Go to file

jarin@chromium.org 65f4716b3f Handle store buffer slot overwrite during object promotion. The bad scenario this fix handles: We have a slot in a free list, then promote the object pointed-to by the slot during scavenge. When allocating the space for the promoted object, we overwrite the slot with the free list entry map if the object is allocated just before the slot. After the allocation, ScavengingVisitor::PromoteObject overwrites the slot with the address of the allocated object, thus corrupting the free list. Unfortunately, we do not have a way to construct a reliable repro case because we would need to somehow craft a free list and store buffer slot to be in the right configuration. R=hpayer@chromium.org BUG= Review URL: https://codereview.chromium.org/695213004 Cr-Commit-Position: refs/heads/master@{#25143} git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@25143 ce2b1a6d-e550-0410-aec6-3dcde31c8c00		2014-11-05 11:28:15 +00:00
benchmarks	Revert "Refactoring: Make gtest testsuite the default."	2014-09-02 09:17:26 +00:00
build	Remove deprecated lexer-shell.	2014-10-23 11:42:30 +00:00
include	Add debug mirror support for ES6 Map/Set iterators.	2014-11-04 10:02:43 +00:00
samples	Reland 24052 - Require V8 to be explicitly initialized before an Isolate is created	2014-09-19 08:01:35 +00:00
src	Handle store buffer slot overwrite during object promotion.	2014-11-05 11:28:15 +00:00
test	[turbofan] Propagate "deferredness" to dominated basic blocks.	2014-11-05 10:44:12 +00:00
testing	Remove v8stdint.h, it doesn't serve a purpose anymore.	2014-10-21 08:25:14 +00:00
tools	Add fast-variants feature to test driver.	2014-11-05 10:39:15 +00:00
.clang-format	Change clang-format config to allow for two empty lines between functions	2013-12-03 10:39:21 +00:00
.DEPS.git	Add android tools to v8's deps.	2014-08-28 11:09:46 +00:00
.gitignore	Make GIT ignore all turbo.cfg files.	2014-10-23 16:11:56 +00:00
AUTHORS	Improve String.repeat.	2014-10-17 10:01:38 +00:00
BUILD.gn	Introduce Diamond, a helper for building diamond-shaped control patterns.	2014-11-04 14:37:44 +00:00
ChangeLog	Sync change log file with trunk.	2014-05-19 15:29:29 +00:00
codereview.settings	Add PROJECT to v8	2014-06-23 15:33:19 +00:00
DEPS	Add android tools to v8's deps.	2014-08-28 11:09:46 +00:00
LICENSE	Update LICENSE date.	2014-02-18 10:50:22 +00:00
LICENSE.strongtalk	Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8	2011-02-03 07:10:06 +00:00
LICENSE.v8	Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8	2011-02-03 07:10:06 +00:00
LICENSE.valgrind	Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8	2011-02-03 07:10:06 +00:00
Makefile	Add turbocheck Makefile target.	2014-10-31 08:39:43 +00:00
Makefile.android	Update toolchain for Android mipsel, ia32, x87.	2014-08-19 11:20:42 +00:00
Makefile.nacl	Use the pnacl-clang toolchain for (P)NaCL builds	2014-10-06 08:10:50 +00:00
OWNERS	Revoke my own OWNERS bit.	2014-10-28 23:47:39 +00:00
PRESUBMIT.py	Add a PRESUBMIT check that production code does not call test code	2014-09-23 08:14:06 +00:00
README.md	Add README.md file	2014-10-20 11:37:06 +00:00
WATCHLISTS	Add myself to a watchlist for the public API.	2013-10-10 11:37:48 +00:00

README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://code.google.com/p/v8/

Getting the Code

V8 Git repository: https://chromium.googlesource.com/v8/v8.git GitHub mirror: https://github.com/v8/v8-git-mirror

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*