Comment #10 on issue 2120 by [email protected]: Enable --verify-heap in release mode
http://code.google.com/p/v8/issues/detail?id=2120
I ran the repro for 160010 and from my experience and the comments it seems to crash every time in v8::internal::BasicJsonStringifier::SerializeString_(). As this method doesn't allocate in the crashing loop (writing into a string in the heap), verify_heap doesn't have the chance to intervene before it writes off the end of NewSpace (new gc heap objects).
So catching this bug would need some kind of red zone support within objects or at least knowledge about our heap segments to recognize when we write outside of them. It's beyond the current capabilities of verify-heap.
-- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev
