| commit | 3f850f4da08e9beb564e1b0cf93950e7b49d5348 | [log] [tgz] |
|---|---|---|
| author | Michael Lippautz <mlippautz@chromium.org> | Tue Oct 23 15:28:17 2018 |
| committer | Commit Bot <commit-bot@chromium.org> | Tue Oct 23 16:53:15 2018 |
| tree | 1f5826f946999cdd2613130dcef2c04e9689c7a1 | |
| parent | 243487980d9add4bddf89748fb81b7ef376446c1 [diff] |
[unified-heap] Call TraceEpilogue at the end of a MC GC Marking resets global handles which touches the corresponding slots on the embedder side. The embedder may already have freed the memory which results in use after free. Bug: chromium:843903 Change-Id: I05a62f28d801b4de167f6fbf1be29743544c1293 Reviewed-on: https://chromium-review.googlesource.com/c/1296457 Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#56911}
V8 is Google's open source JavaScript engine.
V8 implements ECMAScript as specified in ECMA-262.
V8 is written in C++ and is used in Google Chrome, the open source browser from Google.
V8 can run standalone, or can be embedded into any C++ application.
V8 Project page: https://github.com/v8/v8/wiki
Checkout depot tools, and run
fetch v8
This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run
git pull origin
gclient sync
For fetching all branches, add the following into your remote configuration in .git/config:
fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
fetch = +refs/tags/*:refs/tags/*
Please follow the instructions mentioned on the V8 wiki.