1. 07 Oct, 2020 1 commit
  2. 05 Oct, 2020 1 commit
  3. 31 Jul, 2020 1 commit
  4. 21 Jul, 2020 1 commit
  5. 22 Jun, 2020 1 commit
  6. 05 May, 2020 1 commit
  7. 10 Mar, 2020 1 commit
  8. 03 Mar, 2020 1 commit
  9. 03 Feb, 2020 1 commit
  10. 19 Jan, 2020 1 commit
  11. 17 Jan, 2020 1 commit
  12. 16 Jan, 2020 1 commit
  13. 15 Jan, 2020 1 commit
    • Michael Lippautz's avatar
      [heap] Remove DCHECKs when clearning on-stack handles · e3b27b4a
      Michael Lippautz authored
      The DCHECKs ensured that all on-stack handles removed when the embedder
      notifies V8 of an empty stack are indeed below the current stack limit.
      
      This is brittle, as the calls that are guaranteed to have no stack
      above, e.g., non-nestable tasks executing GC, sometimes have larger
      stack depth then previously registered on-stack handles. Resetting the
      slot to avoid UAF is not possible/needed as it is guaranteed in such
      cases that the stack is indeed different from the stack that was used
      when registering an on-stack handle.
      
      This CL removes the DCHECKs and trust the embedder on such calls,
      similar to when the embedder tells V8 that there's no interesting C++
      stack on top of a call to avoid conservative stack scanning.
      
      Bug: chromium:1040038
      Change-Id: I2e8c77d8080f2d888f773984646998bede59e19c
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000753Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#65786}
      e3b27b4a
  14. 14 Jan, 2020 1 commit
  15. 05 Dec, 2019 1 commit
    • Ulan Degenbaev's avatar
      [heap] Decouple the lifetime of a TracedNode from the target object · d7160560
      Ulan Degenbaev authored
      Currently a TracedNode of a TracedReference is freed only if its target
      V8 object is unreachable. This is problematic for TracedNodes created for
      long-living (or immortal) V8 objects and leads to memory leaks.
      
      This CL adds logic for collecting unreachable TracedNodes:
      1) Each TracedNode gets a markbit. Initially the markbit is set (i.e.
         we have black allocation for TracedNodes).
      2) During marking RegisterEmbedderReference sets the markbit of the
         corresonding TracedNode.
      3) In the atomic pause of Mark-Compact when TracedNodes are iterated,
         we check the markbits and free TracedNodes with cleared markbits.
         After this processing all markbits are cleared for the next GC.
      
      Note that the new logic does not apply to TracedNode that have
      callbacks and/or destructors.
      
      Bug: chromium:1029738
      Change-Id: I38e76a8b4a84170793998988b1a7962e40874428
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948722
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarOmer Katz <omerkatz@chromium.org>
      Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#65347}
      d7160560
  16. 22 Nov, 2019 1 commit
  17. 15 Nov, 2019 1 commit
  18. 07 Oct, 2019 1 commit
    • Michael Lippautz's avatar
      [api, heap] Implement TracedReference · 36774683
      Michael Lippautz authored
      TracedGlobalTrait was unable to override v8::TracedGlobal<v8::Object> for
      avoiding the destructor because it is needed on the API surface itself and C++
      ODR which prohibits specialization after template instantiation.
      
      Avoid this problem by providing a separate type TracedReference
      that, similar to TracedGlobal, is purely traced but avoids the destructor
      completely. This only works for embedders that have their memory management
      tied to V8 as it is prone to accessing already reclaimed objects otherwise.
      
      Bug: chromium:995684
      Change-Id: Iab4332ed417b26c58638a8f9389174cc355a305b
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1840972
      Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#64150}
      36774683
  19. 29 Aug, 2019 1 commit
  20. 23 Aug, 2019 1 commit
    • Michael Lippautz's avatar
      api,heap: Avoid reaching out to embedder memory on TracedGlobal reset · 0af80a37
      Michael Lippautz authored
      Avoid clearing the memory on the embedder-side of a TracedGlobal handle.
      
      When using destructors in TracedGlobal this is safe as long as the embedder
      reports the handle on tracing GCs. If the embedder does not report a handle it
      is assumed that the containing object is dead as well.
      
      Without using destructors the same argument holds for tracing GCs. In addition,
      embedders using the optimization of clearing references on non-tracing GCs
      are expected to clear the reference in ResetHandleInNonTracingGC.
      
      It is suggested that only expert embedders make use of (a) no destructors and
      (b) IsRootForNonTracingGC.
      
      Change-Id: Ia417c0eb0860094fcaa554e7046d38abac905714
      Bug: chromium:995684
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1763539
      Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63362}
      0af80a37
  21. 05 Aug, 2019 1 commit
  22. 29 Jul, 2019 3 commits
    • Clemens Hammacher's avatar
      Reland "[utils] Make BitField final" · 0cabc6a0
      Clemens Hammacher authored
      This is a reland of 658ff200
      
      Original change's description:
      > [utils] Make BitField final
      > 
      > We have hundreds of classes that derive from {BitField} without adding
      > any functionality. This CL switches all such occurrences to 'using'
      > declarations instead.
      > 
      > Before:
      >   class MyBitField : public BitField<int, 6, 4, MyEnum> {};
      > After:
      >   using MyBitField = BitField<int, 6, 4, MyEnum>;
      > 
      > This might reduce compilation time by reducing the number of existing
      > classes.
      > 
      > The old pattern is forbidden now by making {BitField} final.
      > 
      > R=yangguo@chromium.org
      > 
      > Bug: v8:9396, v8:7629
      > Change-Id: I8a8364707e8eae0bb522af2459c160e3293eecbb
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1722565
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#62956}
      
      Bug: v8:9396, v8:7629
      Change-Id: Ic68541af9d1e8d0340691970922f282b24a9767f
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1724379Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#62959}
      0cabc6a0
    • Clemens Hammacher's avatar
      Revert "[utils] Make BitField final" · 753a07db
      Clemens Hammacher authored
      This reverts commit 658ff200.
      
      Reason for revert: Fails no-i18n bot: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20noi18n%20-%20debug/27826
      
      Original change's description:
      > [utils] Make BitField final
      > 
      > We have hundreds of classes that derive from {BitField} without adding
      > any functionality. This CL switches all such occurrences to 'using'
      > declarations instead.
      > 
      > Before:
      >   class MyBitField : public BitField<int, 6, 4, MyEnum> {};
      > After:
      >   using MyBitField = BitField<int, 6, 4, MyEnum>;
      > 
      > This might reduce compilation time by reducing the number of existing
      > classes.
      > 
      > The old pattern is forbidden now by making {BitField} final.
      > 
      > R=​yangguo@chromium.org
      > 
      > Bug: v8:9396, v8:7629
      > Change-Id: I8a8364707e8eae0bb522af2459c160e3293eecbb
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1722565
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#62956}
      
      TBR=yangguo@chromium.org,clemensh@chromium.org
      
      Change-Id: I50234a09c77aa89fdcf1e01c2497cc08d3ac79a8
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:9396, v8:7629
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1724377Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#62958}
      753a07db
    • Clemens Hammacher's avatar
      [utils] Make BitField final · 658ff200
      Clemens Hammacher authored
      We have hundreds of classes that derive from {BitField} without adding
      any functionality. This CL switches all such occurrences to 'using'
      declarations instead.
      
      Before:
        class MyBitField : public BitField<int, 6, 4, MyEnum> {};
      After:
        using MyBitField = BitField<int, 6, 4, MyEnum>;
      
      This might reduce compilation time by reducing the number of existing
      classes.
      
      The old pattern is forbidden now by making {BitField} final.
      
      R=yangguo@chromium.org
      
      Bug: v8:9396, v8:7629
      Change-Id: I8a8364707e8eae0bb522af2459c160e3293eecbb
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1722565Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#62956}
      658ff200
  23. 27 May, 2019 1 commit
    • Clemens Hammacher's avatar
      [cleanup] Replace simple typedefs by using · a335f2ae
      Clemens Hammacher authored
      This replaces all typedefs that define types and not functions by the
      equivalent "using" declaration.
      
      This was done mostly automatically using this command:
      ag -l '\btypedef\b' src test | xargs -L1 \
           perl -i -p0e 's/typedef ([^*;{}]+) (\w+);/using \2 = \1;/sg'
      
      Patchset 2 then adds some manual changes for typedefs for pointer types,
      where the regular expression did not match.
      
      R=mstarzinger@chromium.org
      TBR=yangguo@chromium.org, jarin@chromium.org
      
      Bug: v8:9183
      Change-Id: I6f6ee28d1793b7ac34a58f980b94babc21874b78
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1631409
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#61849}
      a335f2ae
  24. 24 May, 2019 1 commit
  25. 23 May, 2019 3 commits
  26. 22 May, 2019 1 commit
  27. 21 May, 2019 1 commit
  28. 17 May, 2019 1 commit
  29. 16 May, 2019 2 commits
  30. 15 May, 2019 1 commit
  31. 14 May, 2019 1 commit
  32. 24 Apr, 2019 1 commit
  33. 23 Apr, 2019 2 commits
  34. 18 Mar, 2019 1 commit