base fuzzili update #52
Open
Dudcom wants to merge 311 commits into
Open
Conversation
Change-Id: Id1322a5847527125d3282da5d80e861422bd7f45 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8914597 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Pawel Krawczyk <pawkra@google.com>
Change-Id: Ia6616629177ee5f941377471a998d59e1ab31d06 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8922297 Reviewed-by: Pawel Krawczyk <pawkra@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Adds support for wasm struct.new operation to be able to generate structs with initial non-default values. Bug: 474940922 Change-Id: Ic8f1cc8d7f9dc24dc73b342fb3d55c35e1a33446 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8921896 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Dominik Klemba <tacet@google.com> Commit-Queue: Doga Yüksel <dyuksel@google.com>
Change-Id: Id6f1609bf09df512aced5db86f979e3709647446 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8926736 Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 475996631 Change-Id: I2fed02882da99abdaaca11d5bed21ebd0f0ff833 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8932836 Auto-Submit: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Michael Achenbach <machenbach@google.com> Commit-Queue: Michael Achenbach <machenbach@google.com>
So far we didn't try to resolve input requirements for JS types by scheduling code generators that produce these inputs. This change fixes that and also fixes the test case and the compile warning it produces for the unused Swift variable due to commented out code. Change-Id: I7c090fc164b00df5ef31353447ae4f993538c437 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8929438 Reviewed-by: Dominik Klemba <tacet@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
in cases where it doesn't have a wasmReferenceType WasmTypeExtension. The better printing in commit f418a5e doesn't do anything if we don't ever reach it because we already crash earlier. This change adapts generateRandomWasmVar to return nil if it receives an index reference type without the expected type extension. If this still causes crashes, we'd then get the better error message from above. Bug: 475996631 Change-Id: I86f89855724f09de3875770e2380257c07d54062 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8932837 Commit-Queue: Michael Achenbach <machenbach@google.com> Reviewed-by: Michael Achenbach <machenbach@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com>
Bug: 475996631 Change-Id: If8b92877f88b5852184d69477bc508d6c039c294 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8932857 Reviewed-by: Michael Achenbach <machenbach@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com>
While the WasmTypeGroupReducer shall remove all inputs which are not used from the WasmEndTypeGroup (so that these types can be removed in a following iteration), it should still expose all types which are used inside the type group, so that the JSTyper still continues to handle them correctly. This will hopefully fix the current crashes we are observing for types missing the linkage from a wasm index reference type to the corresponding type definition variable in the JSTyper. Bug: 475996631 Change-Id: I571a44fabee3f302c8f53fad14d6f62263d0a8ca Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8935617 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Michael Achenbach <machenbach@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com>
Bug: 442444727 Change-Id: I2b829da00393a63f40ac2791091ff73bd288aa24 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8935636 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Michael Achenbach <machenbach@google.com>
Adds support for ref.eq instruction to be generated Bug: 474940922 Change-Id: I7b88ceffed5252878132406da30a570be01f13ad Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8933276 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Doga Yüksel <dyuksel@google.com>
Seems like the previous change didn't do that because configuration objects never got this boolean. Bug: 422361840 Change-Id: I9a4fd2af616b7dd5dd27126fe10004374a41992a Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8940976 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
Bug: 441467877 Change-Id: I7278380605e40ca79b4dc889cb8b6734aa7c4327 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8908076 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Danylo Mocherniuk <mdanylo@google.com>
By removing the types from the WasmThrow, this prepares Fuzzilli to adapt the tags as a next step to use wasm-gc signatures instead of static parameter types (there might be more dependencies for that). Bug: 445356784 Change-Id: I852a84efd928ed593bbb84105a95ab7a09cde9a7 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8926696 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Doga Yüksel <dyuksel@google.com>
Bug: 445356784 Change-Id: I960d64621c3faac93083b44935382a05dee93d84 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8926697 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Doga Yüksel <dyuksel@google.com>
Bug: 445356784 Change-Id: I5d827c480f633e4efe565ac139f91c4fb5e04e79 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8926698 Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 445356784 Change-Id: Ia1a6b4606ba85e5c6f0093cc8c43cc4726a7b907 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8926699 Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 445356784 Change-Id: If6049b20eb2a77ce27c04412f571af7626b4216b Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8926700 Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 445356784 Change-Id: Ia9ced154e6f1ce465c257e0e17c53782ec13f442 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8926836 Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 445356784 Change-Id: Idbe0b038ecd47b371639219edababaf7e33d1054 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8929536 Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
One of them should be enough. :) Bug: 445356784 Change-Id: Ib0f215bcd41c2801d2b5d43c6255b17a5d979dd2 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8944236 Auto-Submit: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 442444727 Change-Id: I4639df028436c02f59a26e12e3930bee209ab506 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8949196 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bug: 442444727 Change-Id: I77dc4619f6eba65bf7417fbb36609eb42993121c Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8952396 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Main functionality was merged into codebase by now. Bug: 441467877 Change-Id: Ibcd2c7873188e52cf0db0dcdfacf8150ee694107 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8947917 Commit-Queue: Dominik Klemba <tacet@google.com> Reviewed-by: Dominik Klemba <tacet@google.com> Commit-Queue: Danylo Mocherniuk <mdanylo@google.com>
Change-Id: I947059c23b71448a97b58a3f36f79f8fef0b8ff7 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8956180 Commit-Queue: Danylo Mocherniuk <mdanylo@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Danylo Mocherniuk <mdanylo@google.com>
This fixes #545 (by just doing the same for the other kinds of disposable variables that we already do for `loadDisposableVariable`) Change-Id: I11ddb6323124deb7f99dbf110fee214be62b33a9 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8956877 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Michael Achenbach <machenbach@google.com>
Bug: 450237486 Change-Id: I30de85f87ca170a998fc17a72e15c4579db37774 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8901996 Auto-Submit: Olivier Flückiger <olivf@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
This fixes #546 Change-Id: I8331dd909c05a51bfe73749e8677b18501e261bd Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8956179 Reviewed-by: Michael Achenbach <machenbach@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com>
Add the `--maglev-assert-types` flag to the list of possible flags, with a 10% probability. This flag is enabled only when sandbox-fuzzing is disabled. Change-Id: Ic710d8b6c185af79979b50bb991672e6e1563dd3 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8963977 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Dominik Klemba <tacet@google.com> Reviewed-by: Michael Achenbach <machenbach@google.com> Reviewed-by: Marja Hölttä <marja@chromium.org>
Had some logs about them, but removed them for review. Now it is time to add proper reporting. Bug:441467877 Change-Id: I03bf6a6ae447caa4bc3eae202709fb2976a017c0 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8969557 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Danylo Mocherniuk <mdanylo@google.com>
… OperationMutator Bug: 342521422 Change-Id: I64b68d2b3e5aa78b329d56494a76f9caac626480 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9278600 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Marja Hölttä <marja@google.com>
To support assumptions regarding the typing of a `jsMap`'s elements, this CL makes `jsMap` optionally parametrizable through the `createJsMapType` function. This CL also introduces a `CreateMap` operation that persists the key and value type arguments for the map. This CL avoids introducing type serialization for the type arguments, storing the type group names instead. Parameterized iterables details: cc0ff34 Bug: 510424762 Change-Id: I570fb962dc027d48e222acc62b85609cd1048d15 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9274841 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Tigran Bantikyan <bantikyan@google.com>
This CL includes outputs in the IL, similarly to how we already do for WasmBranchOnNull. So they won’t be dropped, but spilled. We also don't drop outputs of WasmBranch now, as this code is unreachable. Change-Id: I7b6e9ee6a1bb91aa23dab5e68cf0237742f073ef Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9273901 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Leon Bettscheider <bettscheider@google.com>
as this can cause issues with variable visibility. (assert only) Ad-hoc signatures exist so that we are always able to generate e.g. a wasm function definition even if we are already in the .wasm context and therefore can't emit a wasm type group any more (which are only allowed in the .javascript context). However, these signatures are there for that wasm function then, not to use them as element types as part of other types (e.g. another ad-hoc signature for a Wasm tag definition as such a tag can be exported and reimported by a different module and then a throw of that tag might need to create a value of the element's type (which is the other ad-hoc signature that was only visible in the first Wasm module.) Bug: 445356784 Fixed: 508306801 Change-Id: Idf10b4093913dc252dbead329fad7d54ff46615d Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9267281 Auto-Submit: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Leon Bettscheider <bettscheider@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
With this change wasm functions can finally include wasm-gc index types in their parameter and result types. Bug: 445356784 Change-Id: I9a57724206d853218624fb8dcfa916169b82a573 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9197816 Auto-Submit: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Leon Bettscheider <bettscheider@google.com> Reviewed-by: Leon Bettscheider <bettscheider@google.com>
in block arugments. All usages have been adapted to using wasm-gc signatures and therefore allow indexed wasm-gc types. Bug: 445356784 Change-Id: I9db52423e11f5658c7ed20870d51d867eb17c573 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9288584 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Leon Bettscheider <bettscheider@google.com>
Add support for CreateMap operations in VariadicInputReducer, OperationMutator, and MinimizationPostProcessor. Fixed: 510424762 Change-Id: Ia7fc6c70922dac8f265746895b0a6894611437d6 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9289344 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Tigran Bantikyan <bantikyan@google.com>
The flag was removed in: https://crrev.com/c/7840605 Change-Id: I49e417d602fc6a6fd40e2ca852dc4c7965e84ff3 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9305241 Auto-Submit: Michael Achenbach <machenbach@google.com> Reviewed-by: Clemens Backes <clemensb@google.com> Commit-Queue: Clemens Backes <clemensb@google.com>
Bug: 447125167 Change-Id: I694c2feac0d42f1afb47f3ec2e9c94b2401382fe Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9279080 Reviewed-by: Rezvan Mahdavi Hezaveh <rezvan@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 447125167 Change-Id: Ifa7899b5e12a30718f64ccac36e693aa91020e5d Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9288582 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Rezvan Mahdavi Hezaveh <rezvan@google.com>
This flag used to be always set in fuzzers due to the implication from `--fuzzing`, but the implication is removed now (crrev.com/c/7845199). Hence randomize it with high probability (still not 100% to avoid having blind spots), except for sandbox fuzzers where it'd not bring any benefit due to them ignoring CHECKs. Bug: 475707969 Change-Id: Ia8a495af600acc40dcd188fc1726e1e039237c79 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9310081 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Maksim Ivanov <emaxx@google.com>
Add support for handling CreateArray operations with the `elementGroupName` property set in OperationMutator and MinimizationPostProcessor. Bug: 503429420 Change-Id: I29170419cda15d9a73d0a9ad43aaa2ebd0322081 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9293280 Commit-Queue: Tigran Bantikyan <bantikyan@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
Add randomized addition of --no-flush-bytecode, to occasionally test this non-production scenario. Don't explicitly add --flush-bytecode: it's the default value anyway, and it didn't help to reenable it when flag implications (--jit-fuzzing to --no-flush-bytecode) disable it. Bug: 475707969 Change-Id: Ia2c2141430f222f6c3d7c4cb946762c725c65204 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9278461 Commit-Queue: Maksim Ivanov <emaxx@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
Bug: 514576448 Change-Id: I5b818576409d654a039edac6dbcfa959352018aa Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9296863 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Marja Hölttä <marja@google.com> Auto-Submit: Raphaël Hérouart <rherouart@google.com>
Bug: 514576448 Change-Id: I4f0236055f21611a582fef526a721e13f58ca2f9 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9310040 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Marja Hölttä <marja@google.com> Commit-Queue: Raphaël Hérouart <rherouart@google.com> Auto-Submit: Raphaël Hérouart <rherouart@google.com>
Bug: 445356784 Change-Id: I3a07fe4d292dd5b988c655936e0abd889338cbe8 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9310720 Auto-Submit: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Leon Bettscheider <bettscheider@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
This CL adds the `selectionMode` property to the `OptionsBag` struct to configure how `OptionsBag` selects the properties for the object literal it generates. The default behavior is preserved with the `anySubset` case. The new `exactlyOne` case configures `OptionsBag` to select exactly one property for the object literal. This CL also makes `OptionsBag` easily usable in profiles by adding an `additionalOptionsBag` property to the `Profile` struct and by removing the strict assert on the supported `OptionsBag` properties array. Bug: 512875834 Change-Id: I6b6348f515cc736ee281af9c9e384ac93eaf762c Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9311541 Commit-Queue: Tigran Bantikyan <bantikyan@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
Bug: 514576448 Change-Id: I7d2b1580b49211e1ec184f78798588eb7b4ea6ca Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9313600 Reviewed-by: Michael Achenbach <machenbach@google.com> Commit-Queue: Raphaël Hérouart <rherouart@google.com> Reviewed-by: Marja Hölttä <marja@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
Bug: 514906333 Change-Id: Ib94a058c73bab07f1b9292e102439af847593006 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9310083 Reviewed-by: Leon Bettscheider <bettscheider@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
…tions TAG=agy CONV=0a8bad59-c896-4fbd-925a-620838620623 Change-Id: I82d1eafe22df70aa455b98d0de8795820398a08c Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9320640 Reviewed-by: Raphaël Hérouart <rherouart@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Marja Hölttä <marja@google.com>
BUG=515494290 TAG=agy CONV=3987abe0-de45-4002-95ae-4f62b5e0cf10 Change-Id: I0324d4ef618f2bae310eb392ddff5aa3b71b9c0d Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9320641 Commit-Queue: Marja Hölttä <marja@google.com> Reviewed-by: Michael Achenbach <machenbach@google.com>
Bug: 515363087 Change-Id: I06060612d8eee9bf783a849352435c5b4bf9c893 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9317280 Auto-Submit: Raphaël Hérouart <rherouart@google.com> Reviewed-by: Marja Hölttä <marja@google.com> Reviewed-by: Michael Achenbach <machenbach@google.com> Commit-Queue: Raphaël Hérouart <rherouart@google.com>
1) Hide variables outside the worker function so that the function doesn't use them. 2) Make the main thread wait for the worker to finish. Fixed: 497549860 Change-Id: If3b22fae7e61cca33b1c55fbfab3fcf9f5f6abaf Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9282445 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Marja Hölttä <marja@google.com>
Previously, randomWasmTypeDef() would only return type definitions of non-ad-hoc signatures. With this fix, it should also return array and struct type definitions. Bug: 445356784 Change-Id: I6b131c42e61c17771fa211c213d64456b964bdb5 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9320520 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Leon Bettscheider <bettscheider@google.com>
This CL adds support for the br_on_cast instruction. Bug: 474940922 Change-Id: Iadb552b42b1c721d0b5c462afda75aff91bb4791 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9300280 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Support for "import * as ns" import syntax, including the deferred import variant. Other imports (named, default, etc.) are future work. https://github.com/tc39/proposal-defer-import-eval Bug: 398218423 Change-Id: If0e691054f0668cd4eed2bbdc9532b0c520fec4a Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9313400 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Olivier Flückiger <olivf@google.com>
This CL adds support for the br_on_cast_fail instruction. Bug: 474940922 Change-Id: Icacbd109fff843179f69806769437322f14326c8 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9299601 Commit-Queue: Leon Bettscheider <bettscheider@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
Bug: 515363087 Change-Id: I41e4b487ee08dbf7da22959c6c1d08e4099a6ad4 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9317282 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Raphaël Hérouart <rherouart@google.com> Auto-Submit: Raphaël Hérouart <rherouart@google.com>
This was staged for V8 in https://crrev.com/c/7845195. Bug: 465715798 Change-Id: I1b01eea17c3c1049d66251de6a025747aef43bb7 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9333500 Reviewed-by: Olivier Flückiger <olivf@google.com> Commit-Queue: Olivier Flückiger <olivf@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com>
Node.js v26 branched, the new nightly version is v27. we need to stay up-to-date to be able to test new V8 features. Change-Id: I4eea87f24cfff0e2cb48cb21904d6c0c5bb97421 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9317781 Commit-Queue: Marja Hölttä <marja@google.com> Reviewed-by: Marja Hölttä <marja@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
15 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
updating with head