1. 18 Jun, 2021 1 commit
  2. 09 Jun, 2021 1 commit
  3. 30 Apr, 2021 1 commit
  4. 23 Apr, 2021 1 commit
  5. 01 Feb, 2021 1 commit
  6. 26 Oct, 2020 3 commits
    • Clemens Backes's avatar
      Reland "[wasm] Disallow late enabling of trap handlers" · 15efe5a6
      Clemens Backes authored
      This is a reland of bcb0a7c5.
      Data races detected by TSan are fixed by using (relaxed) atomic
      updates.
      
      Original change's description:
      > [wasm] Disallow late enabling of trap handlers
      >
      > It's dangerous if trap handlers are enabled after we already used the
      > information whether they are enabled or not.
      > This CL checks for such misbehaviour by remembering whether
      > {IsTrapHandlerEnabled} was already called, and disallowing
      > {EnableTrapHandler} afterwards. Also, calling {EnableTrapHandler}
      > multiple times is disallowed now.
      >
      > The trap handler tests are changed to only enable trap handlers once,
      > and to do that before allocating wasm memory or generating code.
      >
      > R=ahaas@chromium.org
      >
      > Bug: v8:11017
      > Change-Id: Ib2256bb8435efd914c12769cedd4a0051052aeef
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494935
      > Reviewed-by: Andreas Haas <ahaas@chromium.org>
      > Commit-Queue: Clemens Backes <clemensb@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70750}
      
      Bug: v8:11017
      Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
      Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
      Change-Id: I24299c433ffa3ce31e2aac12134dc03f30609da2
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498683
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70761}
      15efe5a6
    • Leszek Swirski's avatar
      Revert "[wasm] Disallow late enabling of trap handlers" · 165467c4
      Leszek Swirski authored
      This reverts commit bcb0a7c5.
      
      Reason for revert: TSAN failure (https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/33868)
      
      Original change's description:
      > [wasm] Disallow late enabling of trap handlers
      >
      > It's dangerous if trap handlers are enabled after we already used the
      > information whether they are enabled or not.
      > This CL checks for such misbehaviour by remembering whether
      > {IsTrapHandlerEnabled} was already called, and disallowing
      > {EnableTrapHandler} afterwards. Also, calling {EnableTrapHandler}
      > multiple times is disallowed now.
      >
      > The trap handler tests are changed to only enable trap handlers once,
      > and to do that before allocating wasm memory or generating code.
      >
      > R=​ahaas@chromium.org
      >
      > Bug: v8:11017
      > Change-Id: Ib2256bb8435efd914c12769cedd4a0051052aeef
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494935
      > Reviewed-by: Andreas Haas <ahaas@chromium.org>
      > Commit-Queue: Clemens Backes <clemensb@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70750}
      
      TBR=ahaas@chromium.org,clemensb@chromium.org
      
      Change-Id: I1d93dcb399e2a0b5b0543aa60d34087317c01cb3
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:11017
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497176Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70751}
      165467c4
    • Clemens Backes's avatar
      [wasm] Disallow late enabling of trap handlers · bcb0a7c5
      Clemens Backes authored
      It's dangerous if trap handlers are enabled after we already used the
      information whether they are enabled or not.
      This CL checks for such misbehaviour by remembering whether
      {IsTrapHandlerEnabled} was already called, and disallowing
      {EnableTrapHandler} afterwards. Also, calling {EnableTrapHandler}
      multiple times is disallowed now.
      
      The trap handler tests are changed to only enable trap handlers once,
      and to do that before allocating wasm memory or generating code.
      
      R=ahaas@chromium.org
      
      Bug: v8:11017
      Change-Id: Ib2256bb8435efd914c12769cedd4a0051052aeef
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494935Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70750}
      bcb0a7c5
  7. 23 Oct, 2020 1 commit
    • Clemens Backes's avatar
      [wasm] Reduce memory reservation without trap handlers · d5720c74
      Clemens Backes authored
      If trap handlers are disabled, we don't need guard regions around wasm
      memories. Hence use the dynamic {trap_handler::IsTrapHandlerEnabled()}
      check, instead of always reserving guard regions on all 64-bit
      platforms.
      This will allow to reserve pretty much arbitrarily many wasm memories if
      trap handlers are disabled.
      
      Two tests are added to test the number of memories that can be
      allocated: With trap handlers, at least 50 memories should always be
      possible. Without trap handlers, 10000 small memories should not be a
      problem (each one is taking 64kB, so it's 640MB overall).
      
      Drive-by: Improve tracing.
      
      R=ahaas@chromium.org
      
      Bug: v8:11017
      Change-Id: Ic4c620f63dfbef571e64df0b3372b83a1db566ab
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491034Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70732}
      d5720c74
  8. 05 Dec, 2019 1 commit
  9. 14 Nov, 2019 1 commit
  10. 08 Nov, 2019 1 commit
  11. 01 Oct, 2019 1 commit
  12. 09 Sep, 2019 1 commit
    • Ulan Degenbaev's avatar
      Reland x6 [arraybuffer] Rearchitect backing store ownership · b6b7de0d
      Ulan Degenbaev authored
      This reverts commit 9da34831
      
      Original change's description:
      > "Reland x4 [arraybuffer] Rearchitect backing store ownership"
      >
      > This is a reland of bc33f5ae
      >
      > Contributed by titzer@chromium.org
      >
      > Original change's description:
      > > [arraybuffer] Rearchitect backing store ownership
      > >
      > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > >
      > > Overall, lifetime management is simpler and more explicit. The numerous
      > > ways that array buffers were initialized have been streamlined to one
      > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > and the construction and destruction of the BackingStore object itself
      > > handles the underlying page or embedder-allocated memory.
      > >
      > > The embedder API remains unchanged for now. We use the
      > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > keep the backing store alive properly, even in the case of aliases
      > > from live heap objects. Thus the embedder has a lower chance of making
      > > a mistake. Long-term, we should move the embedder to a model where they
      > > manage backing stores using shared_ptr to an opaque backing store object.
      >
      > TBR=yangguo@chromium.org
      >
      > BUG=v8:9380,v8:9221,chromium:986318
      >
      > Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
      > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      
      > Cr-Commit-Position: refs/heads/master@{#63041}
      
      TBR=yangguo@chromium.org
      
      Change-Id: I3cc4bb80081c662b1751234bc16a821c20e744be
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792166
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63617}
      b6b7de0d
  13. 30 Aug, 2019 1 commit
    • Ulan Degenbaev's avatar
      Revert "Reland x5 [arraybuffer] Rearchitect backing store ownership" · 9da34831
      Ulan Degenbaev authored
      This reverts commit 62e16830.
      
      Reason for revert: it will be relanded after branch
      
      Original change's description:
      > Reland x5 [arraybuffer] Rearchitect backing store ownership
      > 
      > This reverts commit 8fdb2387.
      > 
      > Original change's description:
      > > "Reland x4 [arraybuffer] Rearchitect backing store ownership"
      > >
      > > This is a reland of bc33f5ae
      > >
      > > Contributed by titzer@chromium.org
      > >
      > > Original change's description:
      > > > [arraybuffer] Rearchitect backing store ownership
      > > >
      > > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > > >
      > > > Overall, lifetime management is simpler and more explicit. The numerous
      > > > ways that array buffers were initialized have been streamlined to one
      > > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > > and the construction and destruction of the BackingStore object itself
      > > > handles the underlying page or embedder-allocated memory.
      > > >
      > > > The embedder API remains unchanged for now. We use the
      > > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > > keep the backing store alive properly, even in the case of aliases
      > > > from live heap objects. Thus the embedder has a lower chance of making
      > > > a mistake. Long-term, we should move the embedder to a model where they
      > > > manage backing stores using shared_ptr to an opaque backing store object.
      > >
      > > TBR=yangguo@chromium.org
      > >
      > > BUG=v8:9380,v8:9221,chromium:986318
      > >
      > > Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
      > > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > > Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
      > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#63041}
      > 
      > TBR=yangguo@chromium.org,clemensh@chromium.org,mstarzinger@chromium.org
      > 
      > Change-Id: Iba55c7ab71e5642b5cb6aeb699d6fc9cf9061486
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1771795
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#63461}
      
      TBR=ulan@chromium.org,mlippautz@chromium.org
      
      Change-Id: Id8f67a68ab398032eb2975b1b24ee125394d9c4b
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1776095Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63471}
      9da34831
  14. 29 Aug, 2019 1 commit
    • Ulan Degenbaev's avatar
      Reland x5 [arraybuffer] Rearchitect backing store ownership · 62e16830
      Ulan Degenbaev authored
      This reverts commit 8fdb2387.
      
      Original change's description:
      > "Reland x4 [arraybuffer] Rearchitect backing store ownership"
      >
      > This is a reland of bc33f5ae
      >
      > Contributed by titzer@chromium.org
      >
      > Original change's description:
      > > [arraybuffer] Rearchitect backing store ownership
      > >
      > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > >
      > > Overall, lifetime management is simpler and more explicit. The numerous
      > > ways that array buffers were initialized have been streamlined to one
      > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > and the construction and destruction of the BackingStore object itself
      > > handles the underlying page or embedder-allocated memory.
      > >
      > > The embedder API remains unchanged for now. We use the
      > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > keep the backing store alive properly, even in the case of aliases
      > > from live heap objects. Thus the embedder has a lower chance of making
      > > a mistake. Long-term, we should move the embedder to a model where they
      > > manage backing stores using shared_ptr to an opaque backing store object.
      >
      > TBR=yangguo@chromium.org
      >
      > BUG=v8:9380,v8:9221,chromium:986318
      >
      > Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
      > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#63041}
      
      TBR=yangguo@chromium.org,clemensh@chromium.org,mstarzinger@chromium.org
      
      Change-Id: Iba55c7ab71e5642b5cb6aeb699d6fc9cf9061486
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1771795Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63461}
      62e16830
  15. 05 Aug, 2019 1 commit
    • Ulan Degenbaev's avatar
      Revert ""Reland x4 [arraybuffer] Rearchitect backing store ownership"" · 8fdb2387
      Ulan Degenbaev authored
      This reverts commit 5611f70b.
      
      Reason for revert: flaky tests: v8:9588, v8:9587
      
      Original change's description:
      > "Reland x4 [arraybuffer] Rearchitect backing store ownership"
      > 
      > This is a reland of bc33f5ae
      > 
      > Contributed by titzer@chromium.org
      > 
      > Original change's description:
      > > [arraybuffer] Rearchitect backing store ownership
      > >
      > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > >
      > > Overall, lifetime management is simpler and more explicit. The numerous
      > > ways that array buffers were initialized have been streamlined to one
      > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > and the construction and destruction of the BackingStore object itself
      > > handles the underlying page or embedder-allocated memory.
      > >
      > > The embedder API remains unchanged for now. We use the
      > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > keep the backing store alive properly, even in the case of aliases
      > > from live heap objects. Thus the embedder has a lower chance of making
      > > a mistake. Long-term, we should move the embedder to a model where they
      > > manage backing stores using shared_ptr to an opaque backing store object.
      > 
      > TBR=yangguo@chromium.org
      > 
      > BUG=v8:9380,v8:9221,chromium:986318
      > 
      > Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
      > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#63041}
      
      TBR=ulan@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,clemensh@chromium.org
      
      # Not skipping CQ checks because original CL landed > 1 day ago.
      
      Bug: v8:9380, v8:9221, chromium:986318
      Change-Id: Ic7381239f4e90d0c437b7e47a5ac6e8bce60f882
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1736747Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63081}
      8fdb2387
  16. 02 Aug, 2019 1 commit
    • Ulan Degenbaev's avatar
      "Reland x4 [arraybuffer] Rearchitect backing store ownership" · 5611f70b
      Ulan Degenbaev authored
      This is a reland of bc33f5ae
      
      Contributed by titzer@chromium.org
      
      Original change's description:
      > [arraybuffer] Rearchitect backing store ownership
      >
      > This CL completely rearchitects the ownership of array buffer backing stores,
      > consolidating ownership into a {BackingStore} C++ object that is tracked
      > throughout V8 using unique_ptr and shared_ptr where appropriate.
      >
      > Overall, lifetime management is simpler and more explicit. The numerous
      > ways that array buffers were initialized have been streamlined to one
      > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > and the construction and destruction of the BackingStore object itself
      > handles the underlying page or embedder-allocated memory.
      >
      > The embedder API remains unchanged for now. We use the
      > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > keep the backing store alive properly, even in the case of aliases
      > from live heap objects. Thus the embedder has a lower chance of making
      > a mistake. Long-term, we should move the embedder to a model where they
      > manage backing stores using shared_ptr to an opaque backing store object.
      
      TBR=yangguo@chromium.org
      
      BUG=v8:9380,v8:9221,chromium:986318
      
      Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63041}
      5611f70b
  17. 31 Jul, 2019 2 commits
    • Francis McCabe's avatar
      Revert ""Reland x3 [arraybuffer] Rearchitect backing store ownership"" · 195679de
      Francis McCabe authored
      This reverts commit df8e6177.
      
      Reason for revert: Multiple flakes in apparently related areas:
      
      https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8906409837768155568/+/steps/Check__flakes_/0/logs/BackingStoreTest.RacyGrowWasmMem.../0
      
      Original change's description:
      > "Reland x3 [arraybuffer] Rearchitect backing store ownership"
      > 
      > This is a reland of bc33f5ae
      > 
      > Original change's description:
      > > [arraybuffer] Rearchitect backing store ownership
      > >
      > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > >
      > > Overall, lifetime management is simpler and more explicit. The numerous
      > > ways that array buffers were initialized have been streamlined to one
      > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > and the construction and destruction of the BackingStore object itself
      > > handles the underlying page or embedder-allocated memory.
      > >
      > > The embedder API remains unchanged for now. We use the
      > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > keep the backing store alive properly, even in the case of aliases
      > > from live heap objects. Thus the embedder has a lower chance of making
      > > a mistake. Long-term, we should move the embedder to a model where they
      > > manage backing stores using shared_ptr to an opaque backing store object.
      > 
      > R=​mlippautz@chromium.org
      > BUG=v8:9380,v8:9221,chromium:986318
      > TBR=ulan@chromium.org
      > 
      > Change-Id: I6c49e2425029b5664ef1c68dab8b5146f4ed0ff2
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1719191
      > Reviewed-by: Ben Titzer <titzer@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Commit-Queue: Ben Titzer <titzer@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#63007}
      
      TBR=mstarzinger@chromium.org,titzer@chromium.org,mlippautz@chromium.org
      
      Change-Id: If0266e5893b1325a332d5986337fa7ece2cb6943
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:9380, v8:9221, chromium:986318
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1729549Reviewed-by: 's avatarFrancis McCabe <fgm@chromium.org>
      Commit-Queue: Francis McCabe <fgm@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63011}
      195679de
    • Ben L. Titzer's avatar
      "Reland x3 [arraybuffer] Rearchitect backing store ownership" · df8e6177
      Ben L. Titzer authored
      This is a reland of bc33f5ae
      
      Original change's description:
      > [arraybuffer] Rearchitect backing store ownership
      >
      > This CL completely rearchitects the ownership of array buffer backing stores,
      > consolidating ownership into a {BackingStore} C++ object that is tracked
      > throughout V8 using unique_ptr and shared_ptr where appropriate.
      >
      > Overall, lifetime management is simpler and more explicit. The numerous
      > ways that array buffers were initialized have been streamlined to one
      > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > and the construction and destruction of the BackingStore object itself
      > handles the underlying page or embedder-allocated memory.
      >
      > The embedder API remains unchanged for now. We use the
      > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > keep the backing store alive properly, even in the case of aliases
      > from live heap objects. Thus the embedder has a lower chance of making
      > a mistake. Long-term, we should move the embedder to a model where they
      > manage backing stores using shared_ptr to an opaque backing store object.
      
      R=mlippautz@chromium.org
      BUG=v8:9380,v8:9221,chromium:986318
      TBR=ulan@chromium.org
      
      Change-Id: I6c49e2425029b5664ef1c68dab8b5146f4ed0ff2
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1719191Reviewed-by: 's avatarBen Titzer <titzer@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Commit-Queue: Ben Titzer <titzer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63007}
      df8e6177
  18. 30 Jul, 2019 1 commit
  19. 23 Jul, 2019 1 commit
  20. 22 Jul, 2019 1 commit
    • Ben L. Titzer's avatar
      Reland "Reland "[arraybuffer] Rearchitect backing store ownership"" · 306cf403
      Ben L. Titzer authored
      This is a reland of bc33f5ae
      
      Original change's description:
      > Reland "[arraybuffer] Rearchitect backing store ownership"
      > 
      > This is a reland of 31cd5d83
      > 
      > Original change's description:
      > > [arraybuffer] Rearchitect backing store ownership
      > > 
      > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > > 
      > > Overall, lifetime management is simpler and more explicit. The numerous
      > > ways that array buffers were initialized have been streamlined to one
      > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > and the construction and destruction of the BackingStore object itself
      > > handles the underlying page or embedder-allocated memory.
      > > 
      > > The embedder API remains unchanged for now. We use the
      > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > keep the backing store alive properly, even in the case of aliases
      > > from live heap objects. Thus the embedder has a lower chance of making
      > > a mistake. Long-term, we should move the embedder to a model where they
      > > manage backing stores using shared_ptr to an opaque backing store object.
      > > 
      > > R=mlippautz@chromium.org
      > > BUG=v8:9380,v8:9221
      > > 
      > > Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
      > > Commit-Queue: Ben Titzer <titzer@chromium.org>
      > > Reviewed-by: Ben Titzer <titzer@chromium.org>
      > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
      > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#62572}
      > 
      > Bug: v8:9380, v8:9221
      > Change-Id: If3f72967a8ebeb067c0edcfc16ed631e36829dbc
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691906
      > Commit-Queue: Ben Titzer <titzer@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#62809}
      
      Bug: v8:9380, v8:9221
      Change-Id: I9a2525753ae2424108d074fa81df5f25d945c824
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1709409
      Commit-Queue: Ben Titzer <titzer@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#62847}
      306cf403
  21. 18 Jul, 2019 2 commits
    • Clemens Hammacher's avatar
      Revert "Reland "[arraybuffer] Rearchitect backing store ownership"" · 6e0473f3
      Clemens Hammacher authored
      This reverts commit bc33f5ae.
      
      Reason for revert: Still failing (OOM on win32): https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/22210
      
      Original change's description:
      > Reland "[arraybuffer] Rearchitect backing store ownership"
      > 
      > This is a reland of 31cd5d83
      > 
      > Original change's description:
      > > [arraybuffer] Rearchitect backing store ownership
      > > 
      > > This CL completely rearchitects the ownership of array buffer backing stores,
      > > consolidating ownership into a {BackingStore} C++ object that is tracked
      > > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > > 
      > > Overall, lifetime management is simpler and more explicit. The numerous
      > > ways that array buffers were initialized have been streamlined to one
      > > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > > and the construction and destruction of the BackingStore object itself
      > > handles the underlying page or embedder-allocated memory.
      > > 
      > > The embedder API remains unchanged for now. We use the
      > > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > > keep the backing store alive properly, even in the case of aliases
      > > from live heap objects. Thus the embedder has a lower chance of making
      > > a mistake. Long-term, we should move the embedder to a model where they
      > > manage backing stores using shared_ptr to an opaque backing store object.
      > > 
      > > R=mlippautz@chromium.org
      > > BUG=v8:9380,v8:9221
      > > 
      > > Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
      > > Commit-Queue: Ben Titzer <titzer@chromium.org>
      > > Reviewed-by: Ben Titzer <titzer@chromium.org>
      > > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
      > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#62572}
      > 
      > Bug: v8:9380, v8:9221
      > Change-Id: If3f72967a8ebeb067c0edcfc16ed631e36829dbc
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691906
      > Commit-Queue: Ben Titzer <titzer@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#62809}
      
      TBR=ulan@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,titzer@chromium.org,gdeepti@chromium.org,mlippautz@chromium.org
      
      Change-Id: Iea755df9aaa1e95d284135bd0a6681b1340b6832
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:9380, v8:9221
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1708487Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#62811}
      6e0473f3
    • Ben L. Titzer's avatar
      Reland "[arraybuffer] Rearchitect backing store ownership" · bc33f5ae
      Ben L. Titzer authored
      This is a reland of 31cd5d83
      
      Original change's description:
      > [arraybuffer] Rearchitect backing store ownership
      > 
      > This CL completely rearchitects the ownership of array buffer backing stores,
      > consolidating ownership into a {BackingStore} C++ object that is tracked
      > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > 
      > Overall, lifetime management is simpler and more explicit. The numerous
      > ways that array buffers were initialized have been streamlined to one
      > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > and the construction and destruction of the BackingStore object itself
      > handles the underlying page or embedder-allocated memory.
      > 
      > The embedder API remains unchanged for now. We use the
      > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > keep the backing store alive properly, even in the case of aliases
      > from live heap objects. Thus the embedder has a lower chance of making
      > a mistake. Long-term, we should move the embedder to a model where they
      > manage backing stores using shared_ptr to an opaque backing store object.
      > 
      > R=mlippautz@chromium.org
      > BUG=v8:9380,v8:9221
      > 
      > Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
      > Commit-Queue: Ben Titzer <titzer@chromium.org>
      > Reviewed-by: Ben Titzer <titzer@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#62572}
      
      Bug: v8:9380, v8:9221
      Change-Id: If3f72967a8ebeb067c0edcfc16ed631e36829dbc
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691906
      Commit-Queue: Ben Titzer <titzer@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarDeepti Gandluri <gdeepti@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#62809}
      bc33f5ae
  22. 08 Jul, 2019 2 commits
    • Clemens Hammacher's avatar
      Revert "[arraybuffer] Rearchitect backing store ownership" · bf92fbf4
      Clemens Hammacher authored
      This reverts commit 31cd5d83.
      
      Reason for revert: It breaks my heart to revert this, but it fails differently on several bots, e.g. https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/26671.
      
      Original change's description:
      > [arraybuffer] Rearchitect backing store ownership
      > 
      > This CL completely rearchitects the ownership of array buffer backing stores,
      > consolidating ownership into a {BackingStore} C++ object that is tracked
      > throughout V8 using unique_ptr and shared_ptr where appropriate.
      > 
      > Overall, lifetime management is simpler and more explicit. The numerous
      > ways that array buffers were initialized have been streamlined to one
      > Attach() method on JSArrayBuffer. The array buffer tracker in the
      > GC implementation now manages std::shared_ptr<BackingStore> pointers,
      > and the construction and destruction of the BackingStore object itself
      > handles the underlying page or embedder-allocated memory.
      > 
      > The embedder API remains unchanged for now. We use the
      > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      > keep the backing store alive properly, even in the case of aliases
      > from live heap objects. Thus the embedder has a lower chance of making
      > a mistake. Long-term, we should move the embedder to a model where they
      > manage backing stores using shared_ptr to an opaque backing store object.
      > 
      > R=​mlippautz@chromium.org
      > BUG=v8:9380,v8:9221
      > 
      > Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
      > Commit-Queue: Ben Titzer <titzer@chromium.org>
      > Reviewed-by: Ben Titzer <titzer@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#62572}
      
      TBR=ulan@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,titzer@chromium.org,gdeepti@chromium.org,mlippautz@chromium.org
      
      Change-Id: Ib35788ba8c31192d90cbc72df3dbc41030f109de
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:9380, v8:9221
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691034Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#62578}
      bf92fbf4
    • Ben L. Titzer's avatar
      [arraybuffer] Rearchitect backing store ownership · 31cd5d83
      Ben L. Titzer authored
      This CL completely rearchitects the ownership of array buffer backing stores,
      consolidating ownership into a {BackingStore} C++ object that is tracked
      throughout V8 using unique_ptr and shared_ptr where appropriate.
      
      Overall, lifetime management is simpler and more explicit. The numerous
      ways that array buffers were initialized have been streamlined to one
      Attach() method on JSArrayBuffer. The array buffer tracker in the
      GC implementation now manages std::shared_ptr<BackingStore> pointers,
      and the construction and destruction of the BackingStore object itself
      handles the underlying page or embedder-allocated memory.
      
      The embedder API remains unchanged for now. We use the
      v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
      keep the backing store alive properly, even in the case of aliases
      from live heap objects. Thus the embedder has a lower chance of making
      a mistake. Long-term, we should move the embedder to a model where they
      manage backing stores using shared_ptr to an opaque backing store object.
      
      R=mlippautz@chromium.org
      BUG=v8:9380,v8:9221
      
      Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
      Commit-Queue: Ben Titzer <titzer@chromium.org>
      Reviewed-by: 's avatarBen Titzer <titzer@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Reviewed-by: 's avatarDeepti Gandluri <gdeepti@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#62572}
      31cd5d83
  23. 23 May, 2019 1 commit
  24. 22 May, 2019 1 commit
  25. 21 May, 2019 1 commit
  26. 15 Apr, 2019 1 commit
  27. 18 Feb, 2019 1 commit
  28. 17 Jan, 2019 1 commit
  29. 05 Dec, 2018 1 commit
    • Andreas Haas's avatar
      [wasm] Load thread-in-wasm flag from the isolate · 148ef606
      Andreas Haas authored
      The existing implementation embedded an isolate-specific pointer to the
      thread-in-wasm flag in the wrapper code. However, when the module code
      is shared among multiple workers, this can mean that the workers
      share the same thread-in-wasm flag.
      
      With this change we load the pointer to the flag at runtime from the
      current isolate. Thereby the correct flag is used even when the same
      code is executed on different workers.
      
      Note that we could access the right flag address by going through the
      root register. However, changing the code generation to use the root
      register requires some inconvenient steps:
      * Pass the isolate to the pipeline again, which we don't want.
      * Change the WasmCallDescriptor to allow the use of the root register
        for wrappers but not for other code.
      To avoid these issues, and allow the CL to be easy to merge back, we
      got for the changes proposed here.
      
      R=mstarzinger@chromium.org, ishell@chromium.org
      
      Bug: v8:8533
      Change-Id: If15565a7ad7cba835cfc1628e7a4d3fdef90a5c0
      Reviewed-on: https://chromium-review.googlesource.com/c/1358518
      Commit-Queue: Andreas Haas <ahaas@chromium.org>
      Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#58044}
      148ef606
  30. 29 Nov, 2018 1 commit
    • Andreas Haas's avatar
      Reland: [wasm] Add more unit tests for trap handler · 3d2bc5d0
      Andreas Haas authored
      The problem were missing V8_EXPORT_PRIVATE and V8_EXPORT.
      
      The unittests test if the trap handler only handles those traps it
      is supposed to handle:
      * Only handle traps when the thread-in-wasm flag is set.
      * Only handle traps of the right type, i.e. memory access violations.
      * Only handle traps at recorded instructions.
      
      The tests also test the consistency of the thread-in-wasm flag. I made
      one change in the trap handler where that consistency could be
      violated.
      
      All tests are executed with the default trap handler provided by V8,
      and with the trap handler callback installed in a test signal/exception
      handler.
      
      Patchset 1 is the original CL.
      
      R=mstarzinger@chromium.org
      
      Change-Id: I172d94f24cdba4c3a1f7f344825b059dbb59da79
      Reviewed-on: https://chromium-review.googlesource.com/c/1351024Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Commit-Queue: Andreas Haas <ahaas@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#57947}
      3d2bc5d0
  31. 27 Nov, 2018 2 commits
    • Clemens Hammacher's avatar
      Revert "[wasm] Add more unit tests for trap handler" · 2fd07376
      Clemens Hammacher authored
      This reverts commit 4644b32e.
      
      Reason for revert: Link errors on win64: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win64%20-%20debug/25950
      
      Original change's description:
      > [wasm] Add more unit tests for trap handler
      > 
      > The unittests test if the trap handler only handles those traps it
      > is supposed to handle:
      > * Only handle traps when the thread-in-wasm flag is set.
      > * Only handle traps of the right type, i.e. memory access violations.
      > * Only handle traps at recorded instructions.
      > 
      > The tests also test the consistency of the thread-in-wasm flag. I made
      > one change in the trap handler where that consistency could be
      > violated.
      > 
      > All tests are executed with the default trap handler provided by V8,
      > and with the trap handler callback installed in a test signal/exception
      > handler.
      > 
      > Change-Id: I03904bb6effd2e8694d3f4d1fbf62bc38002646e
      > Reviewed-on: https://chromium-review.googlesource.com/c/1340246
      > Commit-Queue: Andreas Haas <ahaas@chromium.org>
      > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#57858}
      
      TBR=mstarzinger@chromium.org,ahaas@chromium.org,mark@chromium.org
      
      Change-Id: Iac2f20c73744226885ea1810813863a21c5faf8c
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Reviewed-on: https://chromium-review.googlesource.com/c/1351021Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#57861}
      2fd07376
    • Andreas Haas's avatar
      [wasm] Add more unit tests for trap handler · 4644b32e
      Andreas Haas authored
      The unittests test if the trap handler only handles those traps it
      is supposed to handle:
      * Only handle traps when the thread-in-wasm flag is set.
      * Only handle traps of the right type, i.e. memory access violations.
      * Only handle traps at recorded instructions.
      
      The tests also test the consistency of the thread-in-wasm flag. I made
      one change in the trap handler where that consistency could be
      violated.
      
      All tests are executed with the default trap handler provided by V8,
      and with the trap handler callback installed in a test signal/exception
      handler.
      
      Change-Id: I03904bb6effd2e8694d3f4d1fbf62bc38002646e
      Reviewed-on: https://chromium-review.googlesource.com/c/1340246
      Commit-Queue: Andreas Haas <ahaas@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#57858}
      4644b32e