| commit | fd150c79884f4ae522dd5c80350e90f4d8a7a2ba | [log] [tgz] |
|---|---|---|
| author | Benedikt Meurer <bmeurer@chromium.org> | Sat Nov 04 11:24:56 2017 |
| committer | Commit Bot <commit-bot@chromium.org> | Sat Nov 04 12:06:31 2017 |
| tree | ddf8867f2e6aadfebb2e542cb6be719fad7da508 | |
| parent | 1a1968feb633ddeb7b90e5f3eb825e73ac503cb5 [diff] |
[turbofan] Generate the correct bounds when the array protector isn't valid. The condition for bounds check generation was not in sync with the condition that was used for the actual access, which lead to invalid memory accesses when the array protector was invalid. Tbr: tebbi@chromium.org Bug: chromium:781506, chromium:781494, chromium:781457, chromium:781285, chromium:781381, chromium:781380, v8:6936, v8:7014, v8:7027 Change-Id: Ia5b2ad02940292572ed9b37abd3f9ffaa6d7a26b Reviewed-on: https://chromium-review.googlesource.com/753590 Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/master@{#49124}
V8 is Google's open source JavaScript engine.
V8 implements ECMAScript as specified in ECMA-262.
V8 is written in C++ and is used in Google Chrome, the open source browser from Google.
V8 can run standalone, or can be embedded into any C++ application.
V8 Project page: https://github.com/v8/v8/wiki
Checkout depot tools, and run
fetch v8
This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run
git pull origin
gclient sync
For fetching all branches, add the following into your remote configuration in .git/config:
fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
fetch = +refs/tags/*:refs/tags/*
Please follow the instructions mentioned on the V8 wiki.