| 文件 | 最后提交记录 | 最后更新时间 |
|---|---|---|
[v8]arkweb JS OOM use hisysevent TicketNo: DTS2026031703156 Description: [v8]arkweb JS OOM use hisysevent Team:gitcode Feature or Bugfix: Binary Source: sync from gitcode PrivateCode(Yes/No):No ------ DO NOT MODIFY, AUTO-GENERATED! ------ PR-Num: 423 gitcode-PR: https://gitcode.com/openharmony-tpc/chromium_v8/pull/423 UserId:30014474 Change-Id: I1774926181646c6e5ef7fedaa422fbb6d3f10079 Reviewed-by: h00886390,y00500721 Approved-by: y00500721 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/537 Merged-by: public pjenkins Signed-off-by: jiang-qunchao <jiangqunchao@huawei.com> revert merge request: DTS2026031703156 [v8]arkweb JS OOM use hisysevent 351414b4ddbbad9107cf7f18b48f3d8ed3016bbd This revert merge request !451 | 1 个月前 | |
[asm] Consider '\r' for semicolon insertion JS considers '\r' a line terminator, just like '\n'. Asm.js parsing should do the same. R=jkummerow@chromium.org Fixed: 451649545 Change-Id: Ibd56ce7a9b94142de82e55950af0faf7063ba6fd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7044667 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#103135} | 8 个月前 | |
fix with scope TicketNo: DTS2026051940369 Description: Team:gitee Feature or Bugfix:Feature Binary Source: sync from gitee PrivateCode(Yes/No):No Change-Id: I2b7658a4b9c1244eb1041bb496b1db17100c0e6b Reviewed-by: w00518651,y00500721 Approved-by: y00500721 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/589 Merged-by: public pjenkins Signed-off-by: jiang-qunchao <jiangqunchao@huawei.com> revert merge request: DTS2026051940369 6cd1218596c399ae2ad5da38e155a551cd257843 This revert merge request !461 | 1 个月前 | |
TicketNo: AR20260205242358 Description: enable jitfort for memory w^x protection Team: OTHERS Feature or Bugfix: Feature Binary Source: No PrivateCode(Yes/No):No Change-Id: I8d4400f57dfa19993aa1fd8fa2ac4376f6abda71 Reviewed-by: z30069899 Approved-by: y00500721 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/531 Merged-by: public pjenkins Signed-off-by: s00502827 <shulin3@huawei.com> revert merge request: AR20260205242358 enable jitfort for memory w^x protection cdaa8cb6bdc83221f0b8d98f7f9da30c11ad5036 This revert merge request !458 | 1 个月前 | |
[interpreter] Improve bytecode disassembler output Pass the constant pool to the bytecode decoder, so that constants can be printed as part of the bytecode itself. Also improve printing of the new split index types. Change-Id: Ia65149765b03a8d2665810b1d377e5b497600d15 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7209311 Commit-Queue: Patrick Thier <pthier@chromium.org> Reviewed-by: Patrick Thier <pthier@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#104020} | 7 个月前 | |
TicketNo:DTS2026040312077;DTS2026040207037;DTS2026040207036;DTS2026040135724;DTS2026040135722;DTS2026032818442;DTS2026032530470;DTS2026032530464;DTS2026031327981;DTS2026031222703;DTS2026031222694;DTS2026031222686;DTS2026031222671;DTS2026031222662;DTS2026031222654 Description:【CVE-2026-4450】【487746373】【490642836】【CVE-2026-4457】【488803413】[CVE-2026-4461][490558172][489159859][481749436][491191100][492077213][496629079][472181383][480442279][481295170][485784597][474402856][483220222] Team:v8 Feature or Bugfix:Bugfix Binary Source:No PrivateCode(Yes/No):No Change-Id: Iae84c8fcc36a25b1936ec0997008368f70096cd6 Reviewed-by: y00500721 Approved-by: w00518651 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/534 Merged-by: public pjenkins Signed-off-by: Marja Hölttä <marja@chromium.org> | 1 个月前 | |
TicketNo:DTS2026040312077;DTS2026040207037;DTS2026040207036;DTS2026040135724;DTS2026040135722;DTS2026032818442;DTS2026032530470;DTS2026032530464;DTS2026031327981;DTS2026031222703;DTS2026031222694;DTS2026031222686;DTS2026031222671;DTS2026031222662;DTS2026031222654 Description:【CVE-2026-4450】【487746373】【490642836】【CVE-2026-4457】【488803413】[CVE-2026-4461][490558172][489159859][481749436][491191100][492077213][496629079][472181383][480442279][481295170][485784597][474402856][483220222] Team:v8 Feature or Bugfix:Bugfix Binary Source:No PrivateCode(Yes/No):No Change-Id: Iae84c8fcc36a25b1936ec0997008368f70096cd6 Reviewed-by: y00500721 Approved-by: w00518651 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/534 Merged-by: public pjenkins Signed-off-by: Marja Hölttä <marja@chromium.org> | 1 个月前 | |
TicketNo:DTS2026040312077;DTS2026040207037;DTS2026040207036;DTS2026040135724;DTS2026040135722;DTS2026032818442;DTS2026032530470;DTS2026032530464;DTS2026031327981;DTS2026031222703;DTS2026031222694;DTS2026031222686;DTS2026031222671;DTS2026031222662;DTS2026031222654 Description:【CVE-2026-4450】【487746373】【490642836】【CVE-2026-4457】【488803413】[CVE-2026-4461][490558172][489159859][481749436][491191100][492077213][496629079][472181383][480442279][481295170][485784597][474402856][483220222] Team:v8 Feature or Bugfix:Bugfix Binary Source:No PrivateCode(Yes/No):No Change-Id: Iae84c8fcc36a25b1936ec0997008368f70096cd6 Reviewed-by: y00500721 Approved-by: w00518651 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/534 Merged-by: public pjenkins Signed-off-by: Marja Hölttä <marja@chromium.org> | 1 个月前 | |
TicketNo: AR20260205242358 Description: enable jitfort for memory w^x protection Team: OTHERS Feature or Bugfix: Feature Binary Source: No PrivateCode(Yes/No):No Change-Id: I8d4400f57dfa19993aa1fd8fa2ac4376f6abda71 Reviewed-by: z30069899 Approved-by: y00500721 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/531 Merged-by: public pjenkins Signed-off-by: s00502827 <shulin3@huawei.com> revert merge request: AR20260205242358 enable jitfort for memory w^x protection cdaa8cb6bdc83221f0b8d98f7f9da30c11ad5036 This revert merge request !458 | 1 个月前 | |
2026.03.30 arkweb_144代码蓝黄同步 Signed-off-by: jiujiaoxiaogula <sujiahao10@huawei.com> Change-Id: I00194d339064f999dedfc211cd5af5501cbed0fb | 3 个月前 | |
[v8] Fix CVE-491884710 CVE-470566252 CVE-484527367 CVE-483851888 CVE-495679730 CVE-487768771 CVE-496301615 CVE-486927780 TicketNo: DTS2026040900445 Description: [v8] Fix CVE Team:gitcode Feature or Bugfix: Binary Source: sync from gitcode PrivateCode(Yes/No):No Change-Id: I9cc86759f497b795aaa41f2cccab2efc3892eb26 Reviewed-by: j30014474,y00500721 Approved-by: y00500721 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/540 Merged-by: public pjenkins Signed-off-by: gaojunyu <gaojunyu2@h-partners.com> revert merge request: DTS2026012010158 [v8] Fix CVE 64df2ca2a94233d7fa209bb3244843ceb12235ca This revert merge request !452 | 1 个月前 | |
heap_dump_1 for jsvm TicketNo: AR20260205251565 Description: heap_dump_1 for jsvm Team:gitee Feature or Bugfix: Binary Source: sync from gitee PrivateCode(Yes/No):No Change-Id: I2c4bf8190cab99d9278a68c3c7f94092f0507054 Reviewed-by: y00500721 Approved-by: w00518651 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/558 Merged-by: public pjenkins Signed-off-by: huanghan18 <huanghan18@huawei.com> revert merge request: AR20260205251565 heap_dump_1 for jsvm 5fae5665635fc7a1b52e325454044501fafec68e This revert merge request !453 | 1 个月前 | |
[compiler] Optimize Date.prototype.getXXX() accessors ... in Maglev and TurboFan. This CL: - adds NoDateTimeConfigurationChangeProtector, - makes sure that JSDate's cached fields are always initialized, which make it possible to read cached fields directly without additional run-time checks. Drive-by: - move DateCache::stamp_ field to IsolateData (this removes one indirection on access and avoids potential issues with reallocated DateCache object), - make deserializer recompute cached fields after deserialization to match current date/time configuration which could have been different during snapshot creation, - simplify definition of alignment padding fields in ISOLATE_DATA_FIELDS by introducing PADDING_FIELD macro. Bug: 411352101 Change-Id: I69e25b1ce7e2c79f9aeee69e97192be62a08c2c0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6535917 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by: Darius Mercadier <dmercadier@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#100248} | 1 年前 | |
2026.03.30 arkweb_144代码蓝黄同步 Signed-off-by: jiujiaoxiaogula <sujiahao10@huawei.com> Change-Id: I00194d339064f999dedfc211cd5af5501cbed0fb | 3 个月前 | |
2026.03.30 arkweb_144代码蓝黄同步 Signed-off-by: jiujiaoxiaogula <sujiahao10@huawei.com> Change-Id: I00194d339064f999dedfc211cd5af5501cbed0fb | 3 个月前 | |
[v8] Fix CVE-498095290 495751197 497404188 TicketNo: DTS2026041307131 Description: [v8] Fix CVE Team:gitcode Feature or Bugfix: Binary Source: sync from gitcode PrivateCode(Yes/No):No Change-Id: I0685a6966e3fe17da7b8bb20d56b9699d170e9ba Reviewed-by: z30069899,y00500721 Approved-by: y00500721 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/552 Merged-by: public pjenkins Signed-off-by: gaojunyu <gaojunyu2@h-partners.com> revert merge request: DTS2026041307131 [v8] CVE-498095290 495751197 497404188 8ac5be1238b0a137cdb8cbe2561e68832faedf46 This revert merge request !454 | 1 个月前 | |
[dumpling] Disable by default Dumpling enablement regressed JetStream2 First-Score by 2%. Bug: 441467877 Change-Id: I6a54ea08d0e1d03fed3f8819c599672187573b21 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7131800 Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Danylo Mocherniuk <mdanylo@chromium.org> Commit-Queue: Danylo Mocherniuk <mdanylo@chromium.org> Cr-Commit-Position: refs/heads/main@{#103606} | 7 个月前 | |
heap_dump_1 for jsvm TicketNo: AR20260205251565 Description: heap_dump_1 for jsvm Team:gitee Feature or Bugfix: Binary Source: sync from gitee PrivateCode(Yes/No):No Change-Id: I2c4bf8190cab99d9278a68c3c7f94092f0507054 Reviewed-by: y00500721 Approved-by: w00518651 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/558 Merged-by: public pjenkins Signed-off-by: huanghan18 <huanghan18@huawei.com> revert merge request: AR20260205251565 heap_dump_1 for jsvm 5fae5665635fc7a1b52e325454044501fafec68e This revert merge request !453 | 1 个月前 | |
[heap] Add flag for the output path of heap snapshots Bug: 454091455 Change-Id: I1704abca6083ffe0b20400dcd9090b1bd855450f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7079369 Commit-Queue: Andreas Haas <ahaas@google.com> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#103346} | 8 个月前 | |
heap_dump_1 for jsvm TicketNo: AR20260205251565 Description: heap_dump_1 for jsvm Team:gitee Feature or Bugfix: Binary Source: sync from gitee PrivateCode(Yes/No):No Change-Id: I2c4bf8190cab99d9278a68c3c7f94092f0507054 Reviewed-by: y00500721 Approved-by: w00518651 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/558 Merged-by: public pjenkins Signed-off-by: huanghan18 <huanghan18@huawei.com> revert merge request: AR20260205251565 heap_dump_1 for jsvm 5fae5665635fc7a1b52e325454044501fafec68e This revert merge request !453 | 1 个月前 | |
[sandbox] Introduce AbortWithSandboxViolation Normally, for sandbox testing/fuzzing, we ignore Abort(), CHECK() etc. as these represent controlled (and therefore safe) crashes. However, there are cases where we can detect a compromised state, but only too late to reliably mitigate exploitation. For these cases, we now introduce a new AbortWithSandboxViolation function which can be used to crash but still report a sandbox violation during fuzzing. One specific use case is the interpreter executing an unknown bytecode. This typically means that we're executing arbitrary bytecode, and just happen to execute an invalid opcode. However, as the bytecode may be attacker-controlled, this is likely an exploitable condition. Prior to this change, our sandbox fuzzers would not treat this as a sandbox violation as we'd crash with a nullptr deref. With this CL, we now use AbortWithSandboxViolation to report this appropriately. Bug: 461681036 Change-Id: I7afee7bf7c762cae6ffd7b8515c693e8e1401466 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7203123 Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#103959} | 7 个月前 | |
[handles] Annotate Extend with PRESERVE_MOST This restores the annotation that was previously removed due to regressions. Right now on speedometer3.1 / M4 (crossbench) it seems to be possible, and neutral on the other runs. Let's land and see if things are different now. Bug: 40902305 Change-Id: Ia0ce0e23e966a5c1c58e80af5bd8cc0f267f3836 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7183857 Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Auto-Submit: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#103878} | 7 个月前 | |
heap_dump_1 for jsvm TicketNo: AR20260205251565 Description: heap_dump_1 for jsvm Team:gitee Feature or Bugfix: Binary Source: sync from gitee PrivateCode(Yes/No):No Change-Id: I2c4bf8190cab99d9278a68c3c7f94092f0507054 Reviewed-by: y00500721 Approved-by: w00518651 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/558 Merged-by: public pjenkins Signed-off-by: huanghan18 <huanghan18@huawei.com> revert merge request: AR20260205251565 heap_dump_1 for jsvm 5fae5665635fc7a1b52e325454044501fafec68e This revert merge request !453 | 1 个月前 | |
2026.03.30 arkweb_144代码蓝黄同步 Signed-off-by: jiujiaoxiaogula <sujiahao10@huawei.com> Change-Id: I00194d339064f999dedfc211cd5af5501cbed0fb | 3 个月前 | |
heap_dump_1 for jsvm TicketNo: AR20260205251565 Description: heap_dump_1 for jsvm Team:gitee Feature or Bugfix: Binary Source: sync from gitee PrivateCode(Yes/No):No Change-Id: I2c4bf8190cab99d9278a68c3c7f94092f0507054 Reviewed-by: y00500721 Approved-by: w00518651 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/558 Merged-by: public pjenkins Signed-off-by: huanghan18 <huanghan18@huawei.com> revert merge request: AR20260205251565 heap_dump_1 for jsvm 5fae5665635fc7a1b52e325454044501fafec68e This revert merge request !453 | 1 个月前 | |
[v8] Fix CVE-491884710 CVE-470566252 CVE-484527367 CVE-483851888 CVE-495679730 CVE-487768771 CVE-496301615 CVE-486927780 TicketNo: DTS2026040900445 Description: [v8] Fix CVE Team:gitcode Feature or Bugfix: Binary Source: sync from gitcode PrivateCode(Yes/No):No Change-Id: I9cc86759f497b795aaa41f2cccab2efc3892eb26 Reviewed-by: j30014474,y00500721 Approved-by: y00500721 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/540 Merged-by: public pjenkins Signed-off-by: gaojunyu <gaojunyu2@h-partners.com> revert merge request: DTS2026012010158 [v8] Fix CVE 64df2ca2a94233d7fa209bb3244843ceb12235ca This revert merge request !452 | 1 个月前 | |
TicketNo:DTS2026040312077;DTS2026040207037;DTS2026040207036;DTS2026040135724;DTS2026040135722;DTS2026032818442;DTS2026032530470;DTS2026032530464;DTS2026031327981;DTS2026031222703;DTS2026031222694;DTS2026031222686;DTS2026031222671;DTS2026031222662;DTS2026031222654 Description:【CVE-2026-4450】【487746373】【490642836】【CVE-2026-4457】【488803413】[CVE-2026-4461][490558172][489159859][481749436][491191100][492077213][496629079][472181383][480442279][481295170][485784597][474402856][483220222] Team:v8 Feature or Bugfix:Bugfix Binary Source:No PrivateCode(Yes/No):No Change-Id: Iae84c8fcc36a25b1936ec0997008368f70096cd6 Reviewed-by: y00500721 Approved-by: w00518651 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/534 Merged-by: public pjenkins Signed-off-by: Marja Hölttä <marja@chromium.org> | 1 个月前 | |
Fix gcc build For json-parser.h: ../../src/json/json-parser.h:298:13: error: explicit specialization in non-namespace scope 'class v8::internal::JsonParser<Char>' 298 | template <> | ^ ../../src/json/json-parser.h:299:18: error: template-id 'IsNextToken<v8::internal::JsonToken::EOS>' in declaration of primary template 299 | V8_INLINE bool IsNextToken<JsonToken::EOS>() { | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ For wasm-objects.cc: ../../src/wasm/wasm-objects.cc:2522:45: error: no matching function for call to 'v8::internal::WasmDispatchTable::SetForNonWrapper<v8::internal::WasmDispatchTable>( v8::internal::WasmDispatchTable&, int&, v8::internal::Tagged<v8::internal:: Union<v8::internal::Smi, v8::internal::WasmTrustedInstanceData> >&, v8::internal::WasmCodePointer&, v8::internal::wasm::CanonicalTypeIndex&, v8::internal::WasmDispatchTable::NewOrExistingEntry&)' error: no matching function for call to 'v8::internal::WasmDispatchTable:: SetForWrapper<v8::internal::WasmDispatchTable>(v8::internal::WasmDispatchTable&, int&, v8::internal::Tagged<v8::internal::WasmImportData>&, std::shared_ptr<v8:: internal::wasm::WasmImportWrapperHandle>&, v8::internal::wasm:: CanonicalTypeIndex&, v8::internal::WasmDispatchTable::NewOrExistingEntry&)' For the fix fully qualify calls to SetForWrapper and SetForNonWrapper with ::v8::internal:: to avoid accidental lookup of class member names. This resolves template resolution errors caused by unqualified calls inside WasmDispatchTable and WasmDispatchTableForImports member functions. Change-Id: I687935a05dc754db686deaa0f93079d350aae07e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7107891 Reviewed-by: Patrick Thier <pthier@chromium.org> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Commit-Queue: Milad Farazmand <mfarazma@ibm.com> Cr-Commit-Position: refs/heads/main@{#103547} | 7 个月前 | |
2026.03.30 arkweb_144代码蓝黄同步 Signed-off-by: jiujiaoxiaogula <sujiahao10@huawei.com> Change-Id: I00194d339064f999dedfc211cd5af5501cbed0fb | 3 个月前 | |
[libsampler] Migrate to newer fuchsia syscall zx_task_suspend_token was deprecated in favor of the newer zx_task_suspend API. This change migrates a use of the old API to the newer one. Change-Id: I682df70ebaee2f114946026a0ef41fbf873d7d2c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6866555 Auto-Submit: Suraj Malhotra <surajmalhotra@google.com> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/main@{#102035} | 10 个月前 | |
2026.03.30 arkweb_144代码蓝黄同步 Signed-off-by: jiujiaoxiaogula <sujiahao10@huawei.com> Change-Id: I00194d339064f999dedfc211cd5af5501cbed0fb | 3 个月前 | |
[v8] Fix CVE-491884710 CVE-470566252 CVE-484527367 CVE-483851888 CVE-495679730 CVE-487768771 CVE-496301615 CVE-486927780 TicketNo: DTS2026040900445 Description: [v8] Fix CVE Team:gitcode Feature or Bugfix: Binary Source: sync from gitcode PrivateCode(Yes/No):No Change-Id: I9cc86759f497b795aaa41f2cccab2efc3892eb26 Reviewed-by: j30014474,y00500721 Approved-by: y00500721 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/540 Merged-by: public pjenkins Signed-off-by: gaojunyu <gaojunyu2@h-partners.com> revert merge request: DTS2026012010158 [v8] Fix CVE 64df2ca2a94233d7fa209bb3244843ceb12235ca This revert merge request !452 | 1 个月前 | |
[runtime] Resurrect add operation in xorshift128+ implementation ... which was accidentally removed in https://crrev.com/c/1238551. Bug: 456384547 Change-Id: I5640493f7b5376edca476698195d4b823657414f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7169184 Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#103799} | 7 个月前 | |
[v8] Fix CVE-491884710 CVE-470566252 CVE-484527367 CVE-483851888 CVE-495679730 CVE-487768771 CVE-496301615 CVE-486927780 TicketNo: DTS2026040900445 Description: [v8] Fix CVE Team:gitcode Feature or Bugfix: Binary Source: sync from gitcode PrivateCode(Yes/No):No Change-Id: I9cc86759f497b795aaa41f2cccab2efc3892eb26 Reviewed-by: j30014474,y00500721 Approved-by: y00500721 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/540 Merged-by: public pjenkins Signed-off-by: gaojunyu <gaojunyu2@h-partners.com> revert merge request: DTS2026012010158 [v8] Fix CVE 64df2ca2a94233d7fa209bb3244843ceb12235ca This revert merge request !452 | 1 个月前 | |
TicketNo:DTS2026040312077;DTS2026040207037;DTS2026040207036;DTS2026040135724;DTS2026040135722;DTS2026032818442;DTS2026032530470;DTS2026032530464;DTS2026031327981;DTS2026031222703;DTS2026031222694;DTS2026031222686;DTS2026031222671;DTS2026031222662;DTS2026031222654 Description:【CVE-2026-4450】【487746373】【490642836】【CVE-2026-4457】【488803413】[CVE-2026-4461][490558172][489159859][481749436][491191100][492077213][496629079][472181383][480442279][481295170][485784597][474402856][483220222] Team:v8 Feature or Bugfix:Bugfix Binary Source:No PrivateCode(Yes/No):No Change-Id: Iae84c8fcc36a25b1936ec0997008368f70096cd6 Reviewed-by: y00500721 Approved-by: w00518651 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/534 Merged-by: public pjenkins Signed-off-by: Marja Hölttä <marja@chromium.org> | 1 个月前 | |
heap_dump_1 for jsvm TicketNo: AR20260205251565 Description: heap_dump_1 for jsvm Team:gitee Feature or Bugfix: Binary Source: sync from gitee PrivateCode(Yes/No):No Change-Id: I2c4bf8190cab99d9278a68c3c7f94092f0507054 Reviewed-by: y00500721 Approved-by: w00518651 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/558 Merged-by: public pjenkins Signed-off-by: huanghan18 <huanghan18@huawei.com> revert merge request: AR20260205251565 heap_dump_1 for jsvm 5fae5665635fc7a1b52e325454044501fafec68e This revert merge request !453 | 1 个月前 | |
[regexp] Restrict BTI to indirect jump targets in RegExpCodeGenerator Previously we added BTI instructions (for CFI) to all jump targets in the RegExpCodeGenerator, but adding them for jump targets of PushBacktrack is enough, as Backtrack is the only bytecode generating indirect jumps. Bug: 437003349 Change-Id: I1544df951f130f2716d39f6d0adba16b09d44913 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7207297 Commit-Queue: Patrick Thier <pthier@chromium.org> Reviewed-by: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#103980} | 7 个月前 | |
[v8] Fix CVE-498095290 495751197 497404188 TicketNo: DTS2026041307131 Description: [v8] Fix CVE Team:gitcode Feature or Bugfix: Binary Source: sync from gitcode PrivateCode(Yes/No):No Change-Id: I0685a6966e3fe17da7b8bb20d56b9699d170e9ba Reviewed-by: z30069899,y00500721 Approved-by: y00500721 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/552 Merged-by: public pjenkins Signed-off-by: gaojunyu <gaojunyu2@h-partners.com> revert merge request: DTS2026041307131 [v8] CVE-498095290 495751197 497404188 8ac5be1238b0a137cdb8cbe2561e68832faedf46 This revert merge request !454 | 1 个月前 | |
[v8] Fix CVE-498095290 495751197 497404188 TicketNo: DTS2026041307131 Description: [v8] Fix CVE Team:gitcode Feature or Bugfix: Binary Source: sync from gitcode PrivateCode(Yes/No):No Change-Id: I0685a6966e3fe17da7b8bb20d56b9699d170e9ba Reviewed-by: z30069899,y00500721 Approved-by: y00500721 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/552 Merged-by: public pjenkins Signed-off-by: gaojunyu <gaojunyu2@h-partners.com> revert merge request: DTS2026041307131 [v8] CVE-498095290 495751197 497404188 8ac5be1238b0a137cdb8cbe2561e68832faedf46 This revert merge request !454 | 1 个月前 | |
TicketNo:DTS2026040312077;DTS2026040207037;DTS2026040207036;DTS2026040135724;DTS2026040135722;DTS2026032818442;DTS2026032530470;DTS2026032530464;DTS2026031327981;DTS2026031222703;DTS2026031222694;DTS2026031222686;DTS2026031222671;DTS2026031222662;DTS2026031222654 Description:【CVE-2026-4450】【487746373】【490642836】【CVE-2026-4457】【488803413】[CVE-2026-4461][490558172][489159859][481749436][491191100][492077213][496629079][472181383][480442279][481295170][485784597][474402856][483220222] Team:v8 Feature or Bugfix:Bugfix Binary Source:No PrivateCode(Yes/No):No Change-Id: Iae84c8fcc36a25b1936ec0997008368f70096cd6 Reviewed-by: y00500721 Approved-by: w00518651 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/534 Merged-by: public pjenkins Signed-off-by: Marja Hölttä <marja@chromium.org> | 1 个月前 | |
2026.03.30 arkweb_144代码蓝黄同步 Signed-off-by: jiujiaoxiaogula <sujiahao10@huawei.com> Change-Id: I00194d339064f999dedfc211cd5af5501cbed0fb | 3 个月前 | |
[hole] Remove unneeded hole value checks Undo a bunch of work which added by-value hole checks. Originally we wanted to make holes fully unmapped, including their map pointer, so that potential hole values would have to be checked by pointer value rather than map checks. This turned out to be tricky, partially because the optimizing compiler could hoist map reads above hole checks, and partially because the extra hole value checks ended up with performance regressions. In https://crrev.com/c/7156717 we switched to keeping the holes' maps mapped with an unmapped payload after the map (very similar approach to the WasmNull). This means that all those hole checks we added are now unnecessary, since they were already covered by the existing map-based checks. We can also remove the --assert-hole-checked-by-value flag and fuzzing, since this is no longer an invariant we want to preserve. Bug: 434179415 Change-Id: I9399498d89592127e4291b8acffee83a3ba70052 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7206087 Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#103982} | 7 个月前 | |
Remove some unused includes (3) Mostly src/codegen, src/compiler, src/snapshot, src/utils. Bug: v8:13006 Change-Id: I2fb31acc749a7376e6f2a7424ed2e67ff479d971 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749178 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#81575} | 3 年前 | |
Add a de-opt state logging patch for DUMPLING. DUMPLING is a mode for differential fuzzers that compares the full state of optimized and unoptimized execution for arbitrary JS programs. The design goal of DUMPLING is to transparently extract execution states without any modification to JS or interference with the JIT compiler optimizations. Therefore, the hooks are inserted in a way that is not observable by any pass in the compilation pipeline. The hooking is implemented by emitting a single call instruction at every deoptimization point during the lowering phases to machine code of Maglev and TurboFan. More details in: https://www.ndss-symposium.org/ndss-paper/dumpling-fine-grained-differential-javascript-engine-fuzzing/ This patch was originally published on https://github.com/two-heart/dumpling-artifact-evaluation. Bug: 441467877 Change-Id: I3d29775e268bfc734bb1b8ee45ea5d7a10a2ed63 Co-authored-by: Mathias Payer <mathias.payer@gmail.com> Co-authored-by: Liam Wachter <liam.g.wachter@gmail.com> Co-authored-by: Flavio Toffalini<flavio87@gmail.com> Co-authored-by: Christian Wressnegger <intellisec.de@gmail.com> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7018469 Commit-Queue: Matthias Liedtke <mliedtke@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Matthias Liedtke <mliedtke@chromium.org> Cr-Commit-Position: refs/heads/main@{#103047} | 8 个月前 | |
2026.03.30 arkweb_144代码蓝黄同步 Signed-off-by: jiujiaoxiaogula <sujiahao10@huawei.com> Change-Id: I00194d339064f999dedfc211cd5af5501cbed0fb | 3 个月前 | |
TicketNo:DTS2026040312077;DTS2026040207037;DTS2026040207036;DTS2026040135724;DTS2026040135722;DTS2026032818442;DTS2026032530470;DTS2026032530464;DTS2026031327981;DTS2026031222703;DTS2026031222694;DTS2026031222686;DTS2026031222671;DTS2026031222662;DTS2026031222654 Description:【CVE-2026-4450】【487746373】【490642836】【CVE-2026-4457】【488803413】[CVE-2026-4461][490558172][489159859][481749436][491191100][492077213][496629079][472181383][480442279][481295170][485784597][474402856][483220222] Team:v8 Feature or Bugfix:Bugfix Binary Source:No PrivateCode(Yes/No):No Change-Id: Iae84c8fcc36a25b1936ec0997008368f70096cd6 Reviewed-by: y00500721 Approved-by: w00518651 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/534 Merged-by: public pjenkins Signed-off-by: Marja Hölttä <marja@chromium.org> | 1 个月前 | |
2026.03.30 arkweb_144代码蓝黄同步 Signed-off-by: jiujiaoxiaogula <sujiahao10@huawei.com> Change-Id: I00194d339064f999dedfc211cd5af5501cbed0fb | 3 个月前 | |
heap_dump_1 for jsvm TicketNo: AR20260205251565 Description: heap_dump_1 for jsvm Team:gitee Feature or Bugfix: Binary Source: sync from gitee PrivateCode(Yes/No):No Change-Id: I2c4bf8190cab99d9278a68c3c7f94092f0507054 Reviewed-by: y00500721 Approved-by: w00518651 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/558 Merged-by: public pjenkins Signed-off-by: huanghan18 <huanghan18@huawei.com> revert merge request: AR20260205251565 heap_dump_1 for jsvm 5fae5665635fc7a1b52e325454044501fafec68e This revert merge request !453 | 1 个月前 | |
[v8] Fix CVE-498095290 495751197 497404188 TicketNo: DTS2026041307131 Description: [v8] Fix CVE Team:gitcode Feature or Bugfix: Binary Source: sync from gitcode PrivateCode(Yes/No):No Change-Id: I0685a6966e3fe17da7b8bb20d56b9699d170e9ba Reviewed-by: z30069899,y00500721 Approved-by: y00500721 Merged-on: https://open.codehub.huawei.com/OpenSourceCenter_CR/openharmony-tpc/chromium_v8/-/change_requests/552 Merged-by: public pjenkins Signed-off-by: gaojunyu <gaojunyu2@h-partners.com> revert merge request: DTS2026041307131 [v8] CVE-498095290 495751197 497404188 8ac5be1238b0a137cdb8cbe2561e68832faedf46 This revert merge request !454 | 1 个月前 | |
[base] Replaces more uses of memcpy and friends with base::MemCopy base::MemCopy is faster than default memcpy. Replace the usages in a few heavy callsites: - base::internal::ZoneVector - base::Vector - libc trampolines for memcpy and memmove from generated code Change-Id: I16c9ff4b52699b9b125078ac390fd38dd6cd8f68 Bug: 448409803 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7206244 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#104018} | 7 个月前 | |
implement rapidhash secret generation Bug: 409717082 Change-Id: I471f33d66de32002f744aeba534c1d34f71e27d2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6733490 Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: snek <snek@chromium.org> Cr-Commit-Position: refs/heads/main@{#101499} | 11 个月前 | |
Add DIR_METADATA files to v8. Generate DIR_METADATA files and remove metadata from OWNERS files for v8. R=jkummerow@chromium.org, ochang@chromium.org, yangguo@chromium.org Bug: chromium:1113033 Change-Id: I82cbb62e438d82dbbc408e87120af39fa9da0afa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476680 Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> Auto-Submit: Edward Lesmes <ehmaldonado@chromium.org> Cr-Commit-Position: refs/heads/master@{#70669} | 5 年前 | |
Add DIR_METADATA files to v8. Generate DIR_METADATA files and remove metadata from OWNERS files for v8. R=jkummerow@chromium.org, ochang@chromium.org, yangguo@chromium.org Bug: chromium:1113033 Change-Id: I82cbb62e438d82dbbc408e87120af39fa9da0afa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476680 Reviewed-by: Adam Klein <adamk@chromium.org> Reviewed-by: Maya Lekova <mslekova@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> Auto-Submit: Edward Lesmes <ehmaldonado@chromium.org> Cr-Commit-Position: refs/heads/master@{#70669} | 5 年前 |
| 文件 | 最后提交记录 | 最后更新时间 |
|---|---|---|
| 1 个月前 | ||
| 8 个月前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 7 个月前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 3 个月前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 1 年前 | ||
| 3 个月前 | ||
| 3 个月前 | ||
| 1 个月前 | ||
| 7 个月前 | ||
| 1 个月前 | ||
| 8 个月前 | ||
| 1 个月前 | ||
| 7 个月前 | ||
| 7 个月前 | ||
| 1 个月前 | ||
| 3 个月前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 7 个月前 | ||
| 3 个月前 | ||
| 10 个月前 | ||
| 3 个月前 | ||
| 1 个月前 | ||
| 7 个月前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 7 个月前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 3 个月前 | ||
| 7 个月前 | ||
| 3 年前 | ||
| 8 个月前 | ||
| 3 个月前 | ||
| 1 个月前 | ||
| 3 个月前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 7 个月前 | ||
| 11 个月前 | ||
| 5 年前 | ||
| 5 年前 |