AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
51,399 Commits 1 Branch 0 Tags 839 MiB
C++ 67.6%
JavaScript 30.1%
Python 1.2%
C 0.3%
TypeScript 0.3%
Other 0.4%
ec969ea3b1
Go to file
peterwmwong ec969ea3b1 [builtins] Fix Array.p.join length overflow and invalid string length handling 
- Fixes and simplify allocating the temporary fixed array for ToString-ed elements.
  - When the array size is greater than representable by an intptr, it overflowed into a negative value causing a non-negative assert to fail.
  - Simplify fallback behavior by always allocating a conservatively sized temporary fixed array. Previously, if the array had dictionary elements, the temporary fixed array was sized based on %GetNumberDictionaryNumberOfElements() and then resized when entering the fallback.

- Fixes related invalid string length handling. When the running total of the resulting string length overflowed or exceeded String::kMaxLength, a RangeError is thrown. Previously, this thrown RangeError bypassed JoinStackPop and left the receiver on the stack.

Bug: chromium:897404
Change-Id: I157b71ef04ab06125a5b1c3454e5ed3713bdb591
Reviewed-on: https://chromium-review.googlesource.com/c/1293070
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56907}
2018-10-23 15:04:24 +00:00
benchmarks Reland: [builtins] Implement Array.prototype.slice in Torque 2018-10-19 21:27:19 +00:00
build_overrides [ndk] Change android ndk root for v8 2018-01-11 08:10:33 +00:00
custom_deps [build] Add common directory for custom deps 2018-06-08 19:23:02 +00:00
docs [Docs] Removed unused docs because they are moved to GitHub 2015-11-19 10:23:30 +00:00
gni [build] disable asan on Windows for Torque 2018-10-10 11:47:40 +00:00
include [api] Redesign the Isolate PrepareStackTrace API 2018-10-23 08:30:02 +00:00
infra [test] Fix comment in test configs 2018-10-23 13:27:53 +00:00
samples Add a sample that uses the JS API to create wasm 2018-06-07 23:43:38 +00:00
src [builtins] Fix Array.p.join length overflow and invalid string length handling 2018-10-23 15:04:24 +00:00
test [builtins] Fix Array.p.join length overflow and invalid string length handling 2018-10-23 15:04:24 +00:00
testing Remove dummy files created for rolling googletest. 2018-03-27 05:55:56 +00:00
third_party [array] Fix left-trimming in Array.p.sort 2018-10-23 13:58:54 +00:00
tools [test] Fix predictable builder after swarming switch 2018-10-23 13:24:53 +00:00
.clang-format [clang-format] Don't derive pointer alignment 2017-01-17 09:28:19 +00:00
.clang-tidy Add a tool/script to run clang-tidy over V8. 2018-09-11 12:01:09 +00:00
.editorconfig Add .editorconfig 2017-07-28 13:39:24 +00:00
.git-blame-ignore-revs [build] Add DEPS formatting to hyper-blame 2017-10-09 14:08:45 +00:00
.gitattributes .gitattributes: Mark minified emscripten js files as -diff 2018-09-19 16:27:10 +00:00
.gitignore Reland "[wasm] Add a new wasm-js testsuite to run js-api tests" 2018-10-18 20:18:55 +00:00
.gn [test] Remove obsolete test262 archive extract 2018-03-28 13:52:15 +00:00
.vpython [tools] Add VPython config for callstats.py 2018-08-14 10:15:46 +00:00
.ycm_extra_conf.py [ycm] Switch from gnu++11 to gnu++14 2017-11-27 07:48:21 +00:00
AUTHORS Add Windows ARM64 ABI support to V8 2018-10-23 08:45:48 +00:00
BUILD.gn [wasm] Move compilation-related structs to own header 2018-10-23 12:16:47 +00:00
ChangeLog [tools] Merge ChangeLog from latest release 2017-12-19 12:30:56 +00:00
CODE_OF_CONDUCT.md Explicitly state that the Chromium Code of Conduct also applies to V8 2016-03-02 09:51:24 +00:00
codereview.settings Make Gerrit the default code review for V8 2017-06-30 17:37:37 +00:00
DEPS Update V8 DEPS. 2018-10-22 04:25:13 +00:00
LICENSE Add antlr4 runtime library to support Torque 2018-04-10 10:01:01 +00:00
LICENSE.fdlibm Add LICENSE.fdlibm for all the fdlibm imported sources. 2016-06-09 07:17:03 +00:00
LICENSE.strongtalk Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
LICENSE.v8 Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
LICENSE.valgrind Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
OWNERS Reduce wasm OWNERS to current team members 2018-10-15 14:47:49 +00:00
PRESUBMIT.py Fix nits in presubmit.py and handling of .tq otherwise formatting 2018-09-25 15:37:39 +00:00
README.md [Docs] Removed unused docs because they are moved to GitHub 2015-11-19 10:23:30 +00:00
snapshot_toolchain.gni Add Windows ARM64 ABI support to V8 2018-10-23 08:45:48 +00:00
WATCHLISTS Add myself to the watch list. 2018-10-22 16:20:40 +00:00

README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://github.com/v8/v8/wiki

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned on the V8 wiki.