1. 16 Apr, 2021 1 commit
  2. 11 Nov, 2020 1 commit
  3. 29 Oct, 2020 1 commit
  4. 28 Oct, 2020 2 commits
  5. 12 Oct, 2020 1 commit
    • Anna Henningsen's avatar
      [heap-profiler] Fix crash when a snapshot deleted while taking one · 3176bfd4
      Anna Henningsen authored
      Fix a crash/hang that occurred when deleting a snapshot during the
      GC that is part of taking another one.
      
      Specifically, when deleting the only other snapshot in such
      a situation, the `v8::HeapSnapshot::Delete()` method sees that there
      is only one (complete) snapshot at that point, and decides that it is
      okay to perform “delete all snapshots” instead of just deleting
      the requested one. That resets the internal string lookup table
      of the heap profiler, but the new snapshot that is currently in
      progress still holds references to the old string lookup table,
      leading to a use-after-free segfault or infinite loop.
      
      Fix this by guarding against resetting the string table while
      another heap snapshot is being taken, and add a test that would
      crash before this fix.
      
      This can be triggered in Node.js by repeatedly calling
      `v8.getHeapSnapshot()`, which provides heap snapshots as weakly
      held host objects.
      
      Change-Id: If9ac3728bf79114000982f1e7bb05e8034299e3c
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2464823Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70445}
      3176bfd4
  6. 18 Dec, 2019 1 commit
  7. 09 Aug, 2019 1 commit
  8. 24 May, 2019 1 commit
  9. 24 Jan, 2019 1 commit
  10. 17 Dec, 2018 1 commit
  11. 30 Oct, 2018 1 commit
  12. 17 Sep, 2018 1 commit
  13. 30 Jul, 2018 1 commit
  14. 06 Jun, 2018 1 commit
  15. 05 Apr, 2018 1 commit
    • Alexey Kozyatinskiy's avatar
      Reland "[debug] introduced runtime side effect check" · 71018812
      Alexey Kozyatinskiy authored
      This is a reland of 7a2c3713
      
      Original change's description:
      > [debug] introduced runtime side effect check
      > 
      > This CL demonstrates minimum valuable addition to existing debug evaluate
      > without side effects mechanism.
      > With this CL user can evaluate expressions like:
      > [a,b] // create any kind of temporary array literals
      > [a,b].reduce((x,y) => x + y, 0); // use reduce method
      > [1,2,3].fill(2); // change temporary arrays
      > 
      > The core idea: any change of the object created during evaluation without
      > side effects is side effect free. As soon as we try to store this temporary
      > object to object existed before evaluation we will terminate execution.
      > 
      > Implementation:
      > - track all objects allocated during evaluation and mark them as temporary,
      > - patch all bytecodes which change objects.
      > 
      > A little more details (including performance analysis): [1].
      > 
      > [1] https://docs.google.com/document/d/10qqAtZADspPnpYa6SEdYRxrddfKIZJIzbLtGpsZQkRo/edit#
      > 
      > Bug: v8:7588
      > Change-Id: I69f7b96e1ebd7ad0022219e8213211c7be72a111
      > Reviewed-on: https://chromium-review.googlesource.com/972615
      > Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#52370}
      
      Bug: v8:7588
      Change-Id: Ibc92bf19155f2ddaedae39b0c576b994e84afcf8
      Reviewed-on: https://chromium-review.googlesource.com/996760Reviewed-by: 's avatarAleksey Kozyatinskiy <kozyatinskiy@chromium.org>
      Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52373}
      71018812
  16. 04 Apr, 2018 2 commits
    • Aleksey Kozyatinskiy's avatar
      Revert "[debug] introduced runtime side effect check" · 539a2443
      Aleksey Kozyatinskiy authored
      This reverts commit 7a2c3713.
      
      Reason for revert: msan is broken
      
      Original change's description:
      > [debug] introduced runtime side effect check
      > 
      > This CL demonstrates minimum valuable addition to existing debug evaluate
      > without side effects mechanism.
      > With this CL user can evaluate expressions like:
      > [a,b] // create any kind of temporary array literals
      > [a,b].reduce((x,y) => x + y, 0); // use reduce method
      > [1,2,3].fill(2); // change temporary arrays
      > 
      > The core idea: any change of the object created during evaluation without
      > side effects is side effect free. As soon as we try to store this temporary
      > object to object existed before evaluation we will terminate execution.
      > 
      > Implementation:
      > - track all objects allocated during evaluation and mark them as temporary,
      > - patch all bytecodes which change objects.
      > 
      > A little more details (including performance analysis): [1].
      > 
      > [1] https://docs.google.com/document/d/10qqAtZADspPnpYa6SEdYRxrddfKIZJIzbLtGpsZQkRo/edit#
      > 
      > Bug: v8:7588
      > Change-Id: I69f7b96e1ebd7ad0022219e8213211c7be72a111
      > Reviewed-on: https://chromium-review.googlesource.com/972615
      > Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#52370}
      
      TBR=ulan@chromium.org,rmcilroy@chromium.org,yangguo@chromium.org,kozyatinskiy@chromium.org,leszeks@chromium.org
      
      Change-Id: Ied1739c6308b13a4981189e0999f5912316cf456
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:7588
      Reviewed-on: https://chromium-review.googlesource.com/996135Reviewed-by: 's avatarAleksey Kozyatinskiy <kozyatinskiy@chromium.org>
      Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52371}
      539a2443
    • Alexey Kozyatinskiy's avatar
      [debug] introduced runtime side effect check · 7a2c3713
      Alexey Kozyatinskiy authored
      This CL demonstrates minimum valuable addition to existing debug evaluate
      without side effects mechanism.
      With this CL user can evaluate expressions like:
      [a,b] // create any kind of temporary array literals
      [a,b].reduce((x,y) => x + y, 0); // use reduce method
      [1,2,3].fill(2); // change temporary arrays
      
      The core idea: any change of the object created during evaluation without
      side effects is side effect free. As soon as we try to store this temporary
      object to object existed before evaluation we will terminate execution.
      
      Implementation:
      - track all objects allocated during evaluation and mark them as temporary,
      - patch all bytecodes which change objects.
      
      A little more details (including performance analysis): [1].
      
      [1] https://docs.google.com/document/d/10qqAtZADspPnpYa6SEdYRxrddfKIZJIzbLtGpsZQkRo/edit#
      
      Bug: v8:7588
      Change-Id: I69f7b96e1ebd7ad0022219e8213211c7be72a111
      Reviewed-on: https://chromium-review.googlesource.com/972615
      Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52370}
      7a2c3713
  17. 23 Feb, 2018 1 commit
  18. 08 Feb, 2018 1 commit
  19. 01 Feb, 2018 1 commit
  20. 07 Sep, 2017 1 commit
  21. 06 Sep, 2017 2 commits
  22. 21 Aug, 2017 1 commit
  23. 28 Jul, 2017 1 commit
  24. 02 Mar, 2017 1 commit
  25. 19 Jan, 2017 1 commit
  26. 25 Jul, 2016 1 commit
  27. 04 May, 2016 1 commit
  28. 13 Apr, 2016 1 commit
  29. 22 Jan, 2016 1 commit
  30. 21 Jan, 2016 2 commits
  31. 30 Nov, 2015 1 commit
  32. 30 Sep, 2015 1 commit
  33. 28 Sep, 2015 1 commit
  34. 14 Sep, 2015 1 commit
  35. 20 Aug, 2015 1 commit
  36. 12 Aug, 2015 1 commit
    • mstarzinger's avatar
      Remove inline header includes from non-inline headers (1). · 00a07bc1
      mstarzinger authored
      This tries to remove includes of "-inl.h" headers from normal ".h"
      headers, thereby reducing the chance of any cyclic dependencies and
      decreasing the average size of our compilation units.
      
      Note that this change still leaves 7 violations of that rule in the
      code. However there now is the "tools/check-inline-includes.sh" tool
      detecting such violations.
      
      R=bmeurer@chromium.org
      
      Review URL: https://codereview.chromium.org/1283033003
      
      Cr-Commit-Position: refs/heads/master@{#30125}
      00a07bc1