1. 27 Dec, 2021 1 commit
    • Omer Katz's avatar
      cppgc-js, heap: Concurrently push references from v8 to Oilpan · d10f61e1
      Omer Katz authored
      Included in this CL:
      (*) Introduce CppMarkingState that V8 should use to push references to
          Oilpan. CppMarkingState allocates its own Worklist::Locals to
          support concurrent updates from V8.
      (*) Split Oilpan MarkingWorklist object to form a base class used by
          CppMarkingState.
      (*) Remove MarkerFactory and split marking initialization. Marking
          worklists should already be initialized when V8 initializes
          visitors. For incremental marking, this requires splitting
          marking initialization and marking start.
      (*) Drive-by: Mark JSObject::IsApiWrapper and
          JSObject::IsDroppableApiWrapper as const.
      
      Bug: v8:12407
      Change-Id: I35cc816343da86f69a68306204675720e9b3913f
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3293410Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Commit-Queue: Omer Katz <omerkatz@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#78446}
      d10f61e1
  2. 15 Dec, 2021 1 commit
    • Samuel Groß's avatar
      V8 Sandbox rebranding · 277fdd1d
      Samuel Groß authored
      This CL renames a number of things related to the V8 sandbox.
      Mainly, what used to be under V8_HEAP_SANDBOX is now under
      V8_SANDBOXED_EXTERNAL_POINTERS, while the previous V8 VirtualMemoryCage
      is now simply the V8 Sandbox:
      
      V8_VIRTUAL_MEMORY_CAGE => V8_SANDBOX
      V8_HEAP_SANDBOX => V8_SANDBOXED_EXTERNAL_POINTERS
      V8_CAGED_POINTERS => V8_SANDBOXED_POINTERS
      V8VirtualMemoryCage => Sandbox
      CagedPointer => SandboxedPointer
      fake cage => partially reserved sandbox
      src/security => src/sandbox
      
      This naming scheme should simplify things: the sandbox is now the large
      region of virtual address space inside which V8 mainly operates and
      which should be considered untrusted. Mechanisms like sandboxed pointers
      are then used to attempt to prevent escapes from the sandbox (i.e.
      corruption of memory outside of it). Furthermore, the new naming scheme
      avoids the confusion with the various other "cages" in V8, in
      particular, the VirtualMemoryCage class, by dropping that name entirely.
      
      Future sandbox features are developed under their own V8_SANDBOX_X flag,
      and will, once final, be merged into V8_SANDBOX. Current future features
      are sandboxed external pointers (using the external pointer table), and
      sandboxed pointers (pointers guaranteed to point into the sandbox, e.g.
      because they are encoded as offsets). This CL then also introduces a new
      build flag, v8_enable_sandbox_future, which enables all future features.
      
      Bug: v8:10391
      Change-Id: I5174ea8f5ab40fb96a04af10853da735ad775c96
      Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322981Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
      Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Commit-Queue: Samuel Groß <saelo@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#78384}
      277fdd1d
  3. 09 Dec, 2021 1 commit
  4. 08 Dec, 2021 1 commit
    • Leszek Swirski's avatar
      [compiler] Introduce ReusableUnoptimizedCompileState · b3e1eb0c
      Leszek Swirski authored
      Introduce a ReusableUnoptimizedCompileState class, passed to ParseInfo,
      which stores a couple of pointers and most importantly the Zone and
      AstValueFactory of the parse. This allows the Zone and AstValueFactory
      to be reused across multiple parses, rather than re-initialising
      per-Parse.
      
      With this, we can amend the LazyCompileDispatcher to initialise one
      LocalIsolate, Zone and AstValueFactory per background thread loop,
      rather than one per compile task, which allows us to reduce per-task
      costs and re-use the AstValueFactory's string table and previous String
      internalizations.
      
      Change-Id: Ia0e29c4e31fbe29af57674ebb10916865d38b2ce
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313106Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#78289}
      b3e1eb0c
  5. 07 Dec, 2021 1 commit
  6. 04 Dec, 2021 1 commit
    • Samuel Groß's avatar
      Introduce VirtualAddressSpace interface · a7cb30b0
      Samuel Groß authored
      This interface is meant to eventually replace the existing
      v8::PageAllocator interface. Beyond general refactoring of the
      PageAllocator APIs, the new interface now supports the concept of
      (contiguous) address space reservations, which previously had to be
      implemented through page allocations. These reservations now make better
      use of provided OS primitives on Fuchsia (VMARs) and Windows
      (placeholder mappings) and can be used to back many of the cages and
      virtual memory regions that V8 creates.
      
      The new interface is not yet stable and may change at any time without
      deprecating the old version first.
      
      Bug: chromium:1218005
      Change-Id: I295253c42e04cf311393c5dab9f8c06bd7451ce3
      Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3301475
      Commit-Queue: Samuel Groß <saelo@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#78235}
      a7cb30b0
  7. 02 Dec, 2021 1 commit
  8. 29 Nov, 2021 4 commits
  9. 26 Nov, 2021 2 commits
  10. 25 Nov, 2021 1 commit
  11. 17 Nov, 2021 1 commit
  12. 12 Nov, 2021 1 commit
    • Leszek Swirski's avatar
      [parser] Pass LocalIsolate to ParseOnBackground · 8685bd0c
      Leszek Swirski authored
      Unify parse post-processing between main-thread and background-thread
      parsing, now that we have LocalIsolate and can Internalize on background
      threads.
      
      As part of this, simplify the LocalIsolate parking pattern to explicitly
      park during ParseOnBackground, rather than being implicitly parked when
      ParseOnBackground is called. This reduces the amound of scoping needed
      in the BackgroundCompileTask::Run method.
      
      Change-Id: Ifdb128b763129bda78bd1bae89dac1c62f872350
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277876
      Commit-Queue: Toon Verwaest <verwaest@chromium.org>
      Auto-Submit: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#77872}
      8685bd0c
  13. 09 Nov, 2021 1 commit
  14. 08 Nov, 2021 1 commit
  15. 06 Nov, 2021 1 commit
  16. 04 Nov, 2021 2 commits
    • Michael Lippautz's avatar
      Move unified heap unittests into cppgc-js directory · aa4cb576
      Michael Lippautz authored
      Adjust WATCHLISTS to only send out updates to those testfiles as part
      of notifying oilpan-reviews+v8@.
      
      Change-Id: Ib877f0353ea2b2d1ac06c93d450145dbeb6fcc66
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260517
      Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
      Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarOmer Katz <omerkatz@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#77713}
      aa4cb576
    • Leszek Swirski's avatar
      [compiler-dispatcher] Move to full SFI keying · 14097e62
      Leszek Swirski authored
      Remove the concept of JobId from LazyCompileDispatcher, and make SFIs
      the canonical id for these jobs.
      
      This has several consequences:
      
        * We no longer split enqueing a job and registering a SFI with that
          job. We did this previously because we could not allocate SFIs in
          the Parser -- now with LocalHeap we can, so we do.
        * We remove the separate Job vector, and make the SFI IdentityMap
          hold pointers to Jobs directly. This requires a small amount of
          extra care to deallocate Jobs when removing them from the map,
          but it means not having to allocate new global handles for jobs.
        * The SFI is passed into the BackgroundCompileTask instead of the
          script, so our task finalization doesn't need the SFI anymore.
        * We no longer need to iterate ParallelTasks after compiling (to
          register SFIs), so we can get rid of ParallelTasks entirely and
          access the dispatcher directly from the parser.
      
      There are a few drive-bys since we're touching this code:
      
        * Jobs are move to have a "state" variable rather than a collection
          of bools, for stricter DCHECKing.
        * There's no longer a set of "currently running" jobs, since this
          was only used to check if a job is running, we can instead inspect
          the job's state directly.
        * s/LazyCompilerDispatcher/LazyCompileDispatcher/g
      
      Change-Id: I85e4bd6db108f5e8e7fe2e919c548ce45796dd50
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259647
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarVictor Gomes <victorgomes@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#77712}
      14097e62
  17. 03 Nov, 2021 2 commits
    • Anton Bikineev's avatar
      cppgc: Force EBO to always work with GCed · 92eae6d1
      Anton Bikineev authored
      Currently, in the following struct
      
      struct LayoutObject : GarbageCollected<>, MixinA, MixinB {};
      
      the subobject that corresponds to the first base GarbageCollected<>
      always takes up some space (one word). The empty-base-optimization
      doesn't happen because the second base (MixinA) has the same subobject
      as the first base (GarbageCollected), which is the most parent class
      GarbageCollectedBase. The compiler can't "merge" them because it must
      guarantee that distinct objects of the same type have distinct
      addresses.
      
      The attribute [[no_unique_address]] doesn't work for base classes,
      unfortunately (but is a good idea for a Standard proposal). As a
      solution, the CL simply removes GarbageCollectedBase.
      
      Bug: chromium:1260797
      Change-Id: I415b10a5fbcebce3d6ee97b8870ea9ae90f383a8
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259654
      Commit-Queue: Anton Bikineev <bikineev@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#77693}
      92eae6d1
    • Leszek Swirski's avatar
      Reland "[off-thread] Allow off-thread top-level IIFE finalization" · 548c40ed
      Leszek Swirski authored
      This is a reland of 35a6eeec
      
      Reland fixes:
        * Add a SharedFunctionInfo::CopyFrom to encapsulate updating the SFI
          from the placeholder. This now includes copying scope_info (which
          wasn't included in the original CL and caused some of the issues)
        * Make sure that LocalHandleScope is initialised only inside of
          UnparkedScope (fixed TSAN issues)
        * Clean-up: Don't add `script_` to ParseInfo, but instead pass it
          separately to Parser. Eventually we'd ideally get rid of ParseInfo
          entirely (splitting it into input and output) so let's not add more
          fields to it. Reverts changing CreateScript to InitializeScript.
      
      Original change's description:
      > [off-thread] Allow off-thread top-level IIFE finalization
      >
      > Allow off-thread finalization for parallel compile tasks (i.e. for top-
      > level IIFEs).
      >
      > This allows us to merge the code paths in BackgroundCompileTask, and
      > re-enable the compiler dispatcher tests under the off-thread
      > finalization flag. Indeed, we can simplify further and get rid of that
      > flag entirely (it has been on-by-default for several releases now).
      >
      > Change-Id: I54f361997d651667fa813ec09790a6aab4d26774
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3226780
      > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
      > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > Cr-Commit-Position: refs/heads/main@{#77615}
      
      Change-Id: If1a5b14900aa6753561e34e972a293be0be9a07d
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256692
      Commit-Queue: Toon Verwaest <verwaest@chromium.org>
      Auto-Submit: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#77676}
      548c40ed
  18. 02 Nov, 2021 2 commits
  19. 01 Nov, 2021 1 commit
  20. 29 Oct, 2021 2 commits
  21. 28 Oct, 2021 4 commits
  22. 27 Oct, 2021 2 commits
  23. 26 Oct, 2021 1 commit
  24. 25 Oct, 2021 1 commit
  25. 20 Oct, 2021 1 commit
  26. 19 Oct, 2021 1 commit
    • Dominik Inführ's avatar
      Reland "[heap] Attach to shared isolate after setting up main thread" · 535242ff
      Dominik Inführ authored
      This is a reland of 929b83fb
      
      This version of the CL also fixes initialization of the
      marking_barrier_ in the LocalHeap constructor.
      
      This CL also got rebased on Victor's CL in https://crrev.com/c/3229361.
      It added a code_space_allocator_ in LocalHeap which needs to be
      initialized a bit later on the main thread as well.
      
      Original change's description:
      > [heap] Attach to shared isolate after setting up main thread
      >
      > Attach to the shared isolate after the main thread was set up. Otherwise
      > it could happen that a shared GC initiated from another isolate might
      > see no threads are running and performs the safepoint operation in the
      > middle of isolate deserialization.
      >
      > We use DisallowSafepoints to check that the isolate doesn't join a
      > global safepoint before deserialization is complete. DisallowSafepoints
      > used to prevent only invocations of Safepoint() but was updated to
      > also prevent Park() and Unpark() invocations. Each state change could
      > cause the thread to reach a safepoint, which would allow a shared GC
      > to run.
      >
      > We now also DCHECK that every isolate has at least one local heap and
      > that shared collections aren't started before deserialization is
      > complete.
      >
      > Bug: v8:11708
      > Change-Id: Iba3fb59dd951d5ee4fc9934158062287302fc279
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3221157
      > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Reviewed-by: Shu-yu Guo <syg@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/main@{#77424}
      
      Bug: v8:11708
      Change-Id: I7d44e4a5f76cc09092c2444cede10e9331222c1d
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229361Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarShu-yu Guo <syg@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#77448}
      535242ff
  27. 13 Oct, 2021 1 commit
  28. 12 Oct, 2021 1 commit
    • Michael Lippautz's avatar
      cppgc: Add support for double-word aligned allocations · 62418750
      Michael Lippautz authored
      Adds support for double-word aligned, i.e., 8 bytes on 32-bit
      platforms and 16 bytes on 64-bit platforms, objects in Oilpan.
      
      Changes:
      - Adds generic alignment APIs and overrides.
      - Internal logic to support double-word aligned allocations on LABs.
      - Adjusts natural alignment of large objects to follow double-word.
      - Adds a new static_assert() that suggests users file a bug if higher
        alignment is required.
      - Statically checks that no allocations with non-default alignment
        target custom spaces that support compaction.
      
      Bug: v8:12295
      Change-Id: I05766ce2349055d5d78b68919be00e7ee91d5505
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3218150Reviewed-by: 's avatarAnton Bikineev <bikineev@chromium.org>
      Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
      Cr-Commit-Position: refs/heads/main@{#77348}
      62418750