jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-20 14:13:06 +00:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity
13,162 Commits 67 Branches 878 Tags 2.1 GiB
e9192249c8
Commit Graph

274 Commits

Author SHA1 Message Date
Ben Noordhuis
d78a3787d2 deps: cherry-pick r21466 from v8 trunk 
Check for cached transition to ExternalArray elements kind.
See [1] and [2] for details.

[1] https://code.google.com/p/v8/issues/detail?id=3337
[2] https://codereview.chromium.org/291193011

Signed-off-by: Fedor Indutny <fedor@indutny.com>
 2014-06-12 17:46:18 -07:00
Ben Noordhuis
3a280b2034 deps: upgrade v8 to 3.26.33 
Signed-off-by: Fedor Indutny <fedor@indutny.com>
 2014-06-12 17:46:17 -07:00
Ben Noordhuis
67e078094b deps: upgrade v8 to 3.25.30 2014-04-02 00:05:24 +04:00
Trevor Norris
8d6fa72d97 v8: upgrade to 3.24.35.22 2014-04-01 11:46:28 -07:00
Fedor Indutny
4d140746f0 deps: update v8 to 3.24.35.17 2014-03-18 00:33:01 +04:00
Fedor Indutny
0c5a0ecc7c deps: allow allocations in gc epilogue/prologue 
See https://codereview.chromium.org/177243012/
 2014-03-13 20:56:56 +04:00
Fedor Indutny
1c7bf245dc deps: update v8 to 3.24.40 2014-03-13 20:56:54 +04:00
Timothy J Fontaine
95b8a75d5e v8: Upgrade to 3.22.24.19 2014-01-28 17:16:28 -08:00
Trevor Norris
f78e5df854 v8: upgrade to 3.22.24.17 2014-01-23 12:26:51 -08:00
Fedor Indutny
8803aa3af7 deps: update v8 to 3.22.24.9 2013-12-14 03:16:52 +04:00
Fedor Indutny
6b4dc61322 Merge branch 'v0.10' 
Conflicts:
	deps/v8/src/elements-kind.cc
	deps/v8/src/elements-kind.h
	deps/v8/src/hydrogen-instructions.h
	deps/v8/src/hydrogen.cc
	deps/v8/src/lithium.cc
	deps/v8/src/lithium.h
 2013-12-14 03:03:50 +04:00
jkummerow@chromium.org
39e2426b20 v8: backport fix for CVE-2013-{6639|6640} 
Quoting CVE-2013-6639:

    The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8
    before 3.22.24.7, as used in Google Chrome before 31.0.1650.63,
    allows remote attackers to cause a denial of service (out-of-bounds
    write) or possibly have unspecified other impact via JavaScript code
    that sets the value of an array element with a crafted index.

Quoting CVE-2013-6640:

    The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8
    before 3.22.24.7, as used in Google Chrome before 31.0.1650.63,
    allows remote attackers to cause a denial of service (out-of-bounds
    read) via JavaScript code that sets a variable to the value of an
    array element with a crafted index.

Like 6b92a7, this is unlikely to affect node.js because it only runs
local, trusted code.  However, if there exists some module somewhere
that populates an array index with remotely provided data this could
very well be used to crash a remote server running node.  Defense in
depth and all.

This is a backport of upstream commit r17801. Original commit log:

    Limit size of dehoistable array indices

    LOG=Y
    BUG=chromium:319835,chromium:319860
    R=dslomov@chromium.org

    Review URL: https://codereview.chromium.org/74113002
 2013-12-14 02:55:29 +04:00
Timothy J Fontaine
b73967e9a0 v8: upgrade to 3.22.24.5 2013-11-18 15:01:38 -08:00
Ben Noordhuis
f230a1cf74 v8: upgrade to 3.22.24 
This commit removes the simple/test-event-emitter-memory-leak test for
being unreliable with the new garbage collector: the memory pressure
exerted by the test case is too low for the garbage collector to kick
in.  It can be made to work again by limiting the heap size with the
--max_old_space_size=x flag but that won't be very reliable across
platforms and architectures.
 2013-11-11 02:40:36 +01:00
Ben Noordhuis
3dcc9b93e1 v8: unbreak make native build 
The security fix from commit 6b92a713 also back-ported the test case.
Said test case relies on API that is only available in newer versions
of V8 and, as a result, broke the `make native` and `make <arch.mode>`
builds.  This commit reverts that part of the back-port.  Fixes the
following build error:

  ../test/cctest/test-api.cc: In function ‘void TestRegress260106()’:
  ../test/cctest/test-api.cc:17712:34: error: ‘class v8::Context’ has
  no member named ‘GetIsolate’
 2013-11-09 22:27:22 +01:00
Timothy J Fontaine
a53c763c16 v8: upgrade 3.21.18.3 2013-10-23 09:17:31 -07:00
Timothy J Fontaine
85898d1967 v8: upgrade to 3.20.17.13 
fixes #6235
 2013-09-26 09:19:50 -07:00
Ben Noordhuis
14687ebfc0 Revert "deps: update v8 to 3.20.17.11" 
After the upgrade from 3.20.17.7 to 3.20.17.11, we've begun hitting
random assertions in V8 in memory-constrained / GC-heavy situations.

The assertions all seem to be related to heap allocations and garbage
collection but apart from that, they're all over the place.

This reverts commit 970bdccc38.
 2013-09-24 16:16:04 +02:00
Fedor Indutny
970bdccc38 deps: update v8 to 3.20.17.11 
fix #6235
 2013-09-23 20:26:57 +04:00
Fedor Indutny
a1cf3ada62 deps: update v8 to 3.20.17.7 2013-09-18 20:33:28 +04:00
Trevor Norris
26bc8db33f v8: upgrade to 3.20.17 2013-08-27 15:18:12 -07:00
Ben Noordhuis
f69be329f0 v8: upgrade v8 to 3.20.14.1 2013-08-10 16:27:43 +02:00
mstarzinger@chromium.org
6b92a71321 v8: back-port fix for CVE-2013-2882 
Quoting the CVE:

    Google V8, as used in Google Chrome before 28.0.1500.95, allows
    remote attackers to cause a denial of service or possibly have
    unspecified other impact via vectors that leverage "type confusion."

Likely has zero impact on node.js because it only runs local, trusted
code but let's apply it anyway.

This is a back-port of upstream commit r15665. Original commit log:

    Use internal array as API function cache.

    R=yangguo@chromium.org
    BUG=chromium:260106
    TEST=cctest/test-api/Regress260106

    Review URL: https://codereview.chromium.org/19159003

Fixes #5973.
 2013-08-05 18:17:24 +02:00
Ben Noordhuis
2fc47ab10b v8: upgrade v8 to 3.20.11 2013-07-30 17:14:55 +02:00
Ben Noordhuis
1bd711c8a0 v8: upgrade to v8 3.20.9 2013-07-29 21:21:03 +02:00
Trevor Norris
5777d7ab30 v8: upgrade to v8 3.20.7 2013-07-22 15:53:10 -07:00
Ben Noordhuis
704fd8f374 v8: upgrade to v3.20.2 2013-07-06 16:53:06 +02:00
Ben Noordhuis
41fc46e52f v8: add setVariableValue debugger command 
Issue 2399 part 1: In debugger allow modifying local variable values
Issue 2399 part 2: In debugger allow modifying local variable values

Review URL: https://codereview.chromium.org/11415042
Review URL: https://codereview.chromium.org/11412310

This is a back-port of upstream svn commits r13122 and r13202.
 2013-06-17 15:24:45 +02:00
Ben Noordhuis
6dd78074a3 v8: upgrade to v3.19.13 2013-06-11 23:46:00 +02:00
Trevor Norris
506fc4de1e v8: upgrade to v3.19.3 2013-05-22 13:13:11 -07:00
Ben Noordhuis
7ee538ddfe deps: upgrade v8 to 3.19.0 2013-05-13 03:28:40 +02:00
Ben Noordhuis
2f75785c01 deps: upgrade v8 to 3.18.4 2013-04-29 22:35:21 +02:00
isaacs
50624a50ee V8: Upgrade to 3.18.1 2013-04-19 10:50:44 -07:00
Ben Noordhuis
9f682265d6 deps: upgrade v8 to 3.18.0 2013-04-17 16:10:37 +02:00
Ben Noordhuis
587e83c6d6 v8: upgrade to 3.17.16 2013-04-08 20:35:27 +02:00
Trevor Norris
83261e789e deps: update v8 to 3.17.13 2013-03-20 01:11:01 +01:00
isaacs
81c278d58d V8: Upgrade to 3.14.5.8 2013-03-06 12:59:58 -08:00
Ben Noordhuis
b15a10e7a0 deps: downgrade v8 to 3.14.5 
V8 3.15 and newer have stability and performance issues. Roll back to
a known-good version.
 2013-02-25 23:45:02 +01:00
isaacs
0c2e5ec840 V8: Upgrade to 3.15.11.15 2013-02-08 17:17:45 -08:00
isaacs
8024252877 V8: Upgrade to 3.15.11.10 2013-01-24 09:10:01 -08:00
Fedor Indutny
d22bd9e3c4 deps: update v8 to 3.15.11.7 2013-01-12 00:10:45 +04:00
Fedor Indutny
0054264d88 v8: update to 3.15.11.5 2013-01-04 15:44:47 +04:00
Fedor Indutny
7b4d95a976 deps: update v8 to 3.15.11 2013-01-01 16:07:02 +04:00
Ben Noordhuis
1e738c5ef2 build: make python executable configurable 
Upstreamed in https://codereview.chromium.org/11418101/

Fixes #4287.
 2012-11-20 22:47:45 +01:00
isaacs
95c9305874 V8: Upgrade to 3.13.7.4 2012-10-23 11:48:55 -07:00
isaacs
3411a03dd1 V8: Upgrade to 3.13.7.1 2012-09-21 01:52:24 +02:00
Fedor Indutny
052e63f27f v8: fix semaphore on MacOS 
Landed upstream: https://chromiumcodereview.appspot.com/10867009/
 2012-09-06 16:07:40 +02:00
Bert Belder
4899116d4b v8: upgrade to 3.11.10.22 2012-09-06 15:58:09 +02:00
Bert Belder
2d9239359d v8: upgrade to v3.11.10.19 2012-08-21 03:04:16 +02:00
isaacs
f4f0daa44d V8: Upgrade to 3.11.10.17 2012-07-24 14:18:47 -07:00
isaacs
a0a0062d61 v8: upgrade to 3.11.10.15 2012-07-17 11:43:02 -07:00
isaacs
5b5c8b6005 v8: Upgrade to 3.11.10.14 2012-07-07 23:45:00 +02:00
Bert Belder
74872b0dc9 v8: upgrade to version 3.11.10.12 2012-06-26 02:03:24 +02:00
Bert Belder
6b26583e84 v8: upgrade to v3.11.10.10 2012-06-21 00:33:44 +02:00
erik.corry@gmail.com
f94b85db83 Revert part of 11727 as it sometimes tanked V8 benchmark (raytrace) performance for reasons that are not obvious. Now we make objects into fast-case objects when they are made prototypes for other objects, but we do not mark objects that are already fast case with a bit that helps keep them in fast case. Review URL: https://chromiumcodereview.appspot.com/10556004 
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@11831 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-06-19 17:56:50 +02:00
mstarzinger@chromium.org
c231321cd3 Fix assertion for map code cache of shared maps. 
R=danno@chromium.org
TEST=mjsunit/compare-known-objects-slow

Review URL: https://chromiumcodereview.appspot.com/10548046

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@11815 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-06-15 00:35:37 +02:00
mstarzinger@chromium.org
48893af7bb Fix performance regression caused by r11202. 
R=erik.corry@gmail.com
BUG=v8:2156,v8:2034
TEST=mjsunit/regress/regress-2156,mjsunit/regress/regress-2034

Review URL: https://chromiumcodereview.appspot.com/10539131

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@11800 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-06-14 01:37:14 +02:00
Bert Belder
50464cd4f4 v8: upgrade to v3.11.10 2012-06-14 01:37:13 +02:00
isaacs
940a6863ea Roll V8 back to 3.9.24.31 2012-06-09 08:09:42 -07:00
isaacs
46b09e4190 Roll V8 back to 3.10.8.13 2012-06-07 17:54:21 -07:00
isaacs
cbdf3393a2 Upgrade v8 to 3.11.7 2012-06-01 22:31:04 -07:00
isaacs
3f3f958c14 Upgrade V8 to 3.11.1 2012-05-16 14:22:33 -07:00
isaacs
01d146c29f Merge remote-tracking branch 'ry/v0.6' into v0.6-merge 
Conflicts:
	ChangeLog
	Makefile
	deps/npm/AUTHORS
	deps/npm/html/api/bin.html
	deps/npm/html/api/bugs.html
	deps/npm/html/api/commands.html
	deps/npm/html/api/config.html
	deps/npm/html/api/deprecate.html
	deps/npm/html/api/docs.html
	deps/npm/html/api/edit.html
	deps/npm/html/api/explore.html
	deps/npm/html/api/help-search.html
	deps/npm/html/api/init.html
	deps/npm/html/api/install.html
	deps/npm/html/api/link.html
	deps/npm/html/api/load.html
	deps/npm/html/api/ls.html
	deps/npm/html/api/npm.html
	deps/npm/html/api/outdated.html
	deps/npm/html/api/owner.html
	deps/npm/html/api/pack.html
	deps/npm/html/api/prefix.html
	deps/npm/html/api/prune.html
	deps/npm/html/api/publish.html
	deps/npm/html/api/rebuild.html
	deps/npm/html/api/restart.html
	deps/npm/html/api/root.html
	deps/npm/html/api/run-script.html
	deps/npm/html/api/search.html
	deps/npm/html/api/shrinkwrap.html
	deps/npm/html/api/start.html
	deps/npm/html/api/stop.html
	deps/npm/html/api/submodule.html
	deps/npm/html/api/tag.html
	deps/npm/html/api/test.html
	deps/npm/html/api/uninstall.html
	deps/npm/html/api/unpublish.html
	deps/npm/html/api/update.html
	deps/npm/html/api/version.html
	deps/npm/html/api/view.html
	deps/npm/html/api/whoami.html
	deps/npm/html/doc/README.html
	deps/npm/html/doc/adduser.html
	deps/npm/html/doc/bin.html
	deps/npm/html/doc/bugs.html
	deps/npm/html/doc/build.html
	deps/npm/html/doc/bundle.html
	deps/npm/html/doc/cache.html
	deps/npm/html/doc/changelog.html
	deps/npm/html/doc/coding-style.html
	deps/npm/html/doc/completion.html
	deps/npm/html/doc/config.html
	deps/npm/html/doc/deprecate.html
	deps/npm/html/doc/developers.html
	deps/npm/html/doc/disputes.html
	deps/npm/html/doc/docs.html
	deps/npm/html/doc/edit.html
	deps/npm/html/doc/explore.html
	deps/npm/html/doc/faq.html
	deps/npm/html/doc/folders.html
	deps/npm/html/doc/help-search.html
	deps/npm/html/doc/help.html
	deps/npm/html/doc/index.html
	deps/npm/html/doc/init.html
	deps/npm/html/doc/install.html
	deps/npm/html/doc/json.html
	deps/npm/html/doc/link.html
	deps/npm/html/doc/list.html
	deps/npm/html/doc/npm.html
	deps/npm/html/doc/outdated.html
	deps/npm/html/doc/owner.html
	deps/npm/html/doc/pack.html
	deps/npm/html/doc/prefix.html
	deps/npm/html/doc/prune.html
	deps/npm/html/doc/publish.html
	deps/npm/html/doc/rebuild.html
	deps/npm/html/doc/registry.html
	deps/npm/html/doc/removing-npm.html
	deps/npm/html/doc/restart.html
	deps/npm/html/doc/root.html
	deps/npm/html/doc/run-script.html
	deps/npm/html/doc/scripts.html
	deps/npm/html/doc/search.html
	deps/npm/html/doc/semver.html
	deps/npm/html/doc/shrinkwrap.html
	deps/npm/html/doc/star.html
	deps/npm/html/doc/start.html
	deps/npm/html/doc/stop.html
	deps/npm/html/doc/submodule.html
	deps/npm/html/doc/tag.html
	deps/npm/html/doc/test.html
	deps/npm/html/doc/uninstall.html
	deps/npm/html/doc/unpublish.html
	deps/npm/html/doc/update.html
	deps/npm/html/doc/version.html
	deps/npm/html/doc/view.html
	deps/npm/html/doc/whoami.html
	deps/npm/man/man1/npm.1
	deps/npm/man/man3/npm.3
	deps/npm/package.json
	doc/api/url.markdown
	lib/http.js
	src/node_version.h
	test/simple/test-fs-sync-fd-leak.js
 2012-05-04 15:12:47 -07:00
isaacs
6ed5ef5fe0 Upgrade V8 to 3.9.24.9 2012-04-18 09:36:44 -07:00
lrn@chromium.org
5d69bbfbdb Fix bug in x64 RegExp detecting start of string. 
Also add missing MIPS case in regexp tracer.

Fixes issues v8:1748 and v8:1746

BUG=v8:1748, v8:1746
TEST=mjsunit/regress/regress-1748.js

Review URL: http://codereview.chromium.org/8116001

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@9504 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
 2012-04-16 17:40:17 +02:00
Bert Belder
69ca83f755 Upgrade V8 to 3.6.6.25 2012-04-16 17:27:16 +02:00
isaacs
4b64542fe0 Upgrade V8 to 3.9.24.6 2012-03-28 19:51:38 -07:00
isaacs
e4fc2cbfd3 Upgrade v8 to 3.9.17 2012-03-12 21:46:36 -07:00
isaacs
2e24ded6d2 Upgrade v8 to 3.9.11 2012-02-27 13:43:31 -08:00
isaacs
f4641bd4de Update v8 to 3.9.9 2012-02-27 12:11:09 -08:00
isaacs
68a0c56a7d Upgrade V8 to 3.9.5 2012-02-13 10:05:16 -08:00
isaacs
8be699494e Upgrade V8 to 3.9.2 2012-02-06 15:21:49 -08:00
isaacs
05471f5c2a Update v8 to 3.8.9 2012-01-31 18:35:04 -08:00
isaacs
40879f33cd Upgrade V8 to 3.8.8 2012-01-23 17:16:27 -08:00
isaacs
4afc46d7bc Upgrade V8 to 3.6.6.19 2012-01-19 18:29:11 -08:00
Fedor Indutny
1695332941 Land number collision fix for v8 3.6 by Erik Corry 
- If V8 snapshots are enabled then the hash is only randomized at build time.

---
backport @10366, @10367 and @10402 to 3.6

Add seed to hash of numeric keyed properties.

Minor cleanups of numeric seeded hashing patch.

Split NumberDictionary into a randomly seeded and an unseeded version.
We don't want to randomize the stub cache.

Review URL: http://codereview.chromium.org/9190001/
 2012-01-17 22:22:52 +06:00
Ryan Dahl
60040a4f36 Upgrade V8 to 3.8.6 2012-01-16 14:37:57 -08:00
Ryan Dahl
8e5674fb5c Upgrade V8 to 3.8.5 2012-01-06 13:03:06 -08:00
Bert Belder
4a899c9274 Land hash collision fix for V8 3.6 by Erik Corry. 
- If V8 snapshots are enabled then the hash is only randomized at build time.
- Breaks MIPS

---
Backport hash collision workaround to 3.6.
This is made up of 9956, 10351, 10338 and 10330.
This change bakes the string hash key into the snapshot, so
it is determined at build time for shapshot configs.
Review URL: http://codereview.chromium.org/9124004
 2012-01-06 17:02:01 +01:00
Ryan Dahl
557fc396b4 Upgrade V8 to 3.8.4 2012-01-03 11:46:53 -08:00
Ryan Dahl
b7c05e1b75 Upgrade V8 to 3.8.3 2011-12-28 14:13:50 -08:00
Ryan Dahl
4eaf4ce26a Upgrade V8 to 3.8.2 2011-12-21 10:54:24 -08:00
Ryan Dahl
21e7292ea0 Upgrade V8 to 3.8.1 2011-12-19 13:06:37 -08:00
Ryan Dahl
de3c16afae Upgrade V8 to 3.6.6.14 2011-12-14 16:33:11 -08:00
Ryan Dahl
b3a7de15b7 Upgrade V8 to 3.8.0 2011-12-14 15:02:32 -08:00
Ryan Dahl
2003593143 Merge remote branch 'origin/v0.6' 
Conflicts:
	deps/v8/src/debug.cc
	deps/v8/src/version.cc
	src/node_version.h
 2011-12-06 11:50:54 -08:00
Ryan Dahl
21d081fd7f Upgrade V8 to 3.7.12 2011-12-05 16:29:01 -08:00
Ryan Dahl
1cf26e2bf1 Upgrade V8 to 3.6.6.11 2011-12-03 23:31:02 -08:00
Ryan Dahl
0ba8f05a42 Upgrade V8 to 3.6.6.7 2011-11-08 10:00:12 -08:00
Ryan Dahl
0e9c1ca673 Downgrade V8 to 3.6.4 2011-11-03 10:34:22 -07:00
Ben Noordhuis
edea4122b1 Revert "Upgrade V8 to 3.7.1" 
This reverts commit 92f5a5d3ca.

V8 3.7.1 in debug mode on ia32 has a curious race-like bug where an fs.Stats
object is not fully formed until some time after it's created. This is easy
to demonstrate by running `make test-debug`.

V8 3.7.0 does not exhibit this behaviour so back we go.

Fixes #1981.
 2011-11-02 16:58:35 +01:00
Ryan Dahl
92f5a5d3ca Upgrade V8 to 3.7.1 2011-10-27 00:48:23 -07:00
Ryan Dahl
33b5f2f779 Upgrade V8 to 3.7.0 2011-10-13 17:45:02 -07:00
Ryan Dahl
3b1d656da5 Revert "Upgrade V8 to 3.6.6" 
Not stable enough.
- Windows snapshot linking broken
- Linux crash on ./node_g test/simple/test-stream-pipe-multi.js

This reverts commit 56e6952e63.
 2011-10-10 17:58:30 -07:00
Ryan Dahl
56e6952e63 Upgrade V8 to 3.6.6 2011-10-10 11:52:42 -07:00
Ryan Dahl
1b15af9dd2 Upgrade V8 to 3.6.4 2011-09-15 09:42:06 -07:00
Ryan Dahl
03c2f62020 Upgrade V8 to 3.6.2 2011-09-08 16:11:20 -07:00
Ryan Dahl
0bca54444a Upgrade V8 to 3.6.1 2011-09-07 21:23:29 -07:00
Ryan Dahl
da00ff4999 Upgrade V8 to 3.5.9.1 2011-08-29 15:47:16 -07:00
Ryan Dahl
028908ab7c Upgrade V8 to 3.5.8 2011-08-26 13:07:04 -07:00