1. 29 Jun, 2020 1 commit
  2. 19 Jun, 2020 1 commit
    • Michael Lippautz's avatar
      Reland "cppgc: Properly clear (Weak)Peristent and WeakMember pointers" · 8bdce527
      Michael Lippautz authored
      This is a reland of e0c1a349
      
      The issue was passing SentinelPointer (== +1) through T*.
      
      The fix is disabling cfi unrelated cast diagnostic for the bottlenecks
      (Get()). This means that nullptr is treated the same as
      kSentinelPointer.
      
      The alternative would be a DCHECK that Get() does not return
      kSentinelPointer and adjusting all Member and Persistent logic that
      uses Get() to work on void*. This is quite intrusive as it involves
      Swap(), heterogeneous assignments, comparisons, etc.
      
      Original change's description:
      > cppgc: Properly clear (Weak)Peristent and WeakMember pointers
      >
      > The CL addresses two issues with (Weak)Persistent and WeakMember:
      > 1. (Weak)Persistent pointers are cleared on heap teardown. Before this
      >    CL the pointers would contain stale values which could lead to UAF.
      > 2. WeakPersistent and WeakMember are cleared using a combination of
      >    internal clearing methods and mutable fields which avoids the use
      >    of const_cast<>.
      >
      > Bug: chromium:1056170
      > Change-Id: Ibf2b0f0856771b4f6906608cde13a6d43ebf81f3
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248190
      > Reviewed-by: Omer Katz <omerkatz@chromium.org>
      > Reviewed-by: Anton Bikineev <bikineev@chromium.org>
      > Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#68394}
      
      Bug: chromium:1056170
      Change-Id: I3d74b43464c2973df1956f51b1419d755dd9f519
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250240Reviewed-by: 's avatarOmer Katz <omerkatz@chromium.org>
      Reviewed-by: 's avatarAnton Bikineev <bikineev@chromium.org>
      Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#68426}
      8bdce527
  3. 17 Jun, 2020 2 commits
  4. 10 Jun, 2020 1 commit
    • Michael Lippautz's avatar
      cppgc: Introduce AllocationHandle · 935d9151
      Michael Lippautz authored
      Unified heap support in V8 requires having another (at least internal)
      heap that implements a unfied garbage collection strategy. This will
      not re-use the already existing cppgc::Heap because there should be no
      way in creating such a heap externally or scheduling stand-alone
      garbage collections.
      
      In order to have a common token, this CL introduces AllocationHandle
      which can be passed to MakeGarbageCollected to allocate C++ objects.
      V8 (soon) and the stand-alone heap both have methods to retrieve such
      a handle.
      
      This works around a problem with creating diamond class hierarchies
      when a base class would be exposed on the public API level.
      
      Fast paths for Blink are still possible because allocation handles can
      be cached the same way (e.g. global, or TLS) as a heap can be cached.
      
      Tbr: yangguo@chromium.org
      Bug: chromium:1056170
      Change-Id: I8e9472a2c24ef82d1178953e8429b1fd8a2344bc
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238027
      Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarOmer Katz <omerkatz@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#68310}
      935d9151
  5. 08 May, 2020 1 commit
  6. 07 May, 2020 3 commits
    • Omer Katz's avatar
      Reland "cppgc: Initial marking loop" · f197fd27
      Omer Katz authored
      This reverts commit dc1af6a2.
      
      Reason for revert: Diff in patchset 2
      
      Original change's description:
      > Revert "cppgc: Initial marking loop"
      > 
      > This reverts commit fb9a19fe.
      > 
      > Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/11028
      > 
      > Original change's description:
      > > cppgc: Initial marking loop
      > > 
      > > This CL introduces:
      > > - Worklist
      > > - MarkingHandler to manage gc marking phase
      > > - Integration into CollectGarbage for atomic pause GC
      > > - MarkingVisitor for main thread marking
      > > 
      > > Still missing from this CL:
      > > - Proper handling for stack scanning
      > > - Handling of previously not fully constructed objects
      > > 
      > > Bug: chromium:1056170
      > > Change-Id: I70ac8534dfb898777cf3a06e3119cac8072174fd
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170526
      > > Commit-Queue: Omer Katz <omerkatz@chromium.org>
      > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#67642}
      > 
      > TBR=ulan@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org
      > 
      > Change-Id: I666481f44119771be685bf2555aa0dd5eda83a01
      > No-Presubmit: true
      > No-Tree-Checks: true
      > No-Try: true
      > Bug: chromium:1056170
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187502
      > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
      > Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#67643}
      
      TBR=ulan@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org,nicohartmann@chromium.org
      
      # Not skipping CQ checks because this is a reland.
      
      Bug: chromium:1056170
      Change-Id: I54e963e2aeaaf16069bdcdb019c0ac65e28ef6e2
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187733Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Omer Katz <omerkatz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#67654}
      f197fd27
    • Nico Hartmann's avatar
      Revert "cppgc: Initial marking loop" · dc1af6a2
      Nico Hartmann authored
      This reverts commit fb9a19fe.
      
      Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/11028
      
      Original change's description:
      > cppgc: Initial marking loop
      > 
      > This CL introduces:
      > - Worklist
      > - MarkingHandler to manage gc marking phase
      > - Integration into CollectGarbage for atomic pause GC
      > - MarkingVisitor for main thread marking
      > 
      > Still missing from this CL:
      > - Proper handling for stack scanning
      > - Handling of previously not fully constructed objects
      > 
      > Bug: chromium:1056170
      > Change-Id: I70ac8534dfb898777cf3a06e3119cac8072174fd
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170526
      > Commit-Queue: Omer Katz <omerkatz@chromium.org>
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#67642}
      
      TBR=ulan@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org
      
      Change-Id: I666481f44119771be685bf2555aa0dd5eda83a01
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: chromium:1056170
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187502Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
      Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#67643}
      dc1af6a2
    • Omer Katz's avatar
      cppgc: Initial marking loop · fb9a19fe
      Omer Katz authored
      This CL introduces:
      - Worklist
      - MarkingHandler to manage gc marking phase
      - Integration into CollectGarbage for atomic pause GC
      - MarkingVisitor for main thread marking
      
      Still missing from this CL:
      - Proper handling for stack scanning
      - Handling of previously not fully constructed objects
      
      Bug: chromium:1056170
      Change-Id: I70ac8534dfb898777cf3a06e3119cac8072174fd
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170526
      Commit-Queue: Omer Katz <omerkatz@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#67642}
      fb9a19fe
  7. 20 Apr, 2020 1 commit
  8. 15 Apr, 2020 1 commit