AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
35,074 Commits 1 Branch 0 Tags 839 MiB
C++ 67.6%
JavaScript 30.1%
Python 1.2%
C 0.3%
TypeScript 0.3%
Other 0.4%
d0a047d440
Go to file
bmeurer d0a047d440 Revert of [compiler] Properly validate stable map assumption for globals. (patchset #3 id:40001 of https://codereview.chromium.org/2444233004/ ) 
Reason for revert:
Breaks tree: http://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/8789

Original issue's description:
> [compiler] Properly validate stable map assumption for globals.
>
> For global object property cells, we did not check that the map on the
> previous object is still the same for which we actually optimized. So
> the optimized code was not in sync with the actual state of the property
> cell. When loading from such a global object property cell, Crankshaft
> optimizes away any map checks (based on the stable map assumption),
> leading to arbitrary memory access in the worst case.
>
> TurboFan has the same bug for stores, but is safe on loads because we
> do appropriate map checks there. However mixing TurboFan and Crankshaft
> still exposes the bug.
>
> R=yangguo@chromium.org
> BUG=chromium:659475

TBR=yangguo@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:659475

Review-Url: https://codereview.chromium.org/2454513003
Cr-Commit-Position: refs/heads/master@{#40582}
2016-10-26 11:11:43 +00:00
benchmarks Revert "Refactoring: Make gtest testsuite the default." 2014-09-02 09:17:26 +00:00
build_overrides [inspector] enable inspector by default 2016-10-25 07:13:48 +00:00
docs [Docs] Removed unused docs because they are moved to GitHub 2015-11-19 10:23:30 +00:00
gni [inspector] expose js_protocol.json file location in BUILD file 2016-10-12 14:11:21 +00:00
gypfiles [debugger] basic test infrastructure for new debugger test api. 2016-10-21 06:38:05 +00:00
include [wasm] Avoid double-serializing the wire bytes 2016-10-22 15:15:04 +00:00
infra [CQ] Temporarily reduce coverage bot's frequency 2016-10-19 12:13:40 +00:00
samples Reland of land "Turn libbase into a component" (patchset #1 id:1 of https://codereview.chromium.org/2396933002/ ) 2016-10-07 07:56:52 +00:00
src Revert of [compiler] Properly validate stable map assumption for globals. (patchset #3 id:40001 of https://codereview.chromium.org/2444233004/ ) 2016-10-26 11:11:43 +00:00
test Revert of [compiler] Properly validate stable map assumption for globals. (patchset #3 id:40001 of https://codereview.chromium.org/2444233004/ ) 2016-10-26 11:11:43 +00:00
testing Use GTEST_LANG_CXX11 in V8 2016-07-25 13:06:42 +00:00
third_party/binutils Update binutils version to match Chromium. 2016-07-08 07:03:29 +00:00
tools [test] Remove verbose output printing on windows. 2016-10-26 09:32:13 +00:00
.clang-format [formatting] Remove the formatting requirement for 2 empty lines between declarations. 2016-01-25 09:50:17 +00:00
.gitignore [inspector] added closure compiler into DEPS 2016-09-23 19:05:23 +00:00
.gn Disentangle gyp and gn files 2016-09-14 19:02:41 +00:00
.ycm_extra_conf.py Use C++11 / gnu++11, not 0x 2016-03-22 15:24:43 +00:00
AUTHORS [crankshaft] Eliminate unnecessary ToNumber call 2016-10-17 09:27:39 +00:00
BUILD.gn [crankshaft] Refactor kAllowUndefinedAsNaN to kTruncatingToNumber. 2016-10-26 08:04:49 +00:00
ChangeLog [Release] Update ChangeLog file 2016-02-17 21:29:09 +00:00
CODE_OF_CONDUCT.md Explicitly state that the Chromium Code of Conduct also applies to V8 2016-03-02 09:51:24 +00:00
codereview.settings Use v8-reviews@ for review mail, so v8-dev@ is free for dev discussions 2015-09-09 08:14:11 +00:00
DEPS Update V8 DEPS. 2016-10-23 13:35:16 +00:00
LICENSE Updates to the license information of third party components. 2015-06-16 12:37:50 +00:00
LICENSE.fdlibm Add LICENSE.fdlibm for all the fdlibm imported sources. 2016-06-09 07:17:03 +00:00
LICENSE.strongtalk Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
LICENSE.v8 Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
LICENSE.valgrind Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
Makefile Remove NaCl support. 2016-07-27 07:50:31 +00:00
Makefile.android [build] Fix d8-for-Android builds 2016-05-20 12:10:45 +00:00
OWNERS Remove oth from OWNERS 2016-09-05 13:38:25 +00:00
PRESUBMIT.py Fix BUILD.gn files and add presubmit step 2016-09-19 10:59:41 +00:00
README.md [Docs] Removed unused docs because they are moved to GitHub 2015-11-19 10:23:30 +00:00
snapshot_toolchain.gni Use clang for snapshot_toolchain by default, except on ChromeOS. 2016-08-23 14:04:27 +00:00
WATCHLISTS [inspector] added devtools-reviews@chromium.org in WATCHLISTS for inspector 2016-09-29 15:16:54 +00:00

README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://github.com/v8/v8/wiki

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned on the V8 wiki.