1. 17 Dec, 2020 1 commit
  2. 08 Dec, 2020 1 commit
    • Etienne Pierre-doray's avatar
      Reland "Reland "[wasm]: Use CancelAndDetach and barrier on BackgroundCompileJob."" · fc1d6f35
      Etienne Pierre-doray authored
      This is a reland of 064ee3c8
      
      Issue 1: WasmEngine UAF when CompilationState is destroyed
      asynchronously
      Fix: Include https://chromium-review.googlesource.com/c/v8/v8/+/2565508
      in this CL. Use OperationBarrier to keep WasmEngine alive.
      
      Issue 2: In gin, JobTask lifetime is not extended beyond
      JobHandle, thus making CancelAndDetach unusable.
      This is fixed in chromium here:
      https://chromium-review.googlesource.com/c/chromium/src/+/2566724
      
      Original change's description:
      > Reland "[wasm]: Use CancelAndDetach and barrier on BackgroundCompileJob."
      >
      > Reason for revert: Data race:
      > https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/34121
      >
      > It was assume that MockPlatform runs everything on 1 thread. However,
      > MockPlatform::PostJob previously would schedule the job through
      > TestPlatform, which eventually posts concurrent tasks, thus causing
      > data race.
      > Fix: Manually calling NewDefaultJobHandle and passing the MockPlatform
      > ensures the jobs also run sequentially.
      >
      > Additional change:
      > - CancelAndDetach is now called in ~CompilationStateImpl() to make sure
      > it's called in sequence with ScheduleCompileJobForNewUnits
      >
      > Original CL description:
      > To avoid keeping around a list of job handles, CancelAndDetach() is
      > used in CancelCompilation. Dependency on WasmEngine is handled by a
      > barrier that waits on all jobs to finish.
      >
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498659
      > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Clemens Backes <clemensb@chromium.org>
      > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
      > Cr-Original-Commit-Position: refs/heads/master@{#71074}
      > Change-Id: Ie9556f7f96f6fb9a61ada0e5cbd58d4fb4a0f571
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2559137
      > Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
      > Reviewed-by: Andreas Haas <ahaas@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#71459}
      
      TBR=ulan@chromium.org
      
      Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
      Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
      Change-Id: I6175092c97fea0d5f63a97af232e2d54cccea535
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2569360
      Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
      Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#71662}
      fc1d6f35
  3. 01 Dec, 2020 1 commit
    • Etienne Pierre-Doray's avatar
      Revert "Reland "[wasm]: Use CancelAndDetach and barrier on BackgroundCompileJob."" · 393782ef
      Etienne Pierre-Doray authored
      This reverts commit 064ee3c8.
      
      Reason for revert: Causing blink_web_tests to fail on builder "WebKit Linux MSAN"
      https://bugs.chromium.org/p/chromium/issues/detail?id=1153968
      
      Original change's description:
      > Reland "[wasm]: Use CancelAndDetach and barrier on BackgroundCompileJob."
      >
      > Reason for revert: Data race:
      > https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/34121
      >
      > It was assume that MockPlatform runs everything on 1 thread. However,
      > MockPlatform::PostJob previously would schedule the job through
      > TestPlatform, which eventually posts concurrent tasks, thus causing
      > data race.
      > Fix: Manually calling NewDefaultJobHandle and passing the MockPlatform
      > ensures the jobs also run sequentially.
      >
      > Additional change:
      > - CancelAndDetach is now called in ~CompilationStateImpl() to make sure
      > it's called in sequence with ScheduleCompileJobForNewUnits
      >
      > Original CL description:
      > To avoid keeping around a list of job handles, CancelAndDetach() is
      > used in CancelCompilation. Dependency on WasmEngine is handled by a
      > barrier that waits on all jobs to finish.
      >
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498659
      > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Clemens Backes <clemensb@chromium.org>
      > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
      > Cr-Original-Commit-Position: refs/heads/master@{#71074}
      > Change-Id: Ie9556f7f96f6fb9a61ada0e5cbd58d4fb4a0f571
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2559137
      > Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
      > Reviewed-by: Andreas Haas <ahaas@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#71459}
      
      TBR=ulan@chromium.org,jkummerow@chromium.org,ahaas@chromium.org,clemensb@chromium.org,etiennep@chromium.org
      Bug: chromium:1153968, v8:11209, v8:11210, v8:11212
      
      # Not skipping CQ checks because original CL landed > 1 day ago.
      
      Change-Id: I2c8406bea81ee7cf6c5726c2fec50fffdce09611
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2566446Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#71519}
      393782ef
  4. 27 Nov, 2020 1 commit
  5. 25 Nov, 2020 1 commit
  6. 10 Nov, 2020 2 commits
  7. 21 Jul, 2020 1 commit
  8. 20 Jul, 2020 2 commits
  9. 14 Jul, 2020 2 commits
  10. 09 Feb, 2020 1 commit
    • Michael Achenbach's avatar
      Revert "[weakrefs] Schedule FinalizationGroup cleanup tasks from within V8" · 72fc962b
      Michael Achenbach authored
      This reverts commit 31d8ff7a.
      
      Reason for revert: https://crbug.com/v8/10190
      
      Original change's description:
      > [weakrefs] Schedule FinalizationGroup cleanup tasks from within V8
      > 
      > Deprecate the following explicit FinalizationGroup APIs in favor of
      > automatic handling of FinalizationGroup cleanup callbacks:
      >   - v8::Isolate::SetHostCleanupFinalizationGroupCallback
      >   - v8::FinaliationGroup::Cleanup
      > 
      > If no HostCleanupFinalizationGroupCallback is set, then
      > FinalizationGroup cleanup callbacks are automatically scheduled by V8
      > itself as non-nestable foreground tasks.
      > 
      > When a Context being disposed, all FinalizationGroups that are
      > associated with it are removed from the dirty list, cancelling
      > scheduled cleanup.
      > 
      > Bug: v8:8179
      > Change-Id: Ic09313a11dd00af36d1f698250b3d735155f45e8
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1986392
      > Commit-Queue: Shu-yu Guo <syg@chromium.org>
      > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#66184}
      
      TBR=ulan@chromium.org,rmcilroy@chromium.org,syg@chromium.org
      
      # Not skipping CQ checks because original CL landed > 1 day ago.
      
      Bug: v8:8179
      Change-Id: If7869e9a5841803c10e748691f019a7d28f3b62e
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2043807Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#66190}
      72fc962b
  11. 08 Feb, 2020 1 commit
  12. 13 Dec, 2019 1 commit
  13. 26 Sep, 2019 1 commit
  14. 10 Sep, 2019 1 commit
  15. 30 May, 2019 1 commit
  16. 24 May, 2019 1 commit