Skip to content

V
V8
Switch branch/tag
  1. 07 Dec, 2021 2 commits
  3. 06 Dec, 2021 3 commits
  5. 04 Dec, 2021 1 commit
    • Samuel Groß's avatar
      Introduce VirtualAddressSpace interface · a7cb30b0
      Samuel Groß authored 
      This interface is meant to eventually replace the existing
v8::PageAllocator interface. Beyond general refactoring of the
PageAllocator APIs, the new interface now supports the concept of
(contiguous) address space reservations, which previously had to be
implemented through page allocations. These reservations now make better
use of provided OS primitives on Fuchsia (VMARs) and Windows
(placeholder mappings) and can be used to back many of the cages and
virtual memory regions that V8 creates.

The new interface is not yet stable and may change at any time without
deprecating the old version first.

Bug: chromium:1218005
Change-Id: I295253c42e04cf311393c5dab9f8c06bd7451ce3
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3301475
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78235}
      a7cb30b0
  7. 03 Dec, 2021 1 commit
  9. 30 Nov, 2021 2 commits
  11. 29 Nov, 2021 1 commit
  13. 25 Nov, 2021 1 commit
  15. 19 Nov, 2021 1 commit
  17. 15 Nov, 2021 1 commit
  19. 08 Nov, 2021 1 commit
    • Jakob Gruber's avatar
      [base] Extend SmallVector for use with Zone storage · 3a858a91
      Jakob Gruber authored 
      This CL adds an Allocator to SmallVector to control how dynamic
storage is managed. The default value uses the plain old C++
std::allocator<T>, i.e. acts like malloc/free.

For use with zone memory, one can pass a ZoneAllocator as follows:

  // Allocates in zone memory.
  base::SmallVector<int, kInitialSize, ZoneAllocator<int>>
    xs(ZoneAllocator<int>(zone));

Note: this is a follow-up to crrev.com/c/3240823.

Drive-by: hide the internal `reset` function. It doesn't free the
dynamic backing store; that's a surprise and should not be exposed to
external use.

Change-Id: I1f92f184924541e2269493fb52c30f2fdec032be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257711
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77755}
      3a858a91
  21. 25 Oct, 2021 1 commit
  23. 20 Oct, 2021 1 commit
  25. 19 Oct, 2021 1 commit
  27. 14 Oct, 2021 3 commits
    • Samuel Groß's avatar
      Respect page allocator hints on Fuchsia · 6e707c95
      Samuel Groß authored 
      The virtual memory cage supports a fallback mode that attempts to obtain
memory pages within a specific virtual address range by using
PageAllocator hints. However, Prior to this CL, the default
PageAllocator on Fuchsia would ignore hints alltogether, preventing
these mechanisms from working there.

Ultimately, on Fuchsia it would probably be better to manage the virtual
memory cage purely through VMARs instead of actually creating pseudo
mappings just to reserve virtual address space as is currently done
through the PageAllocator. This will require broader changes though, so
in the meantime, sticking to the current PageAllocator API is probably
the best option.

Bug: chromium:1218005
Change-Id: I821cfbb815d81479c3b3310296302addbb9cd8f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3220340Reviewed-by: 's avatarVictor Gomes <victorgomes@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77398}
      6e707c95
    • Samuel Groß's avatar
      Make PageAllocator::DecommitPages mandatory · 7efcab88
      Samuel Groß authored 
      Besides the virtual memory cage, the DecommitPages API is also now
required for Cppgc with crrev/c/3211583.

A working implementation of this API is availabe in src/base/platform
for all supported platforms and is used by the DefaultPlatform.

Bug: chromium:1218005
Change-Id: I29765993ed54bb52de71998ae8c6295637ee4072
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3211584
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77396}
      7efcab88
    • Samuel Groß's avatar
      Implement DetermineAddressSpaceLimit() on x64 · 571eca5c
      Samuel Groß authored 
      This function tries to determine the number of virtual address bits
available on the current CPU and with that the maximum size of the
userspace address space. On x64, it can be implemented through CPUID.

The result of this function is now used in two ways: first, it limits
the maximum size of the virtual memory cage, currently to a quarter of
the address space. Second, it influences the placement of fake cages,
which are attempted to be placed into the lower half of the address
space so that they are followed by large amounts of (hopefully) unused
but addressable virtual memory in which pages can be allocated.

Bug: chromium:1218005
Change-Id: I0edc5d241d899f16dbc47492fa1534b6aaa4aa13
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3220348
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77393}
      571eca5c
  29. 13 Oct, 2021 1 commit
    • Samuel Groß's avatar
      Reland "Implement a fake virtual memory cage mechanism" · 0aaec6ed
      Samuel Groß authored 
      This is a reland of 1ea76c13

Disabled the failing test on Fuchsia until its PageAllocator
respects allocation hints.

Original change's description:
> Implement a fake virtual memory cage mechanism
>
> On operating systems where reserving virtual address space is expensive,
> notably Windows pre 8.1, it is not possible to create a proper virtual
> memory cage. In order to still be able to reference caged objects
> through offsets from the cage base on these systems, this CL introduces
> a fake cage mechanism. When the fake cage is used, most of the virtual
> memory for the cage is not actually reserved. Instead, the cage's page
> allocator simply relies on hints to the OS to obtain pages inside the
> cage. This does, however, not provide the same security benefits as a
> real cage as unrelated allocations might end up inside the cage.
>
> Bug: chromium:1218005
> Change-Id: Ie5314be23966ed0042a017917b63595481b5e7e3
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3217200
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77367}

Bug: chromium:1218005
Change-Id: I2ed95d121db164679c38085115e8fa92690c057e
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3220151Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77378}
      0aaec6ed
  31. 12 Oct, 2021 2 commits
    • Deepti Gandluri's avatar
      Revert "Implement a fake virtual memory cage mechanism" · 1a0b993d
      Deepti Gandluri authored 
      This reverts commit 1ea76c13.

Reason for revert: The unit test added fails on the Fuchsia bot https://ci.chromium.org/p/v8/builders/ci/V8%20Fuchsia/25976?

Original change's description:
> Implement a fake virtual memory cage mechanism
>
> On operating systems where reserving virtual address space is expensive,
> notably Windows pre 8.1, it is not possible to create a proper virtual
> memory cage. In order to still be able to reference caged objects
> through offsets from the cage base on these systems, this CL introduces
> a fake cage mechanism. When the fake cage is used, most of the virtual
> memory for the cage is not actually reserved. Instead, the cage's page
> allocator simply relies on hints to the OS to obtain pages inside the
> cage. This does, however, not provide the same security benefits as a
> real cage as unrelated allocations might end up inside the cage.
>
> Bug: chromium:1218005
> Change-Id: Ie5314be23966ed0042a017917b63595481b5e7e3
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3217200
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77367}

Bug: chromium:1218005
Change-Id: I541bb9656ab2a6a080c2a30d372226fcc5c95391
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3219086
Auto-Submit: Deepti Gandluri <gdeepti@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Owners-Override: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77368}
      1a0b993d
    • Samuel Groß's avatar
      Implement a fake virtual memory cage mechanism · 1ea76c13
      Samuel Groß authored 
      On operating systems where reserving virtual address space is expensive,
notably Windows pre 8.1, it is not possible to create a proper virtual
memory cage. In order to still be able to reference caged objects
through offsets from the cage base on these systems, this CL introduces
a fake cage mechanism. When the fake cage is used, most of the virtual
memory for the cage is not actually reserved. Instead, the cage's page
allocator simply relies on hints to the OS to obtain pages inside the
cage. This does, however, not provide the same security benefits as a
real cage as unrelated allocations might end up inside the cage.

Bug: chromium:1218005
Change-Id: Ie5314be23966ed0042a017917b63595481b5e7e3
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3217200
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77367}
      1ea76c13
  33. 08 Oct, 2021 1 commit
  35. 07 Oct, 2021 1 commit
    • Samuel Groß's avatar
      Add PageInitializationMode enum for the BoundedPageAllocator · 18c37d32
      Samuel Groß authored 
      Currently, when compiling with V8_VIRTUAL_MEMORY_CAGE enabled, the
behavior of the BoundedPageAllocator changes from simply making freed
pages inaccessible to decommitting them, which guarantees that they will
be zero-initialized after the next allocation. As this seems to cause
some performance regressions on Mac, this CL introduces a new enum that
specifies how the allocator should behave:
kAllocatedPagesMustBeZeroInitialized causes the pages to be decommitted
during FreePages() and ReleasePages() and thus guarantees
zero-initialization during AllocPages().
kAllocatedPagesCanBeUninitialized only causes the pages to be made
inaccessible, and so does not generally guarantee zero-initialization
for AllocPages().

Finally, this CL also removes some dead code in allocation.cc.

Bug: chromium:1257089
Change-Id: I53fa52c8913df869bee2b536efe252780d1ad893
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3208812
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77285}
      18c37d32
  37. 06 Oct, 2021 2 commits
  39. 05 Oct, 2021 1 commit
  41. 27 Sep, 2021 1 commit
  43. 24 Sep, 2021 1 commit
  45. 21 Sep, 2021 1 commit
    • Michael Lippautz's avatar
      Revert "[base] Replace base::Optional with Abseil" · d67f0606
      Michael Lippautz authored 
      This reverts commit f2e25f8a.

Reason for revert: Breaks GCC 8.4.0 compilation, see bug.

Original change's description:
> [base] Replace base::Optional with Abseil
>
> Change base::Optional to an alias of absl::optional. Eventually we
> should remove it entirely.
>
> Bug: v8:11006
> Change-Id: I687d44cc7e7cd0a49a84bcc207231eb6808eef2d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476318
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76913}

Bug: v8:11006, v8:12252
Change-Id: I8048dee676a36551d15f25a31d1e171dae00d975
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3173672
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76976}
      d67f0606
  47. 17 Sep, 2021 1 commit
  49. 15 Sep, 2021 1 commit
    • Clemens Backes's avatar
      Reland^2 "[wasm][test] Fix test expectation" · 65998631
      Clemens Backes authored 
      This is a reland of a55c82d4, now also
fixed for UBSan.

Original change's description:
> Reland "[wasm][test] Fix test expectation"
>
> This is a reland of 6f9cde1e, with
> special handling for MSan as well.
>
> Original change's description:
> > [wasm][test] Fix test expectation
> >
> > In the mprotect case, there could be one or multiple succeeding writes
> > until we finally crash. Thus do not check that we never successfully
> > write, but just check that the last printed statement is *before* a
> > write.
> >
> > R=jkummerow@chromium.org
> >
> > Bug: v8:12226
> > Change-Id: I04209691a9320a9b29dd0ec364539e062ad2dc03
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160343
> > Commit-Queue: Clemens Backes <clemensb@chromium.org>
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#76829}
>
> Bug: v8:12226
> Cq-Include-Trybots: luci.v8.try:v8_linux64_msan_rel_ng
> Change-Id: I85ca98be43fc1d933d39a4602194e1771c33007c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162037
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76839}

Bug: v8:12226
Change-Id: I911295b73a385c899a993a729db3a499e58b7cb6
Cq-Include-Trybots: luci.v8.try:v8_linux64_msan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162041Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76841}
      65998631
  51. 01 Sep, 2021 3 commits
  53. 27 Aug, 2021 1 commit
  55. 26 Aug, 2021 1 commit
    • Anton Bikineev's avatar
      cppgc: Check poisoness only on 64bit archs. · 454272df
      Anton Bikineev authored 
      On 64bit we guarantee that object alignment and sizes are multiple of
the default shadow memory granularity (8 bytes). The CL also introduces
CHECKs that the assumption holds.

Having kObjectAlignment be multiple of this granularity allows us to
check poisoness of each byte of an object. On 32bit we can not do that,
since the object alignment requirement is 4 bytes.

Bug: chromium:1241514
Change-Id: Ib19667724adaa7bc791ffa054eea618c365d65cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3118552
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76499}
      454272df
  57. 19 Aug, 2021 1 commit
  59. 17 Aug, 2021 1 commit