- 29 Jun, 2020 1 commit
-
-
Michael Lippautz authored
Bug: chromium:1056170 Change-Id: I24442979954f63dc8a2f8fd0494cc5d537b733a6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273131 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/master@{#68587}
-
- 19 Jun, 2020 1 commit
-
-
Michael Lippautz authored
This is a reland of e0c1a349 The issue was passing SentinelPointer (== +1) through T*. The fix is disabling cfi unrelated cast diagnostic for the bottlenecks (Get()). This means that nullptr is treated the same as kSentinelPointer. The alternative would be a DCHECK that Get() does not return kSentinelPointer and adjusting all Member and Persistent logic that uses Get() to work on void*. This is quite intrusive as it involves Swap(), heterogeneous assignments, comparisons, etc. Original change's description: > cppgc: Properly clear (Weak)Peristent and WeakMember pointers > > The CL addresses two issues with (Weak)Persistent and WeakMember: > 1. (Weak)Persistent pointers are cleared on heap teardown. Before this > CL the pointers would contain stale values which could lead to UAF. > 2. WeakPersistent and WeakMember are cleared using a combination of > internal clearing methods and mutable fields which avoids the use > of const_cast<>. > > Bug: chromium:1056170 > Change-Id: Ibf2b0f0856771b4f6906608cde13a6d43ebf81f3 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248190 > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Reviewed-by: Anton Bikineev <bikineev@chromium.org> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#68394} Bug: chromium:1056170 Change-Id: I3d74b43464c2973df1956f51b1419d755dd9f519 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250240Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68426}
-
- 17 Jun, 2020 2 commits
-
-
Zhi An Ng authored
This reverts commit e0c1a349. Reason for revert: Fails on Linux 64 cfi https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20cfi/25283? TBR=omerkatz@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,bikineev@chromium.org Change-Id: I2b208c4019979735925bff5e0551291fae6a14d6 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250320Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#68396}
-
Michael Lippautz authored
The CL addresses two issues with (Weak)Persistent and WeakMember: 1. (Weak)Persistent pointers are cleared on heap teardown. Before this CL the pointers would contain stale values which could lead to UAF. 2. WeakPersistent and WeakMember are cleared using a combination of internal clearing methods and mutable fields which avoids the use of const_cast<>. Bug: chromium:1056170 Change-Id: Ibf2b0f0856771b4f6906608cde13a6d43ebf81f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248190Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68394}
-
- 10 Jun, 2020 1 commit
-
-
Michael Lippautz authored
Unified heap support in V8 requires having another (at least internal) heap that implements a unfied garbage collection strategy. This will not re-use the already existing cppgc::Heap because there should be no way in creating such a heap externally or scheduling stand-alone garbage collections. In order to have a common token, this CL introduces AllocationHandle which can be passed to MakeGarbageCollected to allocate C++ objects. V8 (soon) and the stand-alone heap both have methods to retrieve such a handle. This works around a problem with creating diamond class hierarchies when a base class would be exposed on the public API level. Fast paths for Blink are still possible because allocation handles can be cached the same way (e.g. global, or TLS) as a heap can be cached. Tbr: yangguo@chromium.org Bug: chromium:1056170 Change-Id: I8e9472a2c24ef82d1178953e8429b1fd8a2344bc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238027 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#68310}
-
- 08 May, 2020 1 commit
-
-
Michael Lippautz authored
Adjust suffix to "-unittest" like everywhere else in V8. Accept clang-format suggested changes. Bug: chromium:1056170 Change-Id: I54c1396e79aff87c052233853d7fe560337eeecf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190410 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#67672}
-
- 07 May, 2020 3 commits
-
-
Omer Katz authored
This reverts commit dc1af6a2. Reason for revert: Diff in patchset 2 Original change's description: > Revert "cppgc: Initial marking loop" > > This reverts commit fb9a19fe. > > Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/11028 > > Original change's description: > > cppgc: Initial marking loop > > > > This CL introduces: > > - Worklist > > - MarkingHandler to manage gc marking phase > > - Integration into CollectGarbage for atomic pause GC > > - MarkingVisitor for main thread marking > > > > Still missing from this CL: > > - Proper handling for stack scanning > > - Handling of previously not fully constructed objects > > > > Bug: chromium:1056170 > > Change-Id: I70ac8534dfb898777cf3a06e3119cac8072174fd > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170526 > > Commit-Queue: Omer Katz <omerkatz@chromium.org> > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#67642} > > TBR=ulan@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org > > Change-Id: I666481f44119771be685bf2555aa0dd5eda83a01 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Bug: chromium:1056170 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187502 > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67643} TBR=ulan@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org,nicohartmann@chromium.org # Not skipping CQ checks because this is a reland. Bug: chromium:1056170 Change-Id: I54e963e2aeaaf16069bdcdb019c0ac65e28ef6e2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187733Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#67654}
-
Nico Hartmann authored
This reverts commit fb9a19fe. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/11028 Original change's description: > cppgc: Initial marking loop > > This CL introduces: > - Worklist > - MarkingHandler to manage gc marking phase > - Integration into CollectGarbage for atomic pause GC > - MarkingVisitor for main thread marking > > Still missing from this CL: > - Proper handling for stack scanning > - Handling of previously not fully constructed objects > > Bug: chromium:1056170 > Change-Id: I70ac8534dfb898777cf3a06e3119cac8072174fd > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170526 > Commit-Queue: Omer Katz <omerkatz@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#67642} TBR=ulan@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org Change-Id: I666481f44119771be685bf2555aa0dd5eda83a01 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1056170 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187502Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#67643}
-
Omer Katz authored
This CL introduces: - Worklist - MarkingHandler to manage gc marking phase - Integration into CollectGarbage for atomic pause GC - MarkingVisitor for main thread marking Still missing from this CL: - Proper handling for stack scanning - Handling of previously not fully constructed objects Bug: chromium:1056170 Change-Id: I70ac8534dfb898777cf3a06e3119cac8072174fd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170526 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#67642}
-
- 20 Apr, 2020 1 commit
-
-
Omer Katz authored
Bug: chromium:1056170 Change-Id: Ifc519559868d9c3099d309f75ba8faf2018a1578 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2154951 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#67235}
-
- 15 Apr, 2020 1 commit
-
-
Anton Bikineev authored
CrossThreadPersistent and friends are the followup. Bug: chromium:1056170 Change-Id: Ide910062d80952da73b922398c281162b1861f47 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144957 Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#67153}
-