AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
41,734 Commits 1 Branch 0 Tags 839 MiB
C++ 67.6%
JavaScript 30.1%
Python 1.2%
C 0.3%
TypeScript 0.3%
Other 0.4%
ef0e835997
Go to file
Ulan Degenbaev ef0e835997 [heap] Fix clearing of slots in concurrent sweeper. 
This fixes an old bug uncovered by
https://chromium-review.googlesource.com/591651

The bug is a race between the concurrent sweeper clearing slots and
the mutator adding slots and trimming fixed array:

1) The sweeper starts sweeping a page with an existing fixed array.
2) The sweeper pre-caches the slots clearing mode by checking if the
   slot set pointer on the page is null or not. (This is the bug).
3) The mutator updates the fixed array such that new slots are added.
4) The mutator trims the fixed array such that the added slots are
   now in free space.
5) The sweeper adds the trimmed part of the fixed array to free list,
   but does not clear slots there because of the cached flag.
6) A new object is allocated from the free list entry and it has
   a bogus slot entry recorded.

Bug: chromium:752750
TBR: mlippautz@chromium.org
Change-Id: I4f70514fa05b692a27d992954cb4c314ef4cac07
Reviewed-on: https://chromium-review.googlesource.com/608047
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47242}
2017-08-09 11:03:09 +00:00
benchmarks Fix common misspellings 2017-08-02 09:35:28 +00:00
build_overrides Remove build_override for macOS min SDK and deployment target. 2017-07-14 18:24:44 +00:00
docs [Docs] Removed unused docs because they are moved to GitHub 2015-11-19 10:23:30 +00:00
gni add gn jumbo build support 2017-08-09 09:05:29 +00:00
gypfiles Fix common misspellings 2017-08-02 09:35:28 +00:00
include Add get current wall-clock time to the Platform 2017-08-09 05:55:23 +00:00
infra Update V8 DEPS. 2017-08-02 07:09:50 +00:00
samples Fix common misspellings 2017-08-02 09:35:28 +00:00
src [heap] Fix clearing of slots in concurrent sweeper. 2017-08-09 11:03:09 +00:00
test [parser] Alternative fix for chromium:740591 2017-08-09 10:54:09 +00:00
testing Use GTEST_LANG_CXX11 in V8 2016-07-25 13:06:42 +00:00
third_party Remove myself from non-toplevel owners files 2017-06-28 10:00:48 +00:00
tools [wasm] [debug] Implement calling imported wasm functions 2017-08-07 12:31:18 +00:00
.clang-format [clang-format] Don't derive pointer alignment 2017-01-17 09:28:19 +00:00
.editorconfig Add .editorconfig 2017-07-28 13:39:24 +00:00
.gitignore [wasm] Remove the wasm-asmjs fuzzer 2017-06-21 10:59:35 +00:00
.gn For building v8 using gn on aix_ppc64, linux_s390x and linux_ppc64(both LE and BE). 2017-05-12 01:35:09 +00:00
.ycm_extra_conf.py Use C++11 / gnu++11, not 0x 2016-03-22 15:24:43 +00:00
AUTHORS Update AUTHORS file for Facebook organization 2017-07-31 08:53:21 +00:00
BUILD.gn add gn jumbo build support 2017-08-09 09:05:29 +00:00
ChangeLog [Release] Update ChangeLog file 2016-02-17 21:29:09 +00:00
CODE_OF_CONDUCT.md Explicitly state that the Chromium Code of Conduct also applies to V8 2016-03-02 09:51:24 +00:00
codereview.settings Make Gerrit the default code review for V8 2017-06-30 17:37:37 +00:00
DEPS Update V8 DEPS. 2017-08-09 03:53:03 +00:00
LICENSE Updates to the license information of third party components. 2015-06-16 12:37:50 +00:00
LICENSE.fdlibm Add LICENSE.fdlibm for all the fdlibm imported sources. 2016-06-09 07:17:03 +00:00
LICENSE.strongtalk Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
LICENSE.v8 Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
LICENSE.valgrind Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
Makefile Remove x87 port 2017-07-18 18:20:40 +00:00
Makefile.android [build] Fix d8-for-Android builds 2016-05-20 12:10:45 +00:00
OWNERS Add COMPONENT tags to OWNERS files where appropriate 2017-05-22 10:15:28 +00:00
PRESUBMIT.py [test] Automatically add a noi18n bot for changes affecting Intl 2017-06-06 13:01:14 +00:00
README.md [Docs] Removed unused docs because they are moved to GitHub 2015-11-19 10:23:30 +00:00
snapshot_toolchain.gni MIPS[64]: Add support for big endian build using GN 2017-06-02 15:02:18 +00:00
WATCHLISTS [V8Tracing] Add lpy@ and fmeawad@ into watchlist for tracing/. 2017-05-22 19:40:17 +00:00

README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://github.com/v8/v8/wiki

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned on the V8 wiki.