commit | 7d1000f30f8f9cb6d6275af441422ab319038df8 | [log] [tgz] |
---|---|---|
author | Jakob Kummerow <jkummerow@chromium.org> | Wed Oct 24 01:02:50 2018 |
committer | Commit Bot <commit-bot@chromium.org> | Wed Oct 24 03:59:48 2018 |
tree | 0703d8a892586223f0f567fa77f8e9ecda467499 | |
parent | 50d7cbf6b93dbb7521823879bd33518c3072cbe6 [diff] |
[ubsan,snapshot] Replace Object** in src/snapshot/ as part of the ongoing quest to get rid of Object*/Object** entirely. Turns out the Deserializer was actually using unaligned MaybeObject** pointers, which is undefined behavior. This patch makes the unaligned values obvious (as "UnalignedSlot") and safe. Bug: v8:3770 Change-Id: I20f2cca10cc025fa4867e56d9d740a3653837749 Reviewed-on: https://chromium-review.googlesource.com/c/1295792 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#56924}
V8 is Google's open source JavaScript engine.
V8 implements ECMAScript as specified in ECMA-262.
V8 is written in C++ and is used in Google Chrome, the open source browser from Google.
V8 can run standalone, or can be embedded into any C++ application.
V8 Project page: https://github.com/v8/v8/wiki
Checkout depot tools, and run
fetch v8
This will checkout V8 into the directory v8
and fetch all of its dependencies. To stay up to date, run
git pull origin gclient sync
For fetching all branches, add the following into your remote configuration in .git/config
:
fetch = +refs/branch-heads/*:refs/remotes/branch-heads/* fetch = +refs/tags/*:refs/tags/*
Please follow the instructions mentioned on the V8 wiki.