AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
27,006 Commits 1 Branch 0 Tags 839 MiB
C++ 67.6%
JavaScript 30.1%
Python 1.2%
C 0.3%
TypeScript 0.3%
Other 0.4%
fc6ff53400
Go to file
mlippautz fc6ff53400 Reland of "[heap] Clean up stale store buffer entries for aborted pages." 
This reverts commit d4fc4a8cad.

1.  Let X be the aborted slot (slot in an evacuated object in an aborted page)
2.  Assume X contains pointer to Y and Y is in the new space, so X is in the
    store buffer.
3.  Store buffer rebuilding will not filter out X (it checks InNewSpace(Y)).
4.  The current mark-sweep finishes. The slot X is in free space and is also in
    the store buffer.
5.  A string of length 9 "abcdefghi" is allocated in the new space. The string
    looks like |MAP|LENGTH|hgfedcba|NNNNNNNi| in memory, where NNNNNNN is
    previous garbage. Let's assume that NNNNNNN0 was pointing to a new space
    object before.
6.  Scavenge happens.
7.  Slot X is still in free space and in store buffer. [It causes scavenge of
    the object Y in
    store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject). But
    it is not important].
8.  Our string is promoted and is allocated over the slot X, such that NNNNNNNi
    is written in X.
9.  The scavenge finishes.
9.  Another scavenge starts.
10. We crash in
    store_buffer()->IteratePointersToNewSpace(&Scavenger::ScavengeObject) when
    processing slot X, because it doesn't point to valid map.

BUG=chromium:524425, chromium:564498
LOG=N
R=hpayer@chromium.org, ulan@chromium.org

Review URL: https://codereview.chromium.org/1494503004

Cr-Commit-Position: refs/heads/master@{#32514}
2015-12-02 14:04:56 +00:00
benchmarks Revert "Refactoring: Make gtest testsuite the default." 2014-09-02 09:17:26 +00:00
build Clobber to hopefully resolve a clang problem 2015-12-02 08:09:19 +00:00
docs [Docs] Removed unused docs because they are moved to GitHub 2015-11-19 10:23:30 +00:00
include Pass explicit Isolate parameter to v8::Debug methods that need it 2015-12-02 12:47:41 +00:00
infra Revert of [CQ] Update proto format to fix triggered builders. (patchset #1 id:1 of https://codereview.chromium.org/1495443003/ ) 2015-12-02 13:28:07 +00:00
samples Fix crash in shell.cc when reporting exceptions that aren't Errors 2015-10-20 14:33:52 +00:00
src Reland of "[heap] Clean up stale store buffer entries for aborted pages." 2015-12-02 14:04:56 +00:00
test [runtime] Rename IsPropertyEnumerable to PropertyIsEnumerable conforming to the spec. 2015-12-02 14:03:49 +00:00
testing Converted V8 CQ config to proto-format 2015-05-28 15:02:53 +00:00
third_party/binutils Update binutils version. 2015-08-07 08:09:49 +00:00
tools [stubs] A new approach to TF stubs 2015-12-02 12:35:20 +00:00
.clang-format Change clang-format config to allow for two empty lines between functions 2013-12-03 10:39:21 +00:00
.gitignore Add .gdb_history to .gitignore. 2015-12-01 12:30:48 +00:00
.ycm_extra_conf.py [ycm] The YouCompleteMe configuration is not VIM specific. 2015-02-12 07:21:13 +00:00
AUTHORS [tools] Make gen-postmortem-metadata.py more reliable 2015-11-12 14:48:04 +00:00
BUILD.gn [stubs] A new approach to TF stubs 2015-12-02 12:35:20 +00:00
ChangeLog Update change log to match roll branch. 2015-05-18 15:03:50 +00:00
codereview.settings Use v8-reviews@ for review mail, so v8-dev@ is free for dev discussions 2015-09-09 08:14:11 +00:00
DEPS Update V8 DEPS. 2015-12-02 04:23:09 +00:00
LICENSE Updates to the license information of third party components. 2015-06-16 12:37:50 +00:00
LICENSE.strongtalk Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
LICENSE.v8 Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
LICENSE.valgrind Add LICENSE.v8, LICENSE.strongtalk and LICENSE.valgrind to the v8 2011-02-03 07:10:06 +00:00
Makefile MIPS64: Add big-endian support for mips64. 2015-09-29 17:23:55 +00:00
Makefile.android Reland [android] Migrate more configs to gyp. 2015-06-26 12:04:09 +00:00
Makefile.nacl Use the pnacl-clang toolchain for (P)NaCL builds 2014-10-06 08:10:50 +00:00
OWNERS Update OWNERS file. 2015-07-16 11:37:51 +00:00
PRESUBMIT.py [test] Add status-file presubmit check. 2015-11-25 13:19:33 +00:00
README.md [Docs] Removed unused docs because they are moved to GitHub 2015-11-19 10:23:30 +00:00
snapshot_toolchain.gni Split the GN 'snapshot_toolchain' logic out into an include file. 2015-09-22 02:28:40 +00:00
WATCHLISTS [Release] CC hpayer@ and ulan@ to every heap change 2015-12-02 12:49:50 +00:00

README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://github.com/v8/v8/wiki

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned on the V8 wiki.