diff --git a/common.gypi b/common.gypi index 22ddea26774b22..5380757bf954ae 100644 --- a/common.gypi +++ b/common.gypi @@ -36,7 +36,7 @@ # Reset this number to 0 on major V8 upgrades. # Increment by one for each non-official patch applied to deps/v8. - 'v8_embedder_string': '-node.44', + 'v8_embedder_string': '-node.45', ##### V8 defaults for Node.js ##### diff --git a/deps/v8/src/regexp/regexp-bytecode-generator-inl.h b/deps/v8/src/regexp/regexp-bytecode-generator-inl.h index bd906fea153a21..2a6ffec9297f32 100644 --- a/deps/v8/src/regexp/regexp-bytecode-generator-inl.h +++ b/deps/v8/src/regexp/regexp-bytecode-generator-inl.h @@ -14,13 +14,13 @@ namespace v8 { namespace internal { void RegExpBytecodeGenerator::Emit(uint32_t byte, uint32_t twenty_four_bits) { - uint32_t word = ((twenty_four_bits << BYTECODE_SHIFT) | byte); - DCHECK(pc_ <= buffer_.length()); - if (pc_ + 3 >= buffer_.length()) { - Expand(); - } - *reinterpret_cast(buffer_.begin() + pc_) = word; - pc_ += 4; + DCHECK(is_uint24(twenty_four_bits)); + Emit32((twenty_four_bits << BYTECODE_SHIFT) | byte); +} + +void RegExpBytecodeGenerator::Emit(uint32_t byte, int32_t twenty_four_bits) { + DCHECK(is_int24(twenty_four_bits)); + Emit32((static_cast(twenty_four_bits) << BYTECODE_SHIFT) | byte); } void RegExpBytecodeGenerator::Emit16(uint32_t word) { diff --git a/deps/v8/src/regexp/regexp-bytecode-generator.cc b/deps/v8/src/regexp/regexp-bytecode-generator.cc index e82b67b530a707..16f693c6a03999 100644 --- a/deps/v8/src/regexp/regexp-bytecode-generator.cc +++ b/deps/v8/src/regexp/regexp-bytecode-generator.cc @@ -161,8 +161,10 @@ bool RegExpBytecodeGenerator::Succeed() { void RegExpBytecodeGenerator::Fail() { Emit(BC_FAIL, 0); } void RegExpBytecodeGenerator::AdvanceCurrentPosition(int by) { - DCHECK_LE(kMinCPOffset, by); - DCHECK_GE(kMaxCPOffset, by); + // TODO(chromium:1166138): Turn back into DCHECKs once the underlying issue + // is fixed. + CHECK_LE(kMinCPOffset, by); + CHECK_GE(kMaxCPOffset, by); advance_current_start_ = pc_; advance_current_offset_ = by; Emit(BC_ADVANCE_CP, by); diff --git a/deps/v8/src/regexp/regexp-bytecode-generator.h b/deps/v8/src/regexp/regexp-bytecode-generator.h index fdb9b468619d60..0b4656f6633ad0 100644 --- a/deps/v8/src/regexp/regexp-bytecode-generator.h +++ b/deps/v8/src/regexp/regexp-bytecode-generator.h @@ -85,6 +85,7 @@ class V8_EXPORT_PRIVATE RegExpBytecodeGenerator : public RegExpMacroAssembler { inline void Emit16(uint32_t x); inline void Emit8(uint32_t x); inline void Emit(uint32_t bc, uint32_t arg); + inline void Emit(uint32_t bc, int32_t arg); // Bytecode buffer. int length(); void Copy(byte* a); diff --git a/deps/v8/test/mjsunit/mjsunit.status b/deps/v8/test/mjsunit/mjsunit.status index 42f0b970d3644f..1fb864e04a86fe 100644 --- a/deps/v8/test/mjsunit/mjsunit.status +++ b/deps/v8/test/mjsunit/mjsunit.status @@ -73,6 +73,9 @@ # Enable once multi-byte prefixed opcodes are correctly handled 'regress/wasm/regress-1065599': [SKIP], + # https://crbug.com/1166138 + 'regress/regress-1166138': SKIP, + ############################################################################## # Tests where variants make no sense. 'd8/enable-tracing': [PASS, NO_VARIANTS], diff --git a/deps/v8/test/mjsunit/regress/regress-1166138.js b/deps/v8/test/mjsunit/regress/regress-1166138.js new file mode 100644 index 00000000000000..b1a5d6b7bb8651 --- /dev/null +++ b/deps/v8/test/mjsunit/regress/regress-1166138.js @@ -0,0 +1,7 @@ +// Copyright 2020 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +let badregexp = "(?:" + " ".repeat(32768*2)+ ")*"; +reg = RegExp(badregexp); +reg.test()