- 08 Mar, 2021 1 commit
-
-
Omer Katz authored
This CL adds missing locks to the PersistentRegions for (Weak)CrossThreadPersistents. To make sure no locks are missed in the future, this CL also splits PersistentRegion and introduces CrossThreadPersistentRegion that checks whether a lock is taken whenever it is accessed. Bug: chromium:1056170 Change-Id: Iaaef4a28af0f02bcb896706e9abf1ee5ad2ee1e1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2737299 Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#73264}
-
- 24 Feb, 2021 1 commit
-
-
Omer Katz authored
Assert that the lock is help whenever AssignUnsafe is called. LazyMutex::AssertHeld resolves to a DCHECK so this should not regress production performance (other than the call itself that might not be inlined). Bug: chromium:1056170 Change-Id: Ic2005d180e6960c24dff7743aa3e0d5e57a63d80 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2716286Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/master@{#73000}
-
- 19 Jan, 2021 1 commit
-
-
Michael Lippautz authored
Termination GCs are used to destroy remaining C++ object on the managed heap to free potential off-heap memory. This is important for gracefully shutting down workers. Drive-by: Add guard prohibiting recursive sweeping calls on the mutator thread. Bug: chromium:1056170 Change-Id: I02ea3b632d38f5beab18cc8f077cf717ed877909 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2631504 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#72155}
-
- 09 Oct, 2020 1 commit
-
-
Michael Lippautz authored
Adds a cross-thread reference for strongly and weakly retaining objects on a thread other than the thread that owns the object. The intended use of the reference is by setting it up on the originating thread, holding the object alive from another thread, and ultimately accessing the object again on the originating thread. The reference has known caveats: - It's unsafe to use when the heap may terminate; - It's unsafe to transitively reach through the graph because of compaction; Change-Id: I84fbdde69a099eb54af5b93c34e2169915b17e64 Bug: chromium:1056170 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436449 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Reviewed-by:
Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/master@{#70428}
-
- 19 Jun, 2020 1 commit
-
-
Michael Lippautz authored
This is a reland of e0c1a349 The issue was passing SentinelPointer (== +1) through T*. The fix is disabling cfi unrelated cast diagnostic for the bottlenecks (Get()). This means that nullptr is treated the same as kSentinelPointer. The alternative would be a DCHECK that Get() does not return kSentinelPointer and adjusting all Member and Persistent logic that uses Get() to work on void*. This is quite intrusive as it involves Swap(), heterogeneous assignments, comparisons, etc. Original change's description: > cppgc: Properly clear (Weak)Peristent and WeakMember pointers > > The CL addresses two issues with (Weak)Persistent and WeakMember: > 1. (Weak)Persistent pointers are cleared on heap teardown. Before this > CL the pointers would contain stale values which could lead to UAF. > 2. WeakPersistent and WeakMember are cleared using a combination of > internal clearing methods and mutable fields which avoids the use > of const_cast<>. > > Bug: chromium:1056170 > Change-Id: Ibf2b0f0856771b4f6906608cde13a6d43ebf81f3 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248190 > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Reviewed-by: Anton Bikineev <bikineev@chromium.org> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#68394} Bug: chromium:1056170 Change-Id: I3d74b43464c2973df1956f51b1419d755dd9f519 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250240Reviewed-by:
Omer Katz <omerkatz@chromium.org> Reviewed-by:
Anton Bikineev <bikineev@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68426}
-
- 17 Jun, 2020 2 commits
-
-
Zhi An Ng authored
This reverts commit e0c1a349. Reason for revert: Fails on Linux 64 cfi https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20cfi/25283? TBR=omerkatz@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,bikineev@chromium.org Change-Id: I2b208c4019979735925bff5e0551291fae6a14d6 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250320Reviewed-by:
Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#68396}
-
Michael Lippautz authored
The CL addresses two issues with (Weak)Persistent and WeakMember: 1. (Weak)Persistent pointers are cleared on heap teardown. Before this CL the pointers would contain stale values which could lead to UAF. 2. WeakPersistent and WeakMember are cleared using a combination of internal clearing methods and mutable fields which avoids the use of const_cast<>. Bug: chromium:1056170 Change-Id: Ibf2b0f0856771b4f6906608cde13a6d43ebf81f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248190Reviewed-by:
Omer Katz <omerkatz@chromium.org> Reviewed-by:
Anton Bikineev <bikineev@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#68394}
-
- 15 Apr, 2020 1 commit
-
-
Anton Bikineev authored
CrossThreadPersistent and friends are the followup. Bug: chromium:1056170 Change-Id: Ide910062d80952da73b922398c281162b1861f47 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144957 Commit-Queue: Anton Bikineev <bikineev@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#67153}
-