| commit | 6b226ea2ff6d2f05e5e1809292f12ec476b56329 | [log] [tgz] |
|---|---|---|
| author | Jakob Kummerow <jkummerow@chromium.org> | Thu Nov 01 04:35:22 2018 |
| committer | Commit Bot <commit-bot@chromium.org> | Thu Nov 01 05:20:04 2018 |
| tree | 47eae126e86b792caed616534341dae239d03411 | |
| parent | 2ef0aa662fe907a1b36ac1abe7d77ad2bcd27733 [diff] |
[ubsan] Replace AtomicElement with UB-safe alternative The previous AtomicElement wrapper fundamentally relied on reinterpret_casting a heap address to an instance of a C++ object, which is an invalid cast. This patch replaces that pattern with an ObjectSlot-based alternative that does not rely on UB. Bug: v8:3770 Change-Id: I62fb3c7589ac59e9e18139b525174de77e0e2149 Reviewed-on: https://chromium-review.googlesource.com/c/1309297 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#57197}
V8 is Google's open source JavaScript engine.
V8 implements ECMAScript as specified in ECMA-262.
V8 is written in C++ and is used in Google Chrome, the open source browser from Google.
V8 can run standalone, or can be embedded into any C++ application.
V8 Project page: https://github.com/v8/v8/wiki
Checkout depot tools, and run
fetch v8
This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run
git pull origin
gclient sync
For fetching all branches, add the following into your remote configuration in .git/config:
fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
fetch = +refs/tags/*:refs/tags/*
Please follow the instructions mentioned on the V8 wiki.