Only use the caging ArrayBufferAllocator when the heap sandbox is on

The current implementation of the default ArrayBufferAllocator for the virtual memory cage is highly inefficient as it simply forwards all requests to the cage's PageAllocator. With this CL, this allocator is now only used when the heap sandbox is enabled, in which case ArrayBuffer backing stores must be located inside the cage. In all other cases, in particular when only the virtual memory cage is enabled, the backing stores can be located outside the cage and so the malloc-based ArrayBufferAllocator is used. This change only affects configurations in which V8's default ArrayBufferAllocator is used. Bug: chromium:1218005 Change-Id: I39cb5de3034ccd4b6975dc5193d8c7309857433b Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3205018Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#77276}

Only use the caging ArrayBufferAllocator when the heap sandbox is on
The current implementation of the default ArrayBufferAllocator for the virtual memory cage is highly inefficient as it simply forwards all requests to the cage's PageAllocator. With this CL, this allocator is now only used when the heap sandbox is enabled, in which case ArrayBuffer backing stores must be located inside the cage. In all other cases, in particular when only the virtual memory cage is enabled, the backing stores can be located outside the cage and so the malloc-based ArrayBufferAllocator is used. This change only affects configurations in which V8's default ArrayBufferAllocator is used. Bug: chromium:1218005 Change-Id: I39cb5de3034ccd4b6975dc5193d8c7309857433b Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3205018Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#77276}
7436a7b7 · Samuel Groß · V8 LUCI CQ · 2ca7641f · 7436a7b7
Commit 7436a7b7 authored Oct 05, 2021 by Samuel Groß Committed by V8 LUCI CQ Oct 07, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 6 deletions

api.cc src/api/api.cc +6 -6

No files found.
--- a/src/api/api.cc
+++ b/src/api/api.cc
@@ -382,11 +382,11 @@ void V8::SetSnapshotDataBlob(StartupData* snapshot_blob) {

 namespace {

-#ifdef V8_VIRTUAL_MEMORY_CAGE
-// ArrayBufferAllocator to use when the virtual memory cage is enabled, in which
-// case all ArrayBuffer backing stores need to be allocated inside the data
-// cage. Note, the current implementation is extremely inefficient as it uses
-// the BoundedPageAllocator. In the future, we'll need a proper allocator
+#ifdef V8_HEAP_SANDBOX
+// ArrayBufferAllocator to use when the heap sandbox is enabled, in which case
+// all ArrayBuffer backing stores need to be allocated inside the virtual
+// memory cage. Note, the current implementation is extremely inefficient as it
+// uses the BoundedPageAllocator. In the future, we'll need a proper allocator
 // implementation.
 class ArrayBufferAllocator : public v8::ArrayBuffer::Allocator {
 public:
@@ -454,7 +454,7 @@ class ArrayBufferAllocator : public v8::ArrayBuffer::Allocator {
    return new_data;
  }
 };
-#endif  // V8_VIRTUAL_MEMORY_CAGE
+#endif  // V8_HEAP_SANDBOX

 struct SnapshotCreatorData {
  explicit SnapshotCreatorData(Isolate* isolate)