AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
65,277 Commits 1 Branch 0 Tags 839 MiB
C++ 67.6%
JavaScript 30.1%
Python 1.2%
C 0.3%
TypeScript 0.3%
Other 0.4%
4c28563bd7
Go to file
Simon Zünd 4c28563bd7 Fix crash in JSPromise::Resolve when 'then' getter is terminating 
The crash scenario is as follows:
  1) Add a getter for 'then' to the Object prototype that is
     considered side-effecting.
  2) Evaluate a simple string using 'REPL' mode with side-effect checks
     enabled.
     Note: REPL mode is not strictly necessary, but it causes a 'then'
     lookup as the evaluation result is not a promise.
  3) Calling the 'then' getter causes a termination exception, due
     to the side-effect check. JSPromise::Resolve then tries to
     put the termination exception as the reject reason, which causes
     a CHECK failure.

The solution is to check for termination in the "abrupt completion"
case when 'then' was retrieved.

Bug: chromium:1140845
Change-Id: I72b644cd49355cea40f599fcbe80264e99ed7bd6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2501283
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70785}
2020-10-27 09:06:52 +00:00
build_overrides tracing: Enable using Perfetto client library from Chromium 2020-05-11 11:17:57 +00:00
custom_deps Use relative paths to OWNERS files 2019-08-12 13:52:52 +00:00
docs Add OWNERS for docs/ 2019-05-15 12:06:15 +00:00
gni tracing: Update proto library build rule and roll Perfetto 2020-10-07 12:49:09 +00:00
include Reland "cppgc: Port backing store compaction." 2020-10-23 14:42:30 +00:00
infra stop gcc debug builder from closing the tree 2020-10-20 15:27:07 +00:00
samples cppgc: Use libplatform as default platform 2020-10-08 18:16:52 +00:00
src Fix crash in JSPromise::Resolve when 'then' getter is terminating 2020-10-27 09:06:52 +00:00
test Fix crash in JSPromise::Resolve when 'then' getter is terminating 2020-10-27 09:06:52 +00:00
testing build: Remove no-op calls to set_sources_assignment_filter 2020-10-08 14:44:01 +00:00
third_party [csa][cleanup] Remove ParameterMode/TNodify StoreFixedDoubleArrayElement 2020-08-26 17:14:44 +00:00
tools [tools] Remove map-processor 2020-10-26 17:40:50 +00:00
.clang-format [clang-format] Don't derive pointer alignment 2017-01-17 09:28:19 +00:00
.clang-tidy [tool] Remove unfixed clang-tidy warnings to ease use. 2018-10-26 07:40:32 +00:00
.editorconfig Add .editorconfig 2017-07-28 13:39:24 +00:00
.flake8 Add .flake8 to allow for python style checking. 2019-07-19 21:44:03 +00:00
.git-blame-ignore-revs [infra] Update .git-blame-ignore-revs 2020-03-03 12:59:13 +00:00
.gitattributes .gitattributes: Mark minified emscripten js files as -diff 2018-09-19 16:27:10 +00:00
.gitignore Revert "[presubmit] Add JS formatting for tools/system-analyzer" 2020-07-17 10:33:40 +00:00
.gn [build] Dynamically decide if to use system xcode 2019-07-29 08:20:24 +00:00
.vpython [tools] Implement confidence-based number of runs 2019-05-09 09:42:28 +00:00
.ycm_extra_conf.py Fix ycm config for headers without source 2019-12-09 11:59:21 +00:00
AUTHORS perf: make GetPositionInfoSlow() faster 2020-10-27 07:15:01 +00:00
BUILD.gn Reland "cppgc: Port backing store compaction." 2020-10-23 14:42:30 +00:00
CODE_OF_CONDUCT.md
codereview.settings Make Gerrit the default code review for V8 2017-06-30 17:37:37 +00:00
COMMON_OWNERS Adding vahl@ to the common owners to be able to handle 2020-08-21 09:04:56 +00:00
DEPS Update V8 DEPS. 2020-10-27 04:01:43 +00:00
DIR_METADATA Add DIR_METADATA files to v8. 2020-10-20 22:12:28 +00:00
ENG_REVIEW_OWNERS Add eng review owners as escalation path 2019-05-15 19:12:10 +00:00
INFRA_OWNERS Add team members as owners 2020-08-18 08:29:04 +00:00
INTL_OWNERS add ftang as owner 2020-04-24 19:19:36 +00:00
LICENSE [wasm] Draft version of C/C++ Wasm API 2019-04-17 16:00:26 +00:00
LICENSE.fdlibm Add LICENSE.fdlibm for all the fdlibm imported sources. 2016-06-09 07:17:03 +00:00
LICENSE.strongtalk
LICENSE.v8
MIPS_OWNERS Move architecture dependent files 2019-05-28 14:02:15 +00:00
OWNERS Add DIR_METADATA files to v8. 2020-10-20 22:12:28 +00:00
PPC_OWNERS Adding Red Hat to the list of Authorized contributors. 2020-09-16 12:34:39 +00:00
PRESUBMIT.py [presubmit] Allow use of test functions in runtime-test.cc 2020-08-10 12:12:55 +00:00
README.md [docs] Change links from old wiki to v8.dev 2019-03-07 12:13:30 +00:00
S390_OWNERS Adding Red Hat to the list of Authorized contributors. 2020-09-16 12:34:39 +00:00
WATCHLISTS Stop watching for API changes in WATCHLISTS 2020-04-08 07:06:45 +00:00

README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://v8.dev/docs

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned at v8.dev/docs/contribute.