Skip to content

[v10.x] deps: V8: backport b28637b4fe #31507

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[v10.x] deps: V8: backport b28637b4fe #31507

wants to merge 1 commit into from

Conversation

bnoordhuis
Copy link
Member

@bnoordhuis bnoordhuis commented Jan 25, 2020
edited
Loading

Original commit message:

Apply duct-tape to load elimination

Load elimination is running together with to dead code elimination,
the latter of which might eliminate allocations (in particular
FinishRegion nodes). These are treated as alias nodes by load
elimination, and load elimination does not immediatelly learn that
a node has been disconnected. This causes load elimination to access
the inputs of dead code eliminated nodes while resolving renames,
which causes nullptr dereferences.

This CL modifies load elimination to not resolve to a nullptr alias
but simply stop before that.

Change-Id: If4cef061c7c0e25f353727c9e27f790439b0beb5
Bug: chromium:906406
Reviewed-on: https://chromium-review.googlesource.com/c/1346491
Commit-Queue: Sigurd Schneider <[email protected]>
Reviewed-by: Jaroslav Sevcik <[email protected]>
Cr-Commit-Position: refs/heads/master@{#57688}

Fixes: #31484
V8 CI: https://ci.nodejs.org/job/node-test-commit-v8-linux/2819/

@bnoordhuis bnoordhuis requested a review from targos January 25, 2020 10:40
@nodejs-github-bot nodejs-github-bot added v10.x v8 engine Issues and PRs related to the V8 dependency. labels Jan 25, 2020
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/28637/

@bnoordhuis bnoordhuis mentioned this pull request Jan 25, 2020
Closed
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/28684/

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/28708/

@bnoordhuis
Copy link
Member Author

The reporter of #31484 tried out this patch but he's unfortunately still seeing the crash. This PR fixes a crash though - the V8 regression test crashes without the fix and passes with.

I'll update the commit log.

@sigurdschneider @bnoordhuis
deps: V8: backport b28637b4fe
973cdc7 
Original commit message:

    Apply duct-tape to load elimination

    Load elimination is running together with to dead code elimination,
    the latter of which might eliminate allocations (in particular
    FinishRegion nodes). These are treated as alias nodes by load
    elimination, and load elimination does not immediatelly learn that
    a node has been disconnected. This causes load elimination to access
    the inputs of dead code eliminated nodes while resolving renames,
    which causes nullptr dereferences.

    This CL modifies load elimination to not resolve to a nullptr alias
    but simply stop before that.

    Change-Id: If4cef061c7c0e25f353727c9e27f790439b0beb5
    Bug: chromium:906406
    Reviewed-on: https://chromium-review.googlesource.com/c/1346491
    Commit-Queue: Sigurd Schneider <[email protected]>
    Reviewed-by: Jaroslav Sevcik <[email protected]>
    Cr-Commit-Position: refs/heads/master@{nodejs#57688}
@bnoordhuis bnoordhuis mentioned this pull request Feb 2, 2020
Closed
@bnoordhuis
Copy link
Member Author

Closing in favor of #31613. I reviewed load-elimination.cc and there were more places that had the same bug.

@bnoordhuis bnoordhuis closed this Feb 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@addaleax addaleax addaleax approved these changes

@targos targos Awaiting requested review from targos

+1 more reviewer

@devnexen devnexen devnexen approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
v8 engine Issues and PRs related to the V8 dependency.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@bnoordhuis @nodejs-github-bot @addaleax @devnexen @sigurdschneider