AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
46,744 Commits 1 Branch 0 Tags 839 MiB
C++ 67.6%
JavaScript 30.1%
Python 1.2%
C 0.3%
TypeScript 0.3%
Other 0.4%
fae1ab03a9
Go to file
Ben Smith fae1ab03a9 [wasm] Fix crash serializing modules w/ big frames 
When a wasm function has a large stack frame, the x64 code generator
performs the stack overflow check before constructing the frame. This
requires using the `address_of_real_stack_limit` external reference, as
well as the `ThrowWasmStackOverflow` runtime function.

`ThrowWasmStackOverflow` is called via a generated trampoline, but it is
not a builtin, so the serializer adds it to the `stub_lookup_` map. This
map is encoded by using a monotonically increasing `stub_id` that starts
at 0.

When the function is serialized, a stub is differentiated from a builtin
by which half of the `i32` bits is used, upper or lower. A stub only
uses the lower 16 bits and a builtin only uses the upper 16 bits.

The deserializer checks whether the lower 16 bits are 0; if so, it is
determined to be a builtin. But if the `stub_id` is 0, then it will be
confused with builtin 0 (`RecordWrite`). Calling the builtin instead of
the stub causes a crash.

This CL starts all `stub_id`s at 1, which prevents the builtin/stub
confusion.

There is an additional bug that is not fixed by this CL:
`ThrowWasmStackOverflow` shouldn't be called at all. Currently it is
called because `address_of_real_stack_limit` is a thread-local value
that is not properly relocated.

Bug: chromium:808848
Change-Id: I06b3e650ea58ad717dcc47a3716443e16582e711
Reviewed-on: https://chromium-review.googlesource.com/981687
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52252}
2018-03-27 18:34:06 +00:00
benchmarks Fix common misspellings 2017-08-02 09:35:28 +00:00
build_overrides [ndk] Change android ndk root for v8 2018-01-11 08:10:33 +00:00
docs [Docs] Removed unused docs because they are moved to GitHub 2015-11-19 10:23:30 +00:00
gni [build] Add MB configs for jumbo builders 2018-03-22 11:28:50 +00:00
include [heap,api] Introduce near-heap-limit callbacks. 2018-03-27 08:29:56 +00:00
infra [build] Used data deps from GN 2018-03-26 15:05:52 +00:00
samples [sample] fix potential memory leak. 2018-02-21 13:06:18 +00:00
src [wasm] Fix crash serializing modules w/ big frames 2018-03-27 18:34:06 +00:00
test [wasm] Fix crash serializing modules w/ big frames 2018-03-27 18:34:06 +00:00
testing Remove dummy files created for rolling googletest. 2018-03-27 05:55:56 +00:00
third_party Roll googletest to 1.8.0+. 2018-03-23 07:54:27 +00:00
tools Update mkgrokdump so that it can see maps/objects in RO_SPACE 2018-03-27 16:30:02 +00:00
.clang-format [clang-format] Don't derive pointer alignment 2017-01-17 09:28:19 +00:00
.editorconfig Add .editorconfig 2017-07-28 13:39:24 +00:00
.git-blame-ignore-revs [build] Add DEPS formatting to hyper-blame 2017-10-09 14:08:45 +00:00
.gitignore Roll googletest to 1.8.0+. 2018-03-23 07:54:27 +00:00
.gn For building v8 using gn on aix_ppc64, linux_s390x and linux_ppc64(both LE and BE). 2017-05-12 01:35:09 +00:00
.vpython [tools] Add pypiwin32 pacakge to VPython config 2018-03-09 20:33:36 +00:00
.ycm_extra_conf.py [ycm] Switch from gnu++11 to gnu++14 2017-11-27 07:48:21 +00:00
AUTHORS Fix error message for octal escapes in templates 2018-03-08 18:57:45 +00:00
BUILD.gn [V8 Platform] Make CallOnWorkerThread use std::unique_ptr 2018-03-26 17:43:22 +00:00
ChangeLog [tools] Merge ChangeLog from latest release 2017-12-19 12:30:56 +00:00
CODE_OF_CONDUCT.md Explicitly state that the Chromium Code of Conduct also applies to V8 2016-03-02 09:51:24 +00:00
codereview.settings Make Gerrit the default code review for V8 2017-06-30 17:37:37 +00:00
DEPS Update V8 DEPS. 2018-03-27 03:50:14 +00:00
LICENSE Updates to the license information of third party components. 2015-06-16 12:37:50 +00:00
LICENSE.fdlibm Add LICENSE.fdlibm for all the fdlibm imported sources. 2016-06-09 07:17:03 +00:00
LICENSE.strongtalk Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
LICENSE.v8 Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
LICENSE.valgrind Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
OWNERS Adding a few more wasm related OWNERS. 2018-03-01 20:19:07 +00:00
PRESUBMIT.py [gyp] remove gyp files. 2018-02-08 20:04:06 +00:00
README.md [Docs] Removed unused docs because they are moved to GitHub 2015-11-19 10:23:30 +00:00
snapshot_toolchain.gni MIPS[64]: Generate snapshots on MIPS big-endian targets 2017-11-24 19:00:32 +00:00
WATCHLISTS Remove v8-x87-ports@ from WATCHLIST 2018-02-26 19:56:21 +00:00

README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://github.com/v8/v8/wiki

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned on the V8 wiki.