Updates:
Status: Started
Comment #2 on issue 4359 by mlippa...@chromium.org: Crash in
v8::internal::MemoryChunk::IsEvacuationCandidate on arm64 in
mjsunit/strong/load-proxy.js
https://code.google.com/p/v8/issues/detail?id=4359
Hej Yang,
This is just to let you know that I am still on this.
Findings so far:
* Activated optimized code resides on an evacuation candidate page
* One of the [RelocInfo] slots points to a [Cell] that also resides on an
evacuation candidate page
* The cell is not properly recorded anywhere or marked (as far as I see)
* Code is migrated; on visiting it in the next GC cycle (or verification)
the cell points to an uncommitted page
boom!
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
