesource.com/c/1377457
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58259}
[modify] https://crrev.com/9005da4b1483f40f8c5a613ed324c73c61d9f338/src/heap/objects-visiting.h
[modify] https://crrev.com/9005da4b1483f40f8c5a613ed324c73c61d9f338/src/ic/handler-configuration-inl.h
[modify] https://crrev.com/9005da4b1483f40f8c5a613ed324c73c61d9f338/src/ic/handler-configuration.h
[modify] https://crrev.com/9005da4b1483f40f8c5a613ed324c73c61d9f338/src/objects-inl.h
[modify] https://crrev.com/9005da4b1483f40f8c5a613ed324c73c61d9f338/src/objects-printer.cc
[modify] https://crrev.com/9005da4b1483f40f8c5a613ed324c73c61d9f338/src/objects/data-handler-inl.h
[modify] https://crrev.com/9005da4b1483f40f8c5a613ed324c73c61d9f338/src/objects/data-handler.h
[modify] https://crrev.com/9005da4b1483f40f8c5a613ed324c73c61d9f338/src/objects/js-generator-inl.h
[modify] https://crrev.com/9005da4b1483f40f8c5a613ed324c73c61d9f338/src/objects/js-generator.h

Comment 83 by bugdroid1@chromium.org, Dec 17

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/e9c4c5308df55b3fe787126e9d60eb5b93fdd472

commit e9c4c5308df55b3fe787126e9d60eb5b93fdd472
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Mon Dec 17 10:16:13 2018

[ubsan] Port Struct subclasses, part 5

BreakPoint, BreakPointInfo, DebugInfo

Bug: v8:3770
Change-Id: Ibad956b0933b5e994407475faaf4a8770e455318
Reviewed-on: https://chromium-review.googlesource.com/c/1377458
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58269}
[modify] https://crrev.com/e9c4c5308df55b3fe787126e9d60eb5b93fdd472/src/debug/debug.cc
[modify] https://crrev.com/e9c4c5308df55b3fe787126e9d60eb5b93fdd472/src/debug/debug.h
[modify] https://crrev.com/e9c4c5308df55b3fe787126e9d60eb5b93fdd472/src/objects-printer.cc
[modify] https://crrev.com/e9c4c5308df55b3fe787126e9d60eb5b93fdd472/src/objects.cc
[modify] https://crrev.com/e9c4c5308df55b3fe787126e9d60eb5b93fdd472/src/objects/debug-objects-inl.h
[modify] https://crrev.com/e9c4c5308df55b3fe787126e9d60eb5b93fdd472/src/objects/debug-objects.cc
[modify] https://crrev.com/e9c4c5308df55b3fe787126e9d60eb5b93fdd472/src/objects/debug-objects.h
[modify] https://crrev.com/e9c4c5308df55b3fe787126e9d60eb5b93fdd472/src/objects/shared-function-info-inl.h
[modify] https://crrev.com/e9c4c5308df55b3fe787126e9d60eb5b93fdd472/src/objects/shared-function-info.h
[modify] https://crrev.com/e9c4c5308df55b3fe787126e9d60eb5b93fdd472/src/snapshot/code-serializer.cc

Comment 84 by bugdroid1@chromium.org, Dec 17

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/ec04cd33fc6eed1e6aa9a456862bce59093c614d

commit ec04cd33fc6eed1e6aa9a456862bce59093c614d
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Mon Dec 17 11:34:43 2018

[ubsan] Port Struct subclasses, part 6

FeedbackCell, FunctionTemplateRareData, TemplateInfo,
FunctionTemplateInfo, ObjectTemplateInfo

Bug: v8:3770
Change-Id: Ic30ff2563fe30088b7740d5e98ade03cdae7fdd8
Reviewed-on: https://chromium-review.googlesource.com/c/1377459
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58274}
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/api-natives.cc
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/api.cc
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/builtins/builtins-api.cc
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/handles.h
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/heap/object-stats.cc
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/heap/objects-visiting.h
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/log.cc
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/maybe-handles.h
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/objects-inl.h
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/objects-printer.cc
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/objects.cc
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/objects/compilation-cache-inl.h
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/objects/compilation-cache.h
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/objects/feedback-cell-inl.h
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/objects/feedback-cell.h
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/objects/js-objects-inl.h
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/objects/js-objects.h
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/objects/map-inl.h
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/objects/map.h
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/objects/shared-function-info-inl.h
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/objects/shared-function-info.h
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/objects/templates-inl.h
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/objects/templates.h
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/src/roots.h
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/test/cctest/interpreter/interpreter-tester.h
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/test/cctest/test-api.cc
[modify] https://crrev.com/ec04cd33fc6eed1e6aa9a456862bce59093c614d/test/cctest/test-feedback-vector.cc

Comment 85 by bugdroid1@chromium.org, Dec 17

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/299db578b1f1e36e0154ddc06a3d4ea31621a202

commit 299db578b1f1e36e0154ddc06a3d4ea31621a202
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Mon Dec 17 12:32:33 2018

[ubsan] Port Struct subclasses, part 7

Microtask, CallableTask, CallbackTask, PromiseReactionJobTask,
PromiseFulfillReactionJobTask, PromiseRejectReactionJobTask,
PromiseResolveThenableJobTask, WeakFactoryCleanupJobTask

Bug: v8:3770
Change-Id: I778a807394acddbbee74f626dcfee211b0bcbe6a
Reviewed-on: https://chromium-review.googlesource.com/c/1377769
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58277}
[modify] https://crrev.com/299db578b1f1e36e0154ddc06a3d4ea31621a202/src/microtask-queue.cc
[modify] https://crrev.com/299db578b1f1e36e0154ddc06a3d4ea31621a202/src/microtask-queue.h
[modify] https://crrev.com/299db578b1f1e36e0154ddc06a3d4ea31621a202/src/objects-printer.cc
[modify] https://crrev.com/299db578b1f1e36e0154ddc06a3d4ea31621a202/src/objects/js-weak-refs-inl.h
[modify] https://crrev.com/299db578b1f1e36e0154ddc06a3d4ea31621a202/src/objects/js-weak-refs.h
[modify] https://crrev.com/299db578b1f1e36e0154ddc06a3d4ea31621a202/src/objects/microtask-inl.h
[modify] https://crrev.com/299db578b1f1e36e0154ddc06a3d4ea31621a202/src/objects/microtask.h
[modify] https://crrev.com/299db578b1f1e36e0154ddc06a3d4ea31621a202/src/objects/promise-inl.h
[modify] https://crrev.com/299db578b1f1e36e0154ddc06a3d4ea31621a202/src/objects/promise.h

Comment 86 by bugdroid1@chromium.org, Dec 17

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea

commit 8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Mon Dec 17 13:36:35 2018

[ubsan] Port Struct subclasses, part 8: Script

Bug: v8:3770
Change-Id: Id7a05e5687d36c9347f35f6f3276af2a4b6115fd
Reviewed-on: https://chromium-review.googlesource.com/c/1377770
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58279}
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/api.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/debug/debug-coverage.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/debug/debug-type-profile.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/debug/debug.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/debug/liveedit.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/frames.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/frames.h
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/gdb-jit.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/heap/code-stats.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/heap/object-stats.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/ic/ic-stats.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/ic/ic-stats.h
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/log-inl.h
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/log.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/log.h
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/objects-printer.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/objects.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/objects/compilation-cache-inl.h
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/objects/js-objects-inl.h
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/objects/js-objects.h
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/objects/module-inl.h
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/objects/module.h
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/objects/script-inl.h
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/objects/script.h
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/objects/shared-function-info-inl.h
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/objects/shared-function-info.h
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/parsing/parser.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/profiler/allocation-tracker.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/profiler/allocation-tracker.h
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/profiler/profile-generator.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/profiler/profiler-listener.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/profiler/sampling-heap-profiler.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/roots.h
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/runtime/runtime-debug.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/snapshot/code-serializer.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/snapshot/deserializer.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/snapshot/deserializer.h
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/source-position.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/wasm/wasm-objects-inl.h
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/src/wasm/wasm-objects.h
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/8dc9e26eda82f0f19235f584a8bd4ad96d2b96ea/test/cctest/test-debug.cc

Comment 87 by bugdroid1@chromium.org, Dec 17

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/824596aa2801b26fe478661c6c87b146ef200c55

commit 824596aa2801b26fe478661c6c87b146ef200c55
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Mon Dec 17 14:17:22 2018

[ubsan] Replace a few more Object** with alternatives

Either Address* or Handle<Object> or ObjectSlot, depending on
circumstances.

Bug: v8:3770
Change-Id: Id00dfede6eb92ec30b658c0090b5310548ba5162
Reviewed-on: https://chromium-review.googlesource.com/c/1379228
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58282}
[modify] https://crrev.com/824596aa2801b26fe478661c6c87b146ef200c55/src/deoptimizer.cc
[modify] https://crrev.com/824596aa2801b26fe478661c6c87b146ef200c55/src/handles-inl.h
[modify] https://crrev.com/824596aa2801b26fe478661c6c87b146ef200c55/src/heap/factory.cc
[modify] https://crrev.com/824596aa2801b26fe478661c6c87b146ef200c55/src/profiler/heap-profiler.cc
[modify] https://crrev.com/824596aa2801b26fe478661c6c87b146ef200c55/src/profiler/heap-profiler.h
[modify] https://crrev.com/824596aa2801b26fe478661c6c87b146ef200c55/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/824596aa2801b26fe478661c6c87b146ef200c55/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/824596aa2801b26fe478661c6c87b146ef200c55/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/824596aa2801b26fe478661c6c87b146ef200c55/test/cctest/test-api.h

Comment 88 by bugdroid1@chromium.org, Dec 17

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/ecdcae8492de511edbd8778b23376301d90a8319

commit ecdcae8492de511edbd8778b23376301d90a8319
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Mon Dec 17 15:00:34 2018

[ubsan] Port Struct subclasses, part 9

CallbackInfo, InterceptorInfo, Tuple3

Bug: v8:3770
Change-Id: I47a380949c031ed9eba0e5a7d752669efc0af76c
Reviewed-on: https://chromium-review.googlesource.com/c/1377771
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58284}
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/api-arguments-inl.h
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/api-arguments.h
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/api.cc
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/builtins/builtins-api.cc
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/debug/debug.cc
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/ic/ic.cc
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/log.cc
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/lookup-inl.h
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/lookup.h
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/objects-debug.cc
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/objects-inl.h
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/objects-printer.cc
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/objects.cc
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/objects/api-callbacks-inl.h
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/objects/api-callbacks.h
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/objects/js-objects-inl.h
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/objects/js-objects.h
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/objects/map-inl.h
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/objects/map.h
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/objects/struct-inl.h
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/objects/struct.h
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/roots.h
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/snapshot/deserializer.h
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/snapshot/serializer-common.cc
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/snapshot/serializer-common.h
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/snapshot/startup-serializer.cc
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/src/snapshot/startup-serializer.h
[modify] https://crrev.com/ecdcae8492de511edbd8778b23376301d90a8319/test/cctest/test-api.cc

Comment 89 by bugdroid1@chromium.org, Dec 17

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/7520a0fab802a2d26a05c4206b8ae3bcf448921f

commit 7520a0fab802a2d26a05c4206b8ae3bcf448921f
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Mon Dec 17 15:47:54 2018

[ubsan] Port Struct subclasses, part 10

Tuple2 and subclasses: EnumCache, SourcePositionTableWithFrameCache,
TemplateObjectDescription

Bug: v8:3770
Change-Id: Icff0860a04445dda542119834ef9866167ba2263
Reviewed-on: https://chromium-review.googlesource.com/c/1377772
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58287}
[modify] https://crrev.com/7520a0fab802a2d26a05c4206b8ae3bcf448921f/src/heap/mark-compact.cc
[modify] https://crrev.com/7520a0fab802a2d26a05c4206b8ae3bcf448921f/src/heap/object-stats.cc
[modify] https://crrev.com/7520a0fab802a2d26a05c4206b8ae3bcf448921f/src/objects-debug.cc
[modify] https://crrev.com/7520a0fab802a2d26a05c4206b8ae3bcf448921f/src/objects-inl.h
[modify] https://crrev.com/7520a0fab802a2d26a05c4206b8ae3bcf448921f/src/objects-printer.cc
[modify] https://crrev.com/7520a0fab802a2d26a05c4206b8ae3bcf448921f/src/objects.cc
[modify] https://crrev.com/7520a0fab802a2d26a05c4206b8ae3bcf448921f/src/objects/code-inl.h
[modify] https://crrev.com/7520a0fab802a2d26a05c4206b8ae3bcf448921f/src/objects/code.h
[modify] https://crrev.com/7520a0fab802a2d26a05c4206b8ae3bcf448921f/src/objects/debug-objects-inl.h
[modify] https://crrev.com/7520a0fab802a2d26a05c4206b8ae3bcf448921f/src/objects/debug-objects.h
[modify] https://crrev.com/7520a0fab802a2d26a05c4206b8ae3bcf448921f/src/objects/descriptor-array-inl.h
[modify] https://crrev.com/7520a0fab802a2d26a05c4206b8ae3bcf448921f/src/objects/descriptor-array.h
[modify] https://crrev.com/7520a0fab802a2d26a05c4206b8ae3bcf448921f/src/objects/struct-inl.h
[modify] https://crrev.com/7520a0fab802a2d26a05c4206b8ae3bcf448921f/src/objects/struct.h
[modify] https://crrev.com/7520a0fab802a2d26a05c4206b8ae3bcf448921f/src/objects/template-objects.h
[modify] https://crrev.com/7520a0fab802a2d26a05c4206b8ae3bcf448921f/src/roots.h
[modify] https://crrev.com/7520a0fab802a2d26a05c4206b8ae3bcf448921f/src/wasm/wasm-objects.cc
[modify] https://crrev.com/7520a0fab802a2d26a05c4206b8ae3bcf448921f/test/cctest/test-object.cc

Comment 90 by bugdroid1@chromium.org, Dec 17

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/7f21bbc11d0ec0d74b702b2c2728040b14788fe0

commit 7f21bbc11d0ec0d74b702b2c2728040b14788fe0
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Mon Dec 17 20:31:45 2018

[ubsan] Port Foreign and Managed to the new design

Bug: v8:3770
Change-Id: Ie80ce957ff1d2bcd3596491066f6562ce0ad129a
Reviewed-on: https://chromium-review.googlesource.com/c/1380114
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58294}
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/api.cc
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/heap/mark-compact.cc
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/messages.cc
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/foreign-inl.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/foreign.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/intl-objects.cc
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/intl-objects.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-break-iterator-inl.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-break-iterator.cc
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-break-iterator.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-collator-inl.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-collator.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-date-time-format-inl.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-date-time-format.cc
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-date-time-format.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-list-format-inl.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-list-format.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-number-format-inl.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-number-format.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-plural-rules-inl.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-plural-rules.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-relative-time-format-inl.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-relative-time-format.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-segment-iterator-inl.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-segment-iterator.cc
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-segment-iterator.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-segmenter-inl.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/js-segmenter.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/managed.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/microtask-inl.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/objects/microtask.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/snapshot/serializer.cc
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/snapshot/serializer.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/visitors.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/wasm/wasm-objects-inl.h
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/wasm/wasm-objects.cc
[modify] https://crrev.com/7f21bbc11d0ec0d74b702b2c2728040b14788fe0/src/wasm/wasm-objects.h

Comment 92 by bugdroid1@chromium.org, Dec 18

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/e66c6ef7507b7edf5d93dcd3a487f2df6104295d

commit e66c6ef7507b7edf5d93dcd3a487f2df6104295d
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Tue Dec 18 11:00:23 2018

[ubsan] Port Struct subclasses, part 11

InterpreterData, Module, ModuleInfoEntry, PromiseCapability,
PromiseReaction, PrototypeInfo, StackFrameInfo

Bug: v8:3770
Change-Id: I5da03b082b1497ac68a218e26dbc702c7746bf5a
Reviewed-on: https://chromium-review.googlesource.com/c/1377460
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58311}
[modify] https://crrev.com/e66c6ef7507b7edf5d93dcd3a487f2df6104295d/src/contexts.cc
[modify] https://crrev.com/e66c6ef7507b7edf5d93dcd3a487f2df6104295d/src/contexts.h
[modify] https://crrev.com/e66c6ef7507b7edf5d93dcd3a487f2df6104295d/src/handles.h
[modify] https://crrev.com/e66c6ef7507b7edf5d93dcd3a487f2df6104295d/src/heap/heap.cc
[modify] https://crrev.com/e66c6ef7507b7edf5d93dcd3a487f2df6104295d/src/heap/object-stats.cc
[modify] https://crrev.com/e66c6ef7507b7edf5d93dcd3a487f2df6104295d/src/heap/objects-visiting.h
[modify] https://crrev.com/e66c6ef7507b7edf5d93dcd3a487f2df6104295d/src/objects-debug.cc
[modify] https://crrev.com/e66c6ef7507b7edf5d93dcd3a487f2df6104295d/src/objects-printer.cc
[modify] https://crrev.com/e66c6ef7507b7edf5d93dcd3a487f2df6104295d/src/objects.cc
[modify] https://crrev.com/e66c6ef7507b7edf5d93dcd3a487f2df6104295d/src/objects/module-inl.h
[modify] https://crrev.com/e66c6ef7507b7edf5d93dcd3a487f2df6104295d/src/objects/module.h
[modify] https://crrev.com/e66c6ef7507b7edf5d93dcd3a487f2df6104295d/src/objects/promise-inl.h
[modify] https://crrev.com/e66c6ef7507b7edf5d93dcd3a487f2df6104295d/src/objects/promise.h
[modify] https://crrev.com/e66c6ef7507b7edf5d93dcd3a487f2df6104295d/src/objects/prototype-info-inl.h
[modify] https://crrev.com/e66c6ef7507b7edf5d93dcd3a487f2df6104295d/src/objects/prototype-info.h
[modify] https://crrev.com/e66c6ef7507b7edf5d93dcd3a487f2df6104295d/src/objects/shared-function-info-inl.h
[modify] https://crrev.com/e66c6ef7507b7edf5d93dcd3a487f2df6104295d/src/objects/shared-function-info.h
[modify] https://crrev.com/e66c6ef7507b7edf5d93dcd3a487f2df6104295d/src/objects/stack-frame-info-inl.h
[modify] https://crrev.com/e66c6ef7507b7edf5d93dcd3a487f2df6104295d/src/objects/stack-frame-info.h

Comment 93 by bugdroid1@chromium.org, Dec 18

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/015203e4f863fe159cb325154174a542f3d13584

commit 015203e4f863fe159cb325154174a542f3d13584
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Tue Dec 18 12:13:52 2018

[ubsan] Port Struct to the new design

Dropping the temporary StructPtr in the process.

Bug: v8:3770
Change-Id: I70784ede7b66b432d8438536ff0c70a51dfb7f83
Reviewed-on: https://chromium-review.googlesource.com/c/1377461
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58315}
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects.cc
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/allocation-site-inl.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/allocation-site.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/api-callbacks-inl.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/api-callbacks.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/arguments-inl.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/arguments.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/data-handler-inl.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/data-handler.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/debug-objects-inl.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/debug-objects.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/feedback-cell-inl.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/feedback-cell.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/js-generator-inl.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/js-generator.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/literal-objects-inl.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/literal-objects.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/microtask-inl.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/microtask.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/module-inl.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/module.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/promise-inl.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/promise.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/prototype-info-inl.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/prototype-info.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/script-inl.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/script.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/shared-function-info-inl.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/shared-function-info.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/stack-frame-info-inl.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/stack-frame-info.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/struct-inl.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/struct.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/templates-inl.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/objects/templates.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/wasm/wasm-objects-inl.h
[modify] https://crrev.com/015203e4f863fe159cb325154174a542f3d13584/src/wasm/wasm-objects.h

Comment 94 by bugdroid1@chromium.org, Dec 18

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/54fb5e38fe56129deae36cb362488fc55bdeba51

commit 54fb5e38fe56129deae36cb362488fc55bdeba51
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Tue Dec 18 13:02:01 2018

[ubsan] Port PropertyCell to the new design

Bug: v8:3770
Change-Id: Ib387ecfe17a5ebaea9e6b97eff171b803da5b0d3
Reviewed-on: https://chromium-review.googlesource.com/c/1380692
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58317}
[modify] https://crrev.com/54fb5e38fe56129deae36cb362488fc55bdeba51/src/handles.h
[modify] https://crrev.com/54fb5e38fe56129deae36cb362488fc55bdeba51/src/heap/objects-visiting.h
[modify] https://crrev.com/54fb5e38fe56129deae36cb362488fc55bdeba51/src/isolate-inl.h
[modify] https://crrev.com/54fb5e38fe56129deae36cb362488fc55bdeba51/src/isolate.cc
[modify] https://crrev.com/54fb5e38fe56129deae36cb362488fc55bdeba51/src/lookup.cc
[modify] https://crrev.com/54fb5e38fe56129deae36cb362488fc55bdeba51/src/objects-printer.cc
[modify] https://crrev.com/54fb5e38fe56129deae36cb362488fc55bdeba51/src/objects.cc
[modify] https://crrev.com/54fb5e38fe56129deae36cb362488fc55bdeba51/src/objects/dictionary-inl.h
[modify] https://crrev.com/54fb5e38fe56129deae36cb362488fc55bdeba51/src/objects/dictionary.h
[modify] https://crrev.com/54fb5e38fe56129deae36cb362488fc55bdeba51/src/objects/property-cell-inl.h
[modify] https://crrev.com/54fb5e38fe56129deae36cb362488fc55bdeba51/src/objects/property-cell.h
[modify] https://crrev.com/54fb5e38fe56129deae36cb362488fc55bdeba51/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/54fb5e38fe56129deae36cb362488fc55bdeba51/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/54fb5e38fe56129deae36cb362488fc55bdeba51/src/roots.h
[modify] https://crrev.com/54fb5e38fe56129deae36cb362488fc55bdeba51/src/runtime/runtime-object.cc

Comment 95 by bugdroid1@chromium.org, Dec 18

Project Member

Comment 96 by bugdroid1@chromium.org, Dec 18

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/f9d033de1e693db3732342c0b8d38704d9a3d4e3

commit f9d033de1e693db3732342c0b8d38704d9a3d4e3
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Tue Dec 18 13:38:35 2018

[ubsan] Port Cell to the new design

Bug: v8:3770
Change-Id: I24169b4564d1bdf544354b964aa22c066bc0da2b
Reviewed-on: https://chromium-review.googlesource.com/c/1380912
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58320}
[modify] https://crrev.com/f9d033de1e693db3732342c0b8d38704d9a3d4e3/src/handles.h
[modify] https://crrev.com/f9d033de1e693db3732342c0b8d38704d9a3d4e3/src/heap/objects-visiting.h
[modify] https://crrev.com/f9d033de1e693db3732342c0b8d38704d9a3d4e3/src/isolate-inl.h
[modify] https://crrev.com/f9d033de1e693db3732342c0b8d38704d9a3d4e3/src/isolate.cc
[modify] https://crrev.com/f9d033de1e693db3732342c0b8d38704d9a3d4e3/src/objects-printer.cc
[modify] https://crrev.com/f9d033de1e693db3732342c0b8d38704d9a3d4e3/src/objects.cc
[modify] https://crrev.com/f9d033de1e693db3732342c0b8d38704d9a3d4e3/src/objects/cell-inl.h
[modify] https://crrev.com/f9d033de1e693db3732342c0b8d38704d9a3d4e3/src/objects/cell.h
[modify] https://crrev.com/f9d033de1e693db3732342c0b8d38704d9a3d4e3/src/objects/map.h
[modify] https://crrev.com/f9d033de1e693db3732342c0b8d38704d9a3d4e3/src/objects/module.cc
[modify] https://crrev.com/f9d033de1e693db3732342c0b8d38704d9a3d4e3/src/objects/module.h
[modify] https://crrev.com/f9d033de1e693db3732342c0b8d38704d9a3d4e3/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/f9d033de1e693db3732342c0b8d38704d9a3d4e3/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/f9d033de1e693db3732342c0b8d38704d9a3d4e3/src/reloc-info.h
[modify] https://crrev.com/f9d033de1e693db3732342c0b8d38704d9a3d4e3/src/roots.h
[modify] https://crrev.com/f9d033de1e693db3732342c0b8d38704d9a3d4e3/src/snapshot/deserializer.cc

Comment 97 by bugdroid1@chromium.org, Dec 18

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/f1cb51ad4e0c91993c2c3392645c26c3368bebea

commit f1cb51ad4e0c91993c2c3392645c26c3368bebea
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Tue Dec 18 17:06:21 2018

[ubsan] Let Runtime functions return a plain Address

instead of Object* (which is deprecated) or ObjectPtr (which is
unsuitable for cases where we need to control the ABI exactly).
Callers in generated code expect a plain tagged value, so return
precisely that. Same for C++ Builtins.

Bug: v8:3770
Change-Id: Id12f0d9830f7caf2a16aa973b8297f70d65241f5
Reviewed-on: https://chromium-review.googlesource.com/c/1382466
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58334}
[modify] https://crrev.com/f1cb51ad4e0c91993c2c3392645c26c3368bebea/src/arguments.h
[modify] https://crrev.com/f1cb51ad4e0c91993c2c3392645c26c3368bebea/src/arm64/simulator-arm64.cc
[modify] https://crrev.com/f1cb51ad4e0c91993c2c3392645c26c3368bebea/src/builtins/builtins-utils.h
[modify] https://crrev.com/f1cb51ad4e0c91993c2c3392645c26c3368bebea/src/builtins/builtins.cc
[modify] https://crrev.com/f1cb51ad4e0c91993c2c3392645c26c3368bebea/src/builtins/setup-builtins-internal.cc
[modify] https://crrev.com/f1cb51ad4e0c91993c2c3392645c26c3368bebea/src/external-reference-table.cc
[modify] https://crrev.com/f1cb51ad4e0c91993c2c3392645c26c3368bebea/src/runtime/runtime-utils.h
[modify] https://crrev.com/f1cb51ad4e0c91993c2c3392645c26c3368bebea/src/runtime/runtime.cc
[modify] https://crrev.com/f1cb51ad4e0c91993c2c3392645c26c3368bebea/src/runtime/runtime.h

Comment 98 by bugdroid1@chromium.org, Dec 18

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/81bf74341b3f3e2b2bd2f8f101a625d986c964b1

commit 81bf74341b3f3e2b2bd2f8f101a625d986c964b1
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Tue Dec 18 17:19:40 2018

[ubsan] Port Oddball to the new design

Bug: v8:3770
Change-Id: If88c285bf1528f03401d3a83349b61435ac79f85
Reviewed-on: https://chromium-review.googlesource.com/c/1382455
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58337}
[modify] https://crrev.com/81bf74341b3f3e2b2bd2f8f101a625d986c964b1/src/api.cc
[modify] https://crrev.com/81bf74341b3f3e2b2bd2f8f101a625d986c964b1/src/compilation-cache.cc
[modify] https://crrev.com/81bf74341b3f3e2b2bd2f8f101a625d986c964b1/src/handles.h
[modify] https://crrev.com/81bf74341b3f3e2b2bd2f8f101a625d986c964b1/src/heap/factory.cc
[modify] https://crrev.com/81bf74341b3f3e2b2bd2f8f101a625d986c964b1/src/heap/heap-inl.h
[modify] https://crrev.com/81bf74341b3f3e2b2bd2f8f101a625d986c964b1/src/heap/heap.h
[modify] https://crrev.com/81bf74341b3f3e2b2bd2f8f101a625d986c964b1/src/heap/objects-visiting.h
[modify] https://crrev.com/81bf74341b3f3e2b2bd2f8f101a625d986c964b1/src/objects-debug.cc
[modify] https://crrev.com/81bf74341b3f3e2b2bd2f8f101a625d986c964b1/src/objects.cc
[modify] https://crrev.com/81bf74341b3f3e2b2bd2f8f101a625d986c964b1/src/objects/oddball-inl.h
[modify] https://crrev.com/81bf74341b3f3e2b2bd2f8f101a625d986c964b1/src/objects/oddball.h
[modify] https://crrev.com/81bf74341b3f3e2b2bd2f8f101a625d986c964b1/src/roots.h
[modify] https://crrev.com/81bf74341b3f3e2b2bd2f8f101a625d986c964b1/src/value-serializer.cc
[modify] https://crrev.com/81bf74341b3f3e2b2bd2f8f101a625d986c964b1/src/value-serializer.h
[modify] https://crrev.com/81bf74341b3f3e2b2bd2f8f101a625d986c964b1/src/wasm/wasm-objects-inl.h
[modify] https://crrev.com/81bf74341b3f3e2b2bd2f8f101a625d986c964b1/src/wasm/wasm-objects.h

Comment 100 by bugdroid1@chromium.org, Dec 20

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/9302db480e8cd7c88fd948baf0cf05cb5fbb7502

commit 9302db480e8cd7c88fd948baf0cf05cb5fbb7502
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Thu Dec 20 16:43:49 2018

[ubsan] Port HeapObject to the new design

Merging the temporary HeapObjectPtr back into HeapObject.

Bug: v8:3770
Change-Id: I5bcd23ca2f5ba862cf5b52955dca143e531c637b
Reviewed-on: https://chromium-review.googlesource.com/c/1386492
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58410}
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/include/v8.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/address-map.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/address-map.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/api-arguments.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/api-arguments.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/api.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/arm/assembler-arm-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/arm/simulator-arm.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/arm64/assembler-arm64-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/arm64/simulator-arm64.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/assembler.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/bootstrapper.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/builtins/builtins-api.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/builtins/setup-builtins-internal.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/compiler.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/compiler/code-assembler.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/compiler/js-call-reducer.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/compiler/js-heap-broker.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/contexts-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/contexts.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/contexts.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/counters-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/counters.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/debug/debug-coverage.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/debug/debug.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/debug/liveedit.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/deoptimizer.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/extensions/statistics-extension.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/feedback-vector-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/feedback-vector.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/feedback-vector.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/globals.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/handles.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/array-buffer-tracker.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/code-stats.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/code-stats.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/concurrent-marking.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/concurrent-marking.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/factory.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/factory.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/heap-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/heap-write-barrier-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/heap-write-barrier.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/heap.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/heap.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/incremental-marking-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/incremental-marking.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/incremental-marking.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/invalidated-slots-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/invalidated-slots.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/invalidated-slots.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/local-allocator-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/local-allocator.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/mark-compact-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/mark-compact.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/mark-compact.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/object-stats.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/objects-visiting-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/objects-visiting.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/objects-visiting.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/remembered-set.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/scavenger-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/scavenger.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/scavenger.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/setup-heap-internal.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/spaces-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/spaces.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/spaces.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/heap/sweeper.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/ia32/assembler-ia32-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/ic/ic-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/ic/ic.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/isolate-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/isolate.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/isolate.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/log.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/log.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/maybe-handles-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/mips/assembler-mips-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/mips/assembler-mips.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/mips/assembler-mips.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/mips/simulator-mips.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/mips64/assembler-mips64-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/mips64/assembler-mips64.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/mips64/assembler-mips64.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/mips64/simulator-mips64.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects-body-descriptors-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects-body-descriptors.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects-debug.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects-printer.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/bigint.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/cell-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/cell.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/code-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/code.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/descriptor-array-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/descriptor-array.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/embedder-data-array-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/embedder-data-array.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/feedback-cell-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/feedback-cell.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/fixed-array-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/fixed-array.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/foreign-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/foreign.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/free-space-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/free-space.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/heap-number-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/heap-number.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/heap-object-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/heap-object.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/js-generator-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/js-generator.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/js-objects-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/js-objects.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/js-weak-refs-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/js-weak-refs.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/map-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/map.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/maybe-object-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/maybe-object.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/module-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/module.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/name-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/name.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/oddball-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/oddball.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/ordered-hash-table-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/ordered-hash-table.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/ordered-hash-table.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/promise-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/promise.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/property-array-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/property-array.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/property-cell-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/property-cell.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/prototype-info.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/shared-function-info-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/shared-function-info.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/slots-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/slots.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/string-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/string.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/struct-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/struct.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/templates-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/objects/templates.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/ppc/assembler-ppc-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/ppc/simulator-ppc.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/profiler/heap-profiler.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/profiler/sampling-heap-profiler.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/ptr-compr-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/ptr-compr.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/reloc-info.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/roots.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/s390/assembler-s390-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/s390/simulator-s390.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/snapshot/code-serializer.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/snapshot/code-serializer.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/snapshot/deserializer-allocator.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/snapshot/deserializer-allocator.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/snapshot/deserializer.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/snapshot/deserializer.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/snapshot/partial-serializer.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/snapshot/partial-serializer.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/snapshot/read-only-serializer.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/snapshot/read-only-serializer.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/snapshot/roots-serializer.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/snapshot/roots-serializer.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/snapshot/serializer-common.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/snapshot/serializer-common.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/snapshot/serializer.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/snapshot/serializer.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/snapshot/startup-serializer.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/snapshot/startup-serializer.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/string-stream.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/transitions-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/transitions.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/visitors.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/wasm/wasm-objects-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/wasm/wasm-objects.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/wasm/wasm-objects.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/src/x64/assembler-x64-inl.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/compiler/codegen-tester.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/compiler/test-representation-change.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/compiler/test-run-load-store.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/compiler/value-helper.h
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/heap/test-alloc.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/heap/test-concurrent-marking.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/heap/test-lab.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/heap/test-mark-compact.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/heap/test-spaces.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/heap/test-weak-references.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/test-api.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/test-code-stub-assembler.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/test-compiler.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/test-debug.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/test-feedback-vector.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/test-js-weak-refs.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/test-log.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/test-orderedhashtable.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/test-roots.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/test-serialize.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/cctest/test-unboxed-doubles.cc
[modify] https://crrev.com/9302db480e8cd7c88fd948baf0cf05cb5fbb7502/test/unittests/heap/spaces-unittest.cc

Comment 101 by bugdroid1@chromium.org, Dec 26

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/056f9278613bab3a8e5c39a3e22d07e73aea014f

commit 056f9278613bab3a8e5c39a3e22d07e73aea014f
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Wed Dec 26 20:54:07 2018

[ubsan] Port Object to the new design

Tbr: ahaas@chromium.org,leszeks@chromium.org,verwaest@chromium.org
Bug: v8:3770
Change-Id: Ia6530fbb70dac05e9972283781c3550d8b50e1eb
Reviewed-on: https://chromium-review.googlesource.com/c/1390116
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58470}
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/accessors.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/address-map.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/address-map.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/allocation-site-scopes-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/api-arguments-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/api-arguments.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/api-arguments.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/api-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/api-natives.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/api.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/api.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/arguments-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/arguments.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/arm/simulator-arm.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/arm64/simulator-arm64.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/ast/ast-value-factory.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/bootstrapper.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/builtins/arm64/builtins-arm64.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/builtins/builtins-api.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/builtins/builtins-array.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/builtins/builtins-arraybuffer.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/builtins/builtins-bigint.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/builtins/builtins-callsite.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/builtins/builtins-date.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/builtins/builtins-error.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/builtins/builtins-function.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/builtins/builtins-intl.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/builtins/builtins-object.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/builtins/builtins-string.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/builtins/builtins-symbol.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/builtins/builtins-utils.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/builtins/constants-table-builder.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/builtins/mips/builtins-mips.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/builtins/mips64/builtins-mips64.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/builtins/setup-builtins-internal.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/compilation-cache.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/compiler.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/compiler/code-assembler.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/compiler/code-assembler.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/compiler/graph-visualizer.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/compiler/js-generic-lowering.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/compiler/js-heap-broker.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/compiler/js-heap-broker.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/compiler/js-native-context-specialization.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/compiler/pipeline.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/contexts-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/contexts.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/contexts.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/conversions-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/conversions.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/debug/debug-coverage.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/debug/debug-property-iterator.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/debug/debug-scopes.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/debug/debug-stack-trace-iterator.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/debug/debug.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/debug/debug.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/deoptimizer.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/deoptimizer.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/elements.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/elements.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/execution.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/execution.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/external-reference.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/external-reference.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/feedback-vector-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/feedback-vector.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/feedback-vector.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/field-type.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/field-type.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/frames-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/frames.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/frames.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/futex-emulation.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/futex-emulation.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/gdb-jit.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/global-handles.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/global-handles.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/globals.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/handles-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/handles.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/handles.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/code-stats.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/concurrent-marking.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/factory-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/factory.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/factory.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/heap-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/heap-write-barrier-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/heap-write-barrier.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/heap.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/heap.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/incremental-marking-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/incremental-marking.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/incremental-marking.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/invalidated-slots.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/mark-compact-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/mark-compact.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/mark-compact.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/object-stats.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/objects-visiting.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/objects-visiting.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/scavenger.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/scavenger.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/setup-heap-internal.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/spaces-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/spaces.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/heap/spaces.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/ia32/assembler-ia32-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/ic/call-optimization.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/ic/ic-stats.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/ic/ic.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/identity-map.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/interpreter/bytecode-array-accessor.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/interpreter/bytecode-array-accessor.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/interpreter/bytecode-generator.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/interpreter/constant-array-builder.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/isolate-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/isolate.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/isolate.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/json-parser.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/json-stringifier.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/keys.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/keys.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/layout-descriptor-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/layout-descriptor.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/log.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/log.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/lookup.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/lookup.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/map-updater.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/map-updater.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/maybe-handles-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/maybe-handles.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/messages.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/microtask-queue.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/microtask-queue.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/mips/simulator-mips.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/mips64/simulator-mips64.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects-debug.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects-printer.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/allocation-site-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/api-callbacks-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/api-callbacks.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/arguments-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/arguments.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/bigint.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/code-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/code.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/compilation-cache-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/compilation-cache.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/debug-objects.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/debug-objects.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/descriptor-array-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/descriptor-array.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/dictionary-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/dictionary.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/embedder-data-slot-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/embedder-data-slot.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/fixed-array-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/fixed-array.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/foreign-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/foreign.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/frame-array-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/free-space-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/free-space.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/hash-table-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/hash-table.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/heap-object-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/heap-object.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/js-array-buffer-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/js-array-buffer.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/js-array-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/js-break-iterator-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/js-collection-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/js-collection.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/js-objects-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/js-objects.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/js-promise-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/js-promise.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/js-regexp-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/js-regexp.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/js-weak-refs-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/js-weak-refs.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/literal-objects.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/literal-objects.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/managed.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/map-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/map.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/maybe-object-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/maybe-object.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/module.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/module.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/object-macros.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/ordered-hash-table-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/ordered-hash-table.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/ordered-hash-table.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/property-array-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/property-array.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/regexp-match-info.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/scope-info.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/scope-info.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/script-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/script.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/shared-function-info-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/shared-function-info.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/slots-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/slots.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/smi-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/smi.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/string-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/string-table-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/string-table.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/string.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/struct-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/struct.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/templates-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/objects/templates.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/parsing/preparsed-scope-data.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/perf-jit.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/ppc/simulator-ppc.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/profiler/profiler-listener.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/property-details.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/prototype-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/prototype.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/ptr-compr-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/ptr-compr.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/regexp/jsregexp.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/regexp/jsregexp.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/regexp/regexp-macro-assembler.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/regexp/regexp-utils.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/reloc-info.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/roots-inl.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/roots.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/runtime/runtime-array.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/runtime/runtime-atomics.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/runtime/runtime-classes.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/runtime/runtime-compiler.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/runtime/runtime-debug.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/runtime/runtime-interpreter.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/runtime/runtime-literals.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/runtime/runtime-numbers.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/runtime/runtime-object.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/runtime/runtime-regexp.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/runtime/runtime-scopes.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/runtime/runtime-strings.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/runtime/runtime-test.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/runtime/runtime-utils.h
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/runtime/runtime-wasm.cc
[modify] https://crrev.com/056f9278613bab3a8e5c39a3e22d07e73aea014f/src/s390/simula

Comment 102 by bugdroid1@chromium.org, Jan 7

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/4737de1f0abc9219c94891ee9df9b1f59021c3ba

commit 4737de1f0abc9219c94891ee9df9b1f59021c3ba
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Mon Jan 07 12:24:08 2019

[ubsan] Fix "division by zero" UBSan reports

The C++ spec does not guarantee IEEE-754 behavior for doubles, in
particular it says that dividing by zero is undefined behavior,
and UBSan complains about it when it happens.

Bug: v8:3770
Change-Id: I79e52c0e11ebfb581191f6f1c3ff95eb747dd97f
Reviewed-on: https://chromium-review.googlesource.com/c/1391751
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58580}
[modify] https://crrev.com/4737de1f0abc9219c94891ee9df9b1f59021c3ba/src/base/ieee754.cc
[modify] https://crrev.com/4737de1f0abc9219c94891ee9df9b1f59021c3ba/src/base/ieee754.h
[modify] https://crrev.com/4737de1f0abc9219c94891ee9df9b1f59021c3ba/src/parsing/parser.cc

Comment 103 by bugdroid1@chromium.org, Jan 7

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/81becb8c1074d4d1f90c12d267634a10c4e4986c

commit 81becb8c1074d4d1f90c12d267634a10c4e4986c
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Mon Jan 07 13:07:26 2019

[ubsan] Fix errors related to AsmType

The AsmType class uses a design similar to the old Object* model, where
arbitrary values (including 0) are reinterpret_cast to pointers. This
yields the following UBSan error, among others:

    src/asmjs/asm-parser.cc:2000:51: runtime error: member call on null
    pointer of type 'v8::internal::wasm::AsmType'

This patch does the smallest possible fix by turning the affected methods
into static functions. Longer-term, we should consider switching the
overall class design to a "struct wrapping an Address" model like the new
Object definition, which is a bit non-trivial because some AsmType types
are ZoneObject subclasses.

Bug: v8:3770
Change-Id: Ie2a7cdc9eab32c4c469d699212c84b0419480b4f
Reviewed-on: https://chromium-review.googlesource.com/c/1397663
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58586}
[modify] https://crrev.com/81becb8c1074d4d1f90c12d267634a10c4e4986c/src/asmjs/asm-parser.cc
[modify] https://crrev.com/81becb8c1074d4d1f90c12d267634a10c4e4986c/src/asmjs/asm-types.cc
[modify] https://crrev.com/81becb8c1074d4d1f90c12d267634a10c4e4986c/src/asmjs/asm-types.h
[modify] https://crrev.com/81becb8c1074d4d1f90c12d267634a10c4e4986c/test/unittests/asmjs/asm-types-unittest.cc

Comment 104 by bugdroid1@chromium.org, Jan 7

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/bc3be38f832f5b4c01f6d9452a2b5702083908e0

commit bc3be38f832f5b4c01f6d9452a2b5702083908e0
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Mon Jan 07 16:28:37 2019

[ubsan] Avoid isolate == nullptr ExternalReference requests

When the InstructionSelector doesn't have a valid Isolate, it should
avoid using it to look up ExternalReferences. Fortunately, this is
easy, because the result is only used for a comparison, which in case
of invalid Isolate would always fail anyway.

Bug: v8:3770
Change-Id: Ie3d65235a22021b05cf0274bf27d91bb7af21023
Reviewed-on: https://chromium-review.googlesource.com/c/1397702
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58597}
[modify] https://crrev.com/bc3be38f832f5b4c01f6d9452a2b5702083908e0/src/compiler/backend/ia32/instruction-selector-ia32.cc
[modify] https://crrev.com/bc3be38f832f5b4c01f6d9452a2b5702083908e0/src/compiler/backend/x64/instruction-selector-x64.cc
[modify] https://crrev.com/bc3be38f832f5b4c01f6d9452a2b5702083908e0/src/compiler/node-matchers.h

Comment 105 by bugdroid1@chromium.org, Jan 8

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/ae8f83fe08f877d769ce8da8271ee49c6bc92e68

commit ae8f83fe08f877d769ce8da8271ee49c6bc92e68
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Tue Jan 08 09:08:59 2019

[ubsan] Rename ObjectPtr to Object

The two names refer to the same thing by now, so this patch is
entirely mechanical.

Bug: v8:3770
Change-Id: Ia360c06c89af6b3da27fd21bbcaeb2bdaa28ce22
Reviewed-on: https://chromium-review.googlesource.com/c/1397705
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58615}
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/address-map.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/api-arguments-inl.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/api.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/arguments.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/arm/assembler-arm-inl.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/arm/simulator-arm.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/arm64/assembler-arm64-inl.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/arm64/simulator-arm64.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/builtins/builtins-array.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/builtins/builtins-arraybuffer.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/builtins/builtins-utils.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/compiler/code-assembler.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/compiler/code-assembler.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/deoptimizer.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/elements.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/execution.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/external-reference.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/field-type.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/frames.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/global-handles.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/global-handles.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/globals.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/handles.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/heap/factory.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/heap/factory.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/heap/heap-inl.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/heap/heap.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/heap/heap.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/heap/incremental-marking.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/heap/mark-compact.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/heap/object-stats.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/heap/scavenger-inl.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/heap/spaces-inl.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/heap/spaces.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/heap/spaces.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/ic/stub-cache.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/identity-map.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/math-random.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/mips/assembler-mips-inl.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/mips/simulator-mips.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/mips64/assembler-mips64-inl.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/mips64/simulator-mips64.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/objects-inl.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/objects.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/objects.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/objects/bigint.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/objects/bigint.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/objects/embedder-data-slot-inl.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/objects/fixed-array-inl.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/objects/heap-object-inl.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/objects/heap-object.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/objects/managed.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/objects/maybe-object-inl.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/objects/maybe-object.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/objects/object-macros.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/objects/shared-function-info.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/objects/slots-inl.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/objects/slots.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/objects/smi.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/ppc/assembler-ppc-inl.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/ppc/simulator-ppc.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/profiler/heap-snapshot-generator.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/profiler/heap-snapshot-generator.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/prototype.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/ptr-compr-inl.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/ptr-compr.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/regexp/arm/regexp-macro-assembler-arm.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/regexp/arm64/regexp-macro-assembler-arm64.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/regexp/ia32/regexp-macro-assembler-ia32.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/regexp/mips/regexp-macro-assembler-mips.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/regexp/mips64/regexp-macro-assembler-mips64.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/regexp/ppc/regexp-macro-assembler-ppc.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/regexp/regexp-macro-assembler.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/regexp/s390/regexp-macro-assembler-s390.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/regexp/x64/regexp-macro-assembler-x64.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/roots.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/s390/assembler-s390-inl.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/s390/simulator-s390.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/src/x64/assembler-x64-inl.h
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/test/cctest/compiler/codegen-tester.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/test/cctest/heap/test-heap.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/test/cctest/test-mementos.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/test/unittests/heap/spaces-unittest.cc
[modify] https://crrev.com/ae8f83fe08f877d769ce8da8271ee49c6bc92e68/test/unittests/test-utils.h

Comment 106 by bugdroid1@chromium.org, Jan 8

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/40e8378f05bfd707d3a7d896e91b6a03a9d5cdc5

commit 40e8378f05bfd707d3a7d896e91b6a03a9d5cdc5
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Tue Jan 08 10:07:50 2019

[ubsan] Fix "this == nullptr" in stack unwinding

StackHandlers form a chain, where the last element is nullptr,
so calling "handler->next()->foo()" is unsafe because "foo"
might see "this == nullptr".

Bug: v8:3770
Change-Id: Ic989384fa192e29d4d8cb76ff01b32173bf55fd9
Reviewed-on: https://chromium-review.googlesource.com/c/1400406
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58619}
[modify] https://crrev.com/40e8378f05bfd707d3a7d896e91b6a03a9d5cdc5/src/frames-inl.h
[modify] https://crrev.com/40e8378f05bfd707d3a7d896e91b6a03a9d5cdc5/src/frames.h
[modify] https://crrev.com/40e8378f05bfd707d3a7d896e91b6a03a9d5cdc5/src/isolate.cc

Comment 107 by bugdroid1@chromium.org, Jan 8

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/f49efaef06c468ec7a8bac101f1978f6771c58f5

commit f49efaef06c468ec7a8bac101f1978f6771c58f5
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Tue Jan 08 10:42:35 2019

[ubsan] Drop old NeverReadOnlySpaceObject class

Two uses in the API needed adaptation; all other uses have already
been subsumed by the new implementation (previously known as
NeverReadOnlySpaceObjectPtr, here renamed to NeverReadOnlySpaceObject).

Bug: v8:3770
Change-Id: Idf0e4a98a407b9afea22e8790da34cf017b892a5
Reviewed-on: https://chromium-review.googlesource.com/c/1397671
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58620}
[modify] https://crrev.com/f49efaef06c468ec7a8bac101f1978f6771c58f5/include/v8-internal.h
[modify] https://crrev.com/f49efaef06c468ec7a8bac101f1978f6771c58f5/include/v8.h
[modify] https://crrev.com/f49efaef06c468ec7a8bac101f1978f6771c58f5/src/api.cc
[modify] https://crrev.com/f49efaef06c468ec7a8bac101f1978f6771c58f5/src/compiler/node-matchers.h
[modify] https://crrev.com/f49efaef06c468ec7a8bac101f1978f6771c58f5/src/global-handles.h
[modify] https://crrev.com/f49efaef06c468ec7a8bac101f1978f6771c58f5/src/handles.h
[modify] https://crrev.com/f49efaef06c468ec7a8bac101f1978f6771c58f5/src/objects-inl.h
[modify] https://crrev.com/f49efaef06c468ec7a8bac101f1978f6771c58f5/src/objects.h
[modify] https://crrev.com/f49efaef06c468ec7a8bac101f1978f6771c58f5/src/objects/embedder-data-array.h
[modify] https://crrev.com/f49efaef06c468ec7a8bac101f1978f6771c58f5/src/objects/heap-object-inl.h
[modify] https://crrev.com/f49efaef06c468ec7a8bac101f1978f6771c58f5/src/objects/heap-object.h
[modify] https://crrev.com/f49efaef06c468ec7a8bac101f1978f6771c58f5/src/objects/object-macros.h

Comment 108 by bugdroid1@chromium.org, Jan 8

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/683dd5fe175baab9d894ff5d9c737cecefcfe2d1

commit 683dd5fe175baab9d894ff5d9c737cecefcfe2d1
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Tue Jan 08 12:34:34 2019

[ubsan] Misc post-Object-migration cleanup

Bug: v8:3770
Change-Id: I9214212454034cf1238cab43dc34d8d9f8ed2d37
Reviewed-on: https://chromium-review.googlesource.com/c/1398222
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58627}
[modify] https://crrev.com/683dd5fe175baab9d894ff5d9c737cecefcfe2d1/src/api.cc
[modify] https://crrev.com/683dd5fe175baab9d894ff5d9c737cecefcfe2d1/src/compiler/code-assembler.h
[modify] https://crrev.com/683dd5fe175baab9d894ff5d9c737cecefcfe2d1/src/contexts-inl.h
[modify] https://crrev.com/683dd5fe175baab9d894ff5d9c737cecefcfe2d1/src/contexts.h
[modify] https://crrev.com/683dd5fe175baab9d894ff5d9c737cecefcfe2d1/src/elements.cc
[modify] https://crrev.com/683dd5fe175baab9d894ff5d9c737cecefcfe2d1/src/handles.h
[modify] https://crrev.com/683dd5fe175baab9d894ff5d9c737cecefcfe2d1/src/heap/factory.cc
[modify] https://crrev.com/683dd5fe175baab9d894ff5d9c737cecefcfe2d1/src/heap/factory.h
[modify] https://crrev.com/683dd5fe175baab9d894ff5d9c737cecefcfe2d1/src/isolate-inl.h
[modify] https://crrev.com/683dd5fe175baab9d894ff5d9c737cecefcfe2d1/src/isolate.cc
[modify] https://crrev.com/683dd5fe175baab9d894ff5d9c737cecefcfe2d1/src/isolate.h
[modify] https://crrev.com/683dd5fe175baab9d894ff5d9c737cecefcfe2d1/src/keys.cc
[modify] https://crrev.com/683dd5fe175baab9d894ff5d9c737cecefcfe2d1/src/objects.h
[modify] https://crrev.com/683dd5fe175baab9d894ff5d9c737cecefcfe2d1/src/objects/frame-array-inl.h
[modify] https://crrev.com/683dd5fe175baab9d894ff5d9c737cecefcfe2d1/src/objects/frame-array.h
[modify] https://crrev.com/683dd5fe175baab9d894ff5d9c737cecefcfe2d1/src/objects/smi.h
[modify] https://crrev.com/683dd5fe175baab9d894ff5d9c737cecefcfe2d1/src/roots.h
[modify] https://crrev.com/683dd5fe175baab9d894ff5d9c737cecefcfe2d1/src/runtime/runtime-utils.h
[modify] https://crrev.com/683dd5fe175baab9d894ff5d9c737cecefcfe2d1/test/cctest/test-field-type-tracking.cc

Comment 109 by bugdroid1@chromium.org, Jan 9

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/ec2f4acf4b9309b17c64eba2e9c415a1a2832276

commit ec2f4acf4b9309b17c64eba2e9c415a1a2832276
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Wed Jan 09 12:05:15 2019

[ubsan] Clean up macro usage in *-inl.h

The incremental migration required several pairs of functionally
equivalent macros. This patch consolidates everything onto the
respective new version and drops the obsolete versions.

Bug: v8:3770
Change-Id: I4fb05ff223e8250c83a13f46840810b0893f410b
Reviewed-on: https://chromium-review.googlesource.com/c/1398223
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58659}
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/contexts-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/contexts.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/feedback-vector-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/feedback-vector.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/heap/heap-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/heap/heap-write-barrier-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/heap/heap-write-barrier.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/heap/heap.cc
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/heap/heap.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/ic/handler-configuration-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/ic/handler-configuration.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/layout-descriptor-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/layout-descriptor.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/allocation-site-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/allocation-site.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/api-callbacks-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/api-callbacks.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/arguments-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/arguments.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/bigint.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/cell-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/cell.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/code-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/code.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/compilation-cache-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/compilation-cache.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/data-handler-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/data-handler.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/debug-objects-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/debug-objects.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/descriptor-array-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/descriptor-array.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/dictionary-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/dictionary.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/embedder-data-array-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/embedder-data-array.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/feedback-cell-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/feedback-cell.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/fixed-array-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/fixed-array.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/foreign-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/foreign.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/frame-array-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/frame-array.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/free-space-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/hash-table.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/heap-number-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/heap-number.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/heap-object.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-array-buffer-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-array-buffer.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-array-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-array.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-break-iterator-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-break-iterator.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-collator-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-collator.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-collection-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-collection.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-date-time-format-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-date-time-format.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-generator-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-generator.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-list-format-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-list-format.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-locale-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-locale.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-number-format-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-number-format.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-objects-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-objects.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-plural-rules-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-plural-rules.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-promise-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-promise.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-proxy-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-proxy.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-regexp-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-regexp-string-iterator-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-regexp-string-iterator.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-regexp.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-relative-time-format-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-relative-time-format.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-segment-iterator-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-segment-iterator.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-segmenter-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-segmenter.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-weak-refs-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/js-weak-refs.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/literal-objects-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/literal-objects.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/map-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/map.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/microtask-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/microtask.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/module-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/module.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/name-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/name.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/object-macros-undef.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/object-macros.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/oddball-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/oddball.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/ordered-hash-table-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/ordered-hash-table.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/promise-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/promise.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/property-array-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/property-array.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/property-cell-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/property-cell.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/property-descriptor-object-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/property-descriptor-object.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/prototype-info-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/prototype-info.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/regexp-match-info.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/scope-info.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/script-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/script.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/shared-function-info-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/shared-function-info.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/smi-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/smi.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/stack-frame-info-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/stack-frame-info.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/string-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/string-table-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/string-table.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/string.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/struct-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/struct.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/template-objects.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/templates-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/objects/templates.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/snapshot/deserializer.cc
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/transitions-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/transitions.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/wasm/wasm-objects-inl.h
[modify] https://crrev.com/ec2f4acf4b9309b17c64eba2e9c415a1a2832276/src/wasm/wasm-objects.h

Comment 110 by bugdroid1@chromium.org, Jan 9

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/d77e4a8484cbaa6fbb927faf203accb7cd832663

commit d77e4a8484cbaa6fbb927faf203accb7cd832663
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Wed Jan 09 17:52:39 2019

[ubsan][cleanup] Drop ObjectSlot::load in favor of operator*

Now that we no longer have ObjectPtr and Object* return types,
one way to load the slot's contents is enough.

Bug: v8:3770
Change-Id: I5acaeed22e68595b0e0ba036fcc4ac3d15c57462
Reviewed-on: https://chromium-review.googlesource.com/c/1400416
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58678}
[modify] https://crrev.com/d77e4a8484cbaa6fbb927faf203accb7cd832663/src/deoptimizer.cc
[modify] https://crrev.com/d77e4a8484cbaa6fbb927faf203accb7cd832663/src/handles-inl.h
[modify] https://crrev.com/d77e4a8484cbaa6fbb927faf203accb7cd832663/src/heap/heap.cc
[modify] https://crrev.com/d77e4a8484cbaa6fbb927faf203accb7cd832663/src/heap/mark-compact-inl.h
[modify] https://crrev.com/d77e4a8484cbaa6fbb927faf203accb7cd832663/src/heap/mark-compact.cc
[modify] https://crrev.com/d77e4a8484cbaa6fbb927faf203accb7cd832663/src/heap/scavenger-inl.h
[modify] https://crrev.com/d77e4a8484cbaa6fbb927faf203accb7cd832663/src/heap/scavenger.cc
[modify] https://crrev.com/d77e4a8484cbaa6fbb927faf203accb7cd832663/src/heap/spaces.cc
[modify] https://crrev.com/d77e4a8484cbaa6fbb927faf203accb7cd832663/src/heap/spaces.h
[modify] https://crrev.com/d77e4a8484cbaa6fbb927faf203accb7cd832663/src/objects/slots-inl.h
[modify] https://crrev.com/d77e4a8484cbaa6fbb927faf203accb7cd832663/src/objects/slots.h
[modify] https://crrev.com/d77e4a8484cbaa6fbb927faf203accb7cd832663/src/ptr-compr-inl.h
[modify] https://crrev.com/d77e4a8484cbaa6fbb927faf203accb7cd832663/src/ptr-compr.h

Comment 111 by bugdroid1@chromium.org, Jan 10

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/af8ff984f60cc562f526eea2881303ffc9865f16

commit af8ff984f60cc562f526eea2881303ffc9865f16
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Thu Jan 10 11:17:37 2019

[ubsan] Fix numerical overflows in the compiler

Mostly signed integer overflows, and a few cases of double
division by zero (which is defined by IEEE-754 to return
Infinity (or NaN for 0/0) but is UB in C++).

Bug: v8:3770
Change-Id: I8007987594ff534ca697c1c3247215a72a001343
Reviewed-on: https://chromium-review.googlesource.com/c/1403132
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58693}
[modify] https://crrev.com/af8ff984f60cc562f526eea2881303ffc9865f16/BUILD.gn
[add] https://crrev.com/af8ff984f60cc562f526eea2881303ffc9865f16/src/base/overflowing-math.h
[modify] https://crrev.com/af8ff984f60cc562f526eea2881303ffc9865f16/src/compiler/backend/ia32/code-generator-ia32.cc
[modify] https://crrev.com/af8ff984f60cc562f526eea2881303ffc9865f16/src/compiler/backend/x64/code-generator-x64.cc
[modify] https://crrev.com/af8ff984f60cc562f526eea2881303ffc9865f16/src/compiler/backend/x64/instruction-selector-x64.cc
[modify] https://crrev.com/af8ff984f60cc562f526eea2881303ffc9865f16/src/compiler/machine-operator-reducer.cc
[modify] https://crrev.com/af8ff984f60cc562f526eea2881303ffc9865f16/src/compiler/node-matchers.h
[modify] https://crrev.com/af8ff984f60cc562f526eea2881303ffc9865f16/src/compiler/wasm-compiler.cc
[modify] https://crrev.com/af8ff984f60cc562f526eea2881303ffc9865f16/test/cctest/compiler/codegen-tester.cc
[modify] https://crrev.com/af8ff984f60cc562f526eea2881303ffc9865f16/test/cctest/compiler/test-branch-combine.cc
[modify] https://crrev.com/af8ff984f60cc562f526eea2881303ffc9865f16/test/cctest/compiler/test-machine-operator-reducer.cc
[modify] https://crrev.com/af8ff984f60cc562f526eea2881303ffc9865f16/test/cctest/compiler/test-run-load-store.cc
[modify] https://crrev.com/af8ff984f60cc562f526eea2881303ffc9865f16/test/cctest/compiler/test-run-machops.cc
[modify] https://crrev.com/af8ff984f60cc562f526eea2881303ffc9865f16/test/cctest/compiler/test-run-native-calls.cc
[modify] https://crrev.com/af8ff984f60cc562f526eea2881303ffc9865f16/test/unittests/compiler/machine-operator-reducer-unittest.cc
[modify] https://crrev.com/af8ff984f60cc562f526eea2881303ffc9865f16/test/unittests/compiler/persistent-unittest.cc
[modify] https://crrev.com/af8ff984f60cc562f526eea2881303ffc9865f16/test/unittests/compiler/typer-unittest.cc

Comment 112 by bugdroid1@chromium.org, Jan 10

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/40ac5a39fcad6771185498e9de5ba52c5c8e19d0

commit 40ac5a39fcad6771185498e9de5ba52c5c8e19d0
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Thu Jan 10 12:24:51 2019

[ubsan] Fix numerical overflows in wasm

Mostly signed integer overflows, and a few cases of double
division by zero (which is defined by IEEE-754 to return
Infinity (or NaN for 0/0) but is UB in C++).

Bug: v8:3770
Change-Id: Id92725b0ac57cb357978124a3dc6f477430bc97d
Reviewed-on: https://chromium-review.googlesource.com/c/1403133
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58696}
[modify] https://crrev.com/40ac5a39fcad6771185498e9de5ba52c5c8e19d0/src/asmjs/asm-parser.cc
[modify] https://crrev.com/40ac5a39fcad6771185498e9de5ba52c5c8e19d0/src/wasm/function-body-decoder-impl.h
[modify] https://crrev.com/40ac5a39fcad6771185498e9de5ba52c5c8e19d0/src/wasm/wasm-external-refs.cc
[modify] https://crrev.com/40ac5a39fcad6771185498e9de5ba52c5c8e19d0/src/wasm/wasm-interpreter.cc
[modify] https://crrev.com/40ac5a39fcad6771185498e9de5ba52c5c8e19d0/src/wasm/wasm-js.cc
[modify] https://crrev.com/40ac5a39fcad6771185498e9de5ba52c5c8e19d0/test/cctest/wasm/test-c-wasm-entry.cc
[modify] https://crrev.com/40ac5a39fcad6771185498e9de5ba52c5c8e19d0/test/cctest/wasm/test-run-wasm-64.cc
[modify] https://crrev.com/40ac5a39fcad6771185498e9de5ba52c5c8e19d0/test/cctest/wasm/test-run-wasm-simd.cc
[modify] https://crrev.com/40ac5a39fcad6771185498e9de5ba52c5c8e19d0/test/cctest/wasm/test-run-wasm.cc
[modify] https://crrev.com/40ac5a39fcad6771185498e9de5ba52c5c8e19d0/test/cctest/wasm/test-wasm-interpreter-entry.cc
[modify] https://crrev.com/40ac5a39fcad6771185498e9de5ba52c5c8e19d0/test/unittests/wasm/decoder-unittest.cc

Comment 113 by bugdroid1@chromium.org, Jan 10

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/6733e9488b6cf02e48d9b8adf350926d7e1056c2

commit 6733e9488b6cf02e48d9b8adf350926d7e1056c2
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Thu Jan 10 13:50:58 2019

[ubsan] Use proper AssemblerOptions for Wasm Stubs

Pipeline::GenerateCodeForWasmNativeStub() currently does not pass
an Isolate to the PipelineData it creates, to ensure that compiled
code does not accidentally depend on a given Isolate. However, this
prevents the assembler from converting ExternalReference accesses to
RootArray offsets. This patch sets the corresponding AssemblerOption.

Bug: v8:3770
Change-Id: Ia4d5269e2e884a0af8abc6d122734f47db045ac0
Reviewed-on: https://chromium-review.googlesource.com/c/1404447
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58700}
[modify] https://crrev.com/6733e9488b6cf02e48d9b8adf350926d7e1056c2/src/compiler/wasm-compiler.cc
[modify] https://crrev.com/6733e9488b6cf02e48d9b8adf350926d7e1056c2/src/compiler/wasm-compiler.h

Comment 114 by bugdroid1@chromium.org, Jan 10

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/fc329ce22aa6b03ff9ac11c6fd5ea97728245ae3

commit fc329ce22aa6b03ff9ac11c6fd5ea97728245ae3
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Thu Jan 10 13:52:04 2019

[ubsan] Fix various cases of undefined behavior

Mostly signed integer overflows, and a few cases of double
division by zero (which is defined by IEEE-754 to return
Infinity (or NaN for 0/0) but is UB in C++).
In base/ieee754.cc, use constants for NaN and Infinity instead
of computing these values.
In spaces-unittest.cc, ensure that a large enough allocation
is used.

Bug: v8:3770
Change-Id: I50d9a77dc860ef9993b7b269a5f8c117b0f62f9d
Reviewed-on: https://chromium-review.googlesource.com/c/1403454
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58701}
[modify] https://crrev.com/fc329ce22aa6b03ff9ac11c6fd5ea97728245ae3/src/base/bits.cc
[modify] https://crrev.com/fc329ce22aa6b03ff9ac11c6fd5ea97728245ae3/src/base/ieee754.cc
[modify] https://crrev.com/fc329ce22aa6b03ff9ac11c6fd5ea97728245ae3/src/base/ieee754.h
[modify] https://crrev.com/fc329ce22aa6b03ff9ac11c6fd5ea97728245ae3/src/base/utils/random-number-generator.cc
[modify] https://crrev.com/fc329ce22aa6b03ff9ac11c6fd5ea97728245ae3/src/conversions-inl.h
[modify] https://crrev.com/fc329ce22aa6b03ff9ac11c6fd5ea97728245ae3/src/date.cc
[modify] https://crrev.com/fc329ce22aa6b03ff9ac11c6fd5ea97728245ae3/src/fixed-dtoa.cc
[modify] https://crrev.com/fc329ce22aa6b03ff9ac11c6fd5ea97728245ae3/src/json-parser.cc
[modify] https://crrev.com/fc329ce22aa6b03ff9ac11c6fd5ea97728245ae3/src/parsing/parser.cc
[modify] https://crrev.com/fc329ce22aa6b03ff9ac11c6fd5ea97728245ae3/src/regexp/regexp-macro-assembler.cc
[modify] https://crrev.com/fc329ce22aa6b03ff9ac11c6fd5ea97728245ae3/test/cctest/test-api.cc
[modify] https://crrev.com/fc329ce22aa6b03ff9ac11c6fd5ea97728245ae3/test/cctest/test-hashmap.cc
[modify] https://crrev.com/fc329ce22aa6b03ff9ac11c6fd5ea97728245ae3/test/cctest/test-unboxed-doubles.cc
[modify] https://crrev.com/fc329ce22aa6b03ff9ac11c6fd5ea97728245ae3/test/unittests/base/ieee754-unittest.cc
[modify] https://crrev.com/fc329ce22aa6b03ff9ac11c6fd5ea97728245ae3/test/unittests/heap/spaces-unittest.cc

Comment 115 by bugdroid1@chromium.org, Jan 10

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/6165031ba1b2cd108a2e7dee60711dfb459e53ff

commit 6165031ba1b2cd108a2e7dee60711dfb459e53ff
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Thu Jan 10 13:58:18 2019

[ubsan] Blacklist a false positive

Bug: v8:3770
Change-Id: I59d73ef672e64fd722317c84afc6bc5cb387f5b1
Reviewed-on: https://chromium-review.googlesource.com/c/1404448
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58702}
[modify] https://crrev.com/6165031ba1b2cd108a2e7dee60711dfb459e53ff/tools/ubsan/blacklist.txt

Comment 116 by bugdroid1@chromium.org, Jan 11

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/7637925c215a5fb4cba83ab6f81b37faf6e60d04

commit 7637925c215a5fb4cba83ab6f81b37faf6e60d04
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri Jan 11 10:42:58 2019

[ubsan] Fix more overflows in machine-operator-reducer

Found by mjsunit/numops-fuzz-part* tests in stress mode.

Bug: v8:3770
Change-Id: I598885b37624660dabb90f55529615b872d10d93
Reviewed-on: https://chromium-review.googlesource.com/c/1405313
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58729}
[modify] https://crrev.com/7637925c215a5fb4cba83ab6f81b37faf6e60d04/src/compiler/machine-operator-reducer.cc

Comment 117 by bugdroid1@chromium.org, Jan 11

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/24f8f96bbee8d4acce82d1c7ca4a4e5391fbe56c

commit 24f8f96bbee8d4acce82d1c7ca4a4e5391fbe56c
Author: Michael Achenbach <machenbach@chromium.org>
Date: Fri Jan 11 11:51:48 2019

[test] Add more test suites for ubsan

NOTRY=true

Bug: v8:3770
Change-Id: Idae429b4f3c021a956b94b0ea4f3ff0570ec2ddf
Reviewed-on: https://chromium-review.googlesource.com/c/1406669
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58737}
[modify] https://crrev.com/24f8f96bbee8d4acce82d1c7ca4a4e5391fbe56c/infra/testing/builders.pyl

Comment 118 by jkummerow@chromium.org, Jan 25

Blockedon: 8735

Comment 119 by bugdroid, Jan 25

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/373f9d3212b8c61b9fe74c4306361b1ce255c3b0

commit 373f9d3212b8c61b9fe74c4306361b1ce255c3b0
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri Jan 25 02:24:53 2019

[ubsan] Blacklist reports for *CallbackInfo

Both PropertyCallbackInfo<T> and WeakCallbackInfo<T> callbacks are
using a design that relies on invalid reinterpret_casts and thereby
undefined behavior. Since they are exposed via the public API, fixing
this is going to be difficult.

Bug: v8:3770,v8:8735
Change-Id: I7171c5b38f070b4a43a0de1ebb7d1a1458c1d91f
Reviewed-on: https://chromium-review.googlesource.com/c/1436222
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59083}
[modify] https://crrev.com/373f9d3212b8c61b9fe74c4306361b1ce255c3b0/tools/ubsan/blacklist.txt

Comment 120 by bugdroid, Jan 25

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/67392e9d222cd706be3e60d56461a0ae3651700d

commit 67392e9d222cd706be3e60d56461a0ae3651700d
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri Jan 25 18:47:36 2019

[ubsan][ia32][x64] Assemblers: safely access unaligned memory locations

The Memory<T>(address) helper requires the address to be aligned. Since
values embedded into ia32/x64 code can in general be unaligned, we must
use ReadUnalignedValue/WriteUnalignedValue to manipulate them.

Bug: v8:3770
Change-Id: I12c3fc6aa09062dcc9188b6782ed4a35e1d684bd
Reviewed-on: https://chromium-review.googlesource.com/c/1436223
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59100}
[modify] https://crrev.com/67392e9d222cd706be3e60d56461a0ae3651700d/src/code-comments.cc
[modify] https://crrev.com/67392e9d222cd706be3e60d56461a0ae3651700d/src/deoptimizer.cc
[modify] https://crrev.com/67392e9d222cd706be3e60d56461a0ae3651700d/src/ia32/assembler-ia32-inl.h
[modify] https://crrev.com/67392e9d222cd706be3e60d56461a0ae3651700d/src/ia32/assembler-ia32.cc
[modify] https://crrev.com/67392e9d222cd706be3e60d56461a0ae3651700d/src/ia32/assembler-ia32.h
[modify] https://crrev.com/67392e9d222cd706be3e60d56461a0ae3651700d/src/v8memory.h
[modify] https://crrev.com/67392e9d222cd706be3e60d56461a0ae3651700d/src/wasm/wasm-serialization.cc
[modify] https://crrev.com/67392e9d222cd706be3e60d56461a0ae3651700d/src/x64/assembler-x64-inl.h
[modify] https://crrev.com/67392e9d222cd706be3e60d56461a0ae3651700d/src/x64/assembler-x64.cc
[modify] https://crrev.com/67392e9d222cd706be3e60d56461a0ae3651700d/src/x64/assembler-x64.h

Comment 121 by bugdroid, Jan 25

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/1df72c6fa1cd7028bb0ee5c1453f895eb537cf38

commit 1df72c6fa1cd7028bb0ee5c1453f895eb537cf38
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri Jan 25 20:53:45 2019

[ubsan] Don't call memcpy with nullptr arguments

Not even when copying 0 bytes. Same for memmove and memcmp.

Bug: v8:3770
Change-Id: I3ed45a4572467ec7a9fc697ac28c004aa9b8b274
Reviewed-on: https://chromium-review.googlesource.com/c/1436217
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59101}
[modify] https://crrev.com/1df72c6fa1cd7028bb0ee5c1453f895eb537cf38/src/ast/ast-value-factory.cc
[modify] https://crrev.com/1df72c6fa1cd7028bb0ee5c1453f895eb537cf38/src/compiler/bytecode-graph-builder.cc
[modify] https://crrev.com/1df72c6fa1cd7028bb0ee5c1453f895eb537cf38/src/compiler/wasm-compiler.cc
[modify] https://crrev.com/1df72c6fa1cd7028bb0ee5c1453f895eb537cf38/src/parsing/scanner.cc
[modify] https://crrev.com/1df72c6fa1cd7028bb0ee5c1453f895eb537cf38/src/value-serializer.cc
[modify] https://crrev.com/1df72c6fa1cd7028bb0ee5c1453f895eb537cf38/src/wasm/graph-builder-interface.cc
[modify] https://crrev.com/1df72c6fa1cd7028bb0ee5c1453f895eb537cf38/src/wasm/local-decl-encoder.cc
[modify] https://crrev.com/1df72c6fa1cd7028bb0ee5c1453f895eb537cf38/src/wasm/wasm-code-manager.cc
[modify] https://crrev.com/1df72c6fa1cd7028bb0ee5c1453f895eb537cf38/src/wasm/wasm-interpreter.cc
[modify] https://crrev.com/1df72c6fa1cd7028bb0ee5c1453f895eb537cf38/src/zone/zone-list-inl.h
[modify] https://crrev.com/1df72c6fa1cd7028bb0ee5c1453f895eb537cf38/test/cctest/parsing/test-scanner-streams.cc
[modify] https://crrev.com/1df72c6fa1cd7028bb0ee5c1453f895eb537cf38/test/cctest/wasm/wasm-run-utils.cc
[modify] https://crrev.com/1df72c6fa1cd7028bb0ee5c1453f895eb537cf38/test/unittests/wasm/function-body-decoder-unittest.cc
[modify] https://crrev.com/1df72c6fa1cd7028bb0ee5c1453f895eb537cf38/test/unittests/wasm/module-decoder-unittest.cc

Comment 122 by bugdroid, Jan 25

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/828342dd7fb177bb9248e77494e019a7f214caec

commit 828342dd7fb177bb9248e77494e019a7f214caec
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri Jan 25 20:55:25 2019

[ubsan][compiler] Avoid out-of-range casts to IrOpcode::Value

An enum-typed value should never have a value outside of that enum's
range.
This patch enforces that in Debug mode, while in Release mode keeping
the previous behavior of returning "UnknownOpcode" as the mnemonic for
illegal IrOpcode values to ease debugging.

Bug: v8:3770
Change-Id: I83a5a356f1fb7a266921940a4495f1d39a1823cd
Reviewed-on: https://chromium-review.googlesource.com/c/1436221
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59102}
[modify] https://crrev.com/828342dd7fb177bb9248e77494e019a7f214caec/src/compiler/opcodes.cc
[modify] https://crrev.com/828342dd7fb177bb9248e77494e019a7f214caec/test/unittests/compiler/opcodes-unittest.cc

Comment 123 by bugdroid, Jan 25

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/deps/inspector_protocol/+/8515c2a1c5c016646b61221586cd4e5839f425ee

commit 8515c2a1c5c016646b61221586cd4e5839f425ee
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri Jan 25 00:30:45 2019

[ubsan] Fix UBSan warnings in Maybe<bool> specialization

The default constructor of MaybeBase<> does not initialize the
m_value field, but the move-constructor reads it, so when moving
a default-constructed instance, the bool-typed field being read
can contain a value that's neither 0 nor 1, which is undefined
behavior. This patch fixes that by always initializing the field.
For consistency, the same fix is applied to the int and double
specializations.

The UBSan warnings can be observed when building V8 with
cflags += [ "-fsanitize=undefined" ] and running its "inspector"
tests.

Bug: v8:3770
Change-Id: I20d164434c6f3ee5cb55dd96058f7293bb5133f3
[modify] https://crrev.com/8515c2a1c5c016646b61221586cd4e5839f425ee/lib/Maybe_h.template

Comment 124 by bugdroid, Jan 25

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/8310864010a579f4a42aec7cbe795055922f6b3d

commit 8310864010a579f4a42aec7cbe795055922f6b3d
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri Jan 25 22:41:26 2019

Roll inspector_protocol to 8515c2a1c5c016646b61221586cd4e5839f425ee

This roll includes:
8515c2a1c UBSan fix
9977c471b (does not touch files imported into V8)
9cba74155 (does not touch files imported into V8)

Bug: v8:3770
Change-Id: If5ae5e7c6a7a81a246c8376545c4437cacaf1dc3
Reviewed-on: https://chromium-review.googlesource.com/c/1436230
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59103}
[modify] https://crrev.com/8310864010a579f4a42aec7cbe795055922f6b3d/third_party/inspector_protocol/README.v8
[modify] https://crrev.com/8310864010a579f4a42aec7cbe795055922f6b3d/third_party/inspector_protocol/lib/Maybe_h.template

Comment 125 by bugdroid, Jan 28

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/c640296e5a33ee0754babe9b60d93133ded060eb

commit c640296e5a33ee0754babe9b60d93133ded060eb
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Mon Jan 28 20:43:47 2019

[ubsan] Avoid signed left shifts

The workaround is simple: cast to unsigned before shifting.

Bug: v8:3770
Change-Id: I5f0f7af697ec5db0ab1df3d061008940c83c5c56
Reviewed-on: https://chromium-review.googlesource.com/c/1436215
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59140}
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/src/base/ieee754.cc
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/src/compiler/backend/instruction.h
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/src/compiler/linkage.h
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/src/field-index-inl.h
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/src/interpreter/interpreter-assembler.cc
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/src/objects/smi.h
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/src/parsing/parser.cc
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/src/source-position-table.cc
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/src/wasm/decoder.h
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/src/wasm/wasm-interpreter.cc
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/src/x64/assembler-x64-inl.h
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/test/cctest/compiler/test-machine-operator-reducer.cc
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/test/cctest/compiler/test-run-machops.cc
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/test/cctest/interpreter/test-interpreter.cc
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/test/cctest/wasm/test-run-wasm-64.cc
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/test/cctest/wasm/test-run-wasm-simd.cc
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/test/cctest/wasm/test-run-wasm.cc
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/test/cctest/wasm/test-wasm-interpreter-entry.cc
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/test/unittests/compiler/machine-operator-reducer-unittest.cc
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/test/unittests/compiler/typer-unittest.cc
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/test/unittests/interpreter/interpreter-assembler-unittest.cc
[modify] https://crrev.com/c640296e5a33ee0754babe9b60d93133ded060eb/test/unittests/wasm/function-body-decoder-unittest.cc

Comment 126 by bugdroid, Jan 28

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/e8faf62ca040df6b4dc7470474f9e48f286b1901

commit e8faf62ca040df6b4dc7470474f9e48f286b1901
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Mon Jan 28 21:15:59 2019

[ubsan][compiler] Avoid OOB array accesses in Node::inputs_

Since we allocate raw zone memory for its inputs right behind the Node
object anyway, drop the previously OOB-accessed 1-element array within
the Node and use address computation to get to the inputs storage.
Note that this saves one pointer per Node, except for Nodes with zero
inputs, where it uses 1*sizeof(Use) more memory than before.

Bug: v8:3770
Change-Id: I7f5965c6f1b49013eb7f5a447b685d47decaa8fb
Reviewed-on: https://chromium-review.googlesource.com/c/1436218
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59141}
[modify] https://crrev.com/e8faf62ca040df6b4dc7470474f9e48f286b1901/src/compiler/node.cc
[modify] https://crrev.com/e8faf62ca040df6b4dc7470474f9e48f286b1901/src/compiler/node.h

Comment 127 by bugdroid, Jan 28

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/cf330da43b4380574676bc3baefa920d3d88d48c

commit cf330da43b4380574676bc3baefa920d3d88d48c
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Mon Jan 28 21:22:19 2019

[ubsan][regexp] Avoid out-of-range casts from int to enum Result

NativeRegExpMacroAssembler::Match() can return either a Result sentinel
or an int indicating the number of matches, so it should return a plain
int which we can only safely cast to Result or IrregexpResult when it's
guaranteed to be the former case.

Bug: v8:3770
Change-Id: I4c3447e0cdebd5f825964e086574ab504a1799cd
Reviewed-on: https://chromium-review.googlesource.com/c/1435735
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59142}
[modify] https://crrev.com/cf330da43b4380574676bc3baefa920d3d88d48c/src/regexp/jsregexp.cc
[modify] https://crrev.com/cf330da43b4380574676bc3baefa920d3d88d48c/src/regexp/regexp-macro-assembler.cc
[modify] https://crrev.com/cf330da43b4380574676bc3baefa920d3d88d48c/src/regexp/regexp-macro-assembler.h
[modify] https://crrev.com/cf330da43b4380574676bc3baefa920d3d88d48c/test/cctest/test-regexp.cc

Comment 128 by bugdroid, Jan 28

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/a8aa4b4ef23a9d16da963ec23c473b3cb308d175

commit a8aa4b4ef23a9d16da963ec23c473b3cb308d175
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Mon Jan 28 21:23:24 2019

[ubsan] Fix Clusterfuzz-found bugs

Smi::LexicographicCompare: signed integer overflow on negation.
Drive-by improvement: reduce number of branches.

RegExpQuantifier: signed integer overflow on multiplication.

DateCache::DaylightSavingsOffsetInMs: signed integer overflow
on addition.

Bug: v8:3770,chromium:923466,chromium:923642,chromium:923626
Change-Id: If7d995a13893d1315449ee0bab8b5f2553e170f5
Reviewed-on: https://chromium-review.googlesource.com/c/1436229
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59143}
[modify] https://crrev.com/a8aa4b4ef23a9d16da963ec23c473b3cb308d175/src/date.cc
[modify] https://crrev.com/a8aa4b4ef23a9d16da963ec23c473b3cb308d175/src/objects.cc
[modify] https://crrev.com/a8aa4b4ef23a9d16da963ec23c473b3cb308d175/src/regexp/regexp-ast.h
[add] https://crrev.com/a8aa4b4ef23a9d16da963ec23c473b3cb308d175/test/mjsunit/ubsan-fuzzerbugs.js

Comment 129 by bugdroid, Jan 28

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/5befa0b4cf8d93faec194c9fab39800cc51e0f8d

commit 5befa0b4cf8d93faec194c9fab39800cc51e0f8d
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Mon Jan 28 21:54:39 2019

[ubsan] Fix overflowing numeric conversions

Numeric conversions are defined behavior iff the value is in the
range of what the target type can represent.

Bug: v8:3770
Change-Id: Ic6f2276c64cb39345a45d8e37e604c28ecca34c2
Reviewed-on: https://chromium-review.googlesource.com/c/1436216
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59144}
[modify] https://crrev.com/5befa0b4cf8d93faec194c9fab39800cc51e0f8d/src/builtins/builtins-sharedarraybuffer.cc
[modify] https://crrev.com/5befa0b4cf8d93faec194c9fab39800cc51e0f8d/src/compiler/machine-operator-reducer.cc
[modify] https://crrev.com/5befa0b4cf8d93faec194c9fab39800cc51e0f8d/src/conversions-inl.h
[modify] https://crrev.com/5befa0b4cf8d93faec194c9fab39800cc51e0f8d/src/inspector/value-mirror.cc
[modify] https://crrev.com/5befa0b4cf8d93faec194c9fab39800cc51e0f8d/src/parsing/parser.cc
[modify] https://crrev.com/5befa0b4cf8d93faec194c9fab39800cc51e0f8d/test/cctest/compiler/test-run-machops.cc
[modify] https://crrev.com/5befa0b4cf8d93faec194c9fab39800cc51e0f8d/test/cctest/wasm/test-run-wasm.cc
[modify] https://crrev.com/5befa0b4cf8d93faec194c9fab39800cc51e0f8d/test/cctest/wasm/wasm-run-utils.h

Comment 130 by bugdroid, Jan 31

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/4007378d86ba4b8a2caff327a127a0bffb671909

commit 4007378d86ba4b8a2caff327a127a0bffb671909
Author: Jakob Kummerow <jkummerow@chromium.org>
Date: Thu Jan 31 03:35:56 2019

[ubsan] Turn on full -fsanitize=undefined

The build config inherited from Chromium only enables a subset
of the checks that UBSan supports. We want them all, so this
patch overrides what "is_ubsan" means for V8.

Bug: v8:3770
Change-Id: I1d0a7d994279272f13ff1d4ac9ed235fcbfc0951
Reviewed-on: https://chromium-review.googlesource.com/c/1443502
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59222}
[modify] https://crrev.com/4007378d86ba4b8a2caff327a127a0bffb671909/BUILD.gn
[modify] https://crrev.com/4007378d86ba4b8a2caff327a127a0bffb671909/test/common/wasm/wasm-module-runner.cc

Comment 131 by bugdroid, Feb 20 (3 days ago)

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/1736ec6af4df3c9d31ca4d822142fe8fa2c35c21

commit 1736ec6af4df3c9d31ca4d822142fe8fa2c35c21
Author: Michael Achenbach <machenbach@chromium.org>
Date: Wed Feb 20 09:16:57 2019

[test] Remove obsolete ubsan suppression

NOTRY=true

Bug: v8:3770
Change-Id: I2357aae4f6be8158cb5fd75e467aa943f4929abe
Reviewed-on: https://chromium-review.googlesource.com/c/1477281
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59723}
[modify] https://crrev.com/1736ec6af4df3c9d31ca4d822142fe8fa2c35c21/tools/ubsan/blacklist.txt

Comment 132 by bugdroid, Feb 20 (3 days ago)

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/68abc4fe3686b27612c124483d2097d4055d30d2

commit 68abc4fe3686b27612c124483d2097d4055d30d2
Author: Michael Achenbach <machenbach@chromium.org>
Date: Wed Feb 20 09:54:14 2019

[test] Remove obsolete ubsan suppression

NOTRY=true
TBR=thakis@chromium.org

Bug: v8:3770
Change-Id: I7018a64fcbf89104f869c89d31957eed23b312a7
Reviewed-on: https://chromium-review.googlesource.com/c/1477897
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#633643}
[modify] https://crrev.com/68abc4fe3686b27612c124483d2097d4055d30d2/tools/ubsan/blacklist.txt
Showing comments 33 - 132 of 132 Older

Sign in to add a comment