Google Git
Sign in
chromium / v8 / v8 / 1e47404bb77ae6b6e0427e929f60e36c417545e3
commit1e47404bb77ae6b6e0427e929f60e36c417545e3[log] [tgz]
authorDominik Inführ <dinfuehr@chromium.org>Wed Dec 14 18:05:57 2022
committerV8 LUCI CQ <v8-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Dec 14 22:19:32 2022
treeefb9f15c41d7b885cd44e94117bc9da87a583a49
parent96bc59aec0f7dc005f1818f5bf85ec87d8bbb927 [diff]
[heap] Fix uninitialized field in DescriptorArray write barrier

marking_barrier_type_ wasn't initialized in MarkingBarrier's ctor.
With --shared-space and enabling incremental marking in the shared
heap this could lead to the load of an uninitialized value in
`is_minor` in the DescriptorArray write barrier.

The write barrier was also not using the right value for old_marked
when both minor and shared incremental marking were enabled.

Bug: v8:13267, chromium:1400730
Change-Id: Ibd682b9baba333ce16af028e4f66aefb6c8aaea7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4108028
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84855}
4 files changed
tree: efb9f15c41d7b885cd44e94117bc9da87a583a49
  1. .github/
  2. bazel/
  3. build_overrides/
  4. custom_deps/
  5. docs/
  6. gni/
  7. include/
  8. infra/
  9. samples/
  10. src/
  11. test/
  12. testing/
  13. third_party/
  14. tools/
  15. .bazelrc
  16. .clang-format
  17. .clang-tidy
  18. .editorconfig
  19. .flake8
  20. .git-blame-ignore-revs
  21. .gitattributes
  22. .gitignore
  23. .gn
  24. .mailmap
  25. .style.yapf
  26. .vpython3
  27. .ycm_extra_conf.py
  28. AUTHORS
  29. BUILD.bazel
  30. BUILD.gn
  31. CODE_OF_CONDUCT.md
  32. codereview.settings
  33. COMMON_OWNERS
  34. DEPS
  35. DIR_METADATA
  36. ENG_REVIEW_OWNERS
  37. INFRA_OWNERS
  38. INTL_OWNERS
  39. LICENSE
  40. LICENSE.fdlibm
  41. LICENSE.strongtalk
  42. LICENSE.v8
  43. LOONG_OWNERS
  44. MIPS_OWNERS
  45. OWNERS
  46. PPC_OWNERS
  47. PRESUBMIT.py
  48. README.md
  49. RISCV_OWNERS
  50. S390_OWNERS
  51. WATCHLISTS
  52. WORKSPACE
README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://v8.dev/docs

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned at v8.dev/docs/contribute.