Status: Assigned
Owner: [email protected]
CC: [email protected], [email protected], [email protected],
[email protected], [email protected]
Labels: Type-Bug Priority-Medium
New issue 2406 by [email protected]: Implement redzones in v8
http://code.google.com/p/v8/issues/detail?id=2406
From discussion of http://code.google.com/p/v8/issues/detail?id=2120, a
solution of "redzones and probably a good tracking of the top pointer of gc
space" is proposed. This is a extremely desirable feature, can you please
help to implement it. Right now, we have atleast three fuzzers that can
help to find v8 bugs, farcasia's v8 fuzzer, fuzzer working on crash urls,
inferno_twister fuzzer.
Comment 10 by project member [email protected], Today (6 hours ago)
I ran the repro for 160010 and from my experience and the comments it seems
to crash every time in
v8::internal::BasicJsonStringifier::SerializeString_(). As this method
doesn't allocate in the crashing loop (writing into a string in the heap),
verify_heap doesn't have the chance to intervene before it writes off the
end of NewSpace (new gc heap objects).
So catching this bug would need some kind of red zone support within
objects or at least knowledge about our heap segments to recognize when we
write outside of them. It's beyond the current capabilities of verify-heap.
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
