Skip to content

V
V8
Switch branch/tag
  1. 11 Jul, 2022 1 commit
  3. 29 Jun, 2022 2 commits
  5. 28 Jun, 2022 1 commit
    • Anton Bikineev's avatar
      cppgc: shared-cage: Fix UaF when lsan is enabled · a1da1458
      Anton Bikineev authored 
      Before this CL, the caged heap was lazily initialized upon the first
call of HeapBase ctor. CagedHeap keeps a pointer to PageAllocator which
was provided from cppgc::Platform through the HeapBase ctor. This was
not generally safe: the platform is not enforced to be singleton. If it
happens to die first, then CagedHeap will have a stale pointer. The CL
fixes it simply by moving caged-heap initialization to
cppgc::InitializeProcess(), which already requires a constantly living
PageAllocator.

Bug: chromium:1338030
Change-Id: Ifb70a2db233ef36a99c919db09bed9ff9f3708ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3732107
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81422}
      a1da1458
  7. 27 Jun, 2022 1 commit
  9. 15 Jun, 2022 1 commit
  11. 14 Jun, 2022 1 commit
    • Anton Bikineev's avatar
      cppgc: shared-cage: Fix M1 build. · 747930df
      Anton Bikineev authored 
      This fixes an ODR violation: the macro V8_TARGET_ARCH_ARM64 was only
visible when building V8, but not outside it. The CL implements a quick
fix that relies on compiler-based macros (__aarch64__). The proper fix
would be to make these target macros be part of the public config.

Bug: chromium:1336222
Change-Id: I46ba6c1a3cd1ac4fcd3aced60ee112e6098eba6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3705540
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81162}
      747930df
  13. 13 Jun, 2022 3 commits
  15. 10 Jun, 2022 1 commit
  17. 09 Jun, 2022 5 commits
  19. 08 Jun, 2022 2 commits
  21. 05 Jun, 2022 1 commit
  23. 16 May, 2022 1 commit
  25. 13 May, 2022 2 commits
  27. 09 May, 2022 1 commit
  29. 04 May, 2022 1 commit
  31. 03 May, 2022 1 commit
  33. 02 May, 2022 1 commit
  35. 29 Apr, 2022 1 commit
    • Anton Bikineev's avatar
      cppgc: young-gen: Add runtime option for young generation · c7dfa3fa
      Anton Bikineev authored 
      The CL introduces a new option --cppgc-young-generation. This option
can't be enabled statically, because V8 options are parsed after heap
initialization. The CL changes minor GC so that it can be enabled
dynamically. The way it works is as follows:
- the user calls YoungGenerationEnabler::Enable();
- a heap checks in the next atomic pause whether the flag was enabled;
- if so, the heap enables young generation for itself.

To avoid barrier regressions without young-generation enabled, the CL changes the meaning of the global flag is-any-incremental-or-concurrent-marking to is-barrier-enabled.

The runtime option would enable us to test young generation on try-
and performance-bots.

Bug: chromium:1029379
Change-Id: I664cccdcd208225ffcbf9901f1284b56d088c5c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3607993
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80274}
      c7dfa3fa
  37. 27 Apr, 2022 1 commit
  39. 26 Apr, 2022 1 commit
  41. 13 Apr, 2022 1 commit
  43. 06 Apr, 2022 2 commits
    • Leszek Swirski's avatar
      [test] Add a unittest platform setup mixin · 0ff82052
      Leszek Swirski authored 
      Change the unittest runner to no longer uncondtionally set up a default
platform in the "environment", but to instead make platform set-up part
of the "mixin" framework for test fixtures.

Requires modifying some tests that expect the platform to be available,
and all flag implications resolved, before the mixin constructors run.

We still keep the environment for setting up the process for cppgc. This
process setup can only be done once per process, so it can no longer use
the platform -- that's ok though, the page allocator used by cppgc's
process initialisation doesn't have to be the same as the platform's so
we can just pass in a separate new one.

Change-Id: Ic8ccf39722e8212962c5bba87350c4b304388a7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571886Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79820}
      0ff82052
    • Clemens Backes's avatar
      [cppgc] Remove custom void_t, use std · 6806378c
      Clemens Backes authored 
      Remove the pre-C++17 implementation of void_t, just use std::void_t now.

R=omerkatz@chromium.org

Bug: v8:12425
Change-Id: Iabf72f1540ddb4db666e5a74f169f73546241c1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571888Reviewed-by: 's avatarOmer Katz <omerkatz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79812}
      6806378c
  45. 18 Mar, 2022 1 commit
    • Michael Lippautz's avatar
      Revert "cppgc: Rework prefinalizers" · f46c4858
      Michael Lippautz authored 
      This reverts commit cf25b3bc.

Reason for revert: https://crbug.com/1307471. TraceTrait must only be used during marking.

Original change's description:
> cppgc: Rework prefinalizers
>
> Move the check for whether an object is live or dead out of the
> prefinalizer trampoline. Moving it into the backend allows for
> inlining the check which avoids a call to the trampoline for live
> objects.
>
> On catapult benchmarks (e.g. cnn:2021, nytimes:2020), there's often
> ~2k finalizers registered. In order to avoid memory overhead in the
> range of a few KB, we store the fact whether the object points to the
> base object payload in the LSB of the pointer. For caged builds this
> is replaced with just storing the index into the cage for both object
> and base object payload.
>
> Locally saves around ~10% of atomic sweeping processing time which is
> in the order of .05ms.
>
> Bug: v8:12698
> Change-Id: I198205a6b1d57fc2df821ee4e73e53dc6f825ff5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497764
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79442}

Bug: v8:12698, chromium:1307471
Change-Id: I5c4e70d46cb99af66c77f0c013625b6af6c6eb8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3535781
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79527}
      f46c4858
  47. 10 Mar, 2022 1 commit
    • Michael Lippautz's avatar
      cppgc: Rework prefinalizers · cf25b3bc
      Michael Lippautz authored 
      Move the check for whether an object is live or dead out of the
prefinalizer trampoline. Moving it into the backend allows for
inlining the check which avoids a call to the trampoline for live
objects.

On catapult benchmarks (e.g. cnn:2021, nytimes:2020), there's often
~2k finalizers registered. In order to avoid memory overhead in the
range of a few KB, we store the fact whether the object points to the
base object payload in the LSB of the pointer. For caged builds this
is replaced with just storing the index into the cage for both object
and base object payload.

Locally saves around ~10% of atomic sweeping processing time which is
in the order of .05ms.

Bug: v8:12698
Change-Id: I198205a6b1d57fc2df821ee4e73e53dc6f825ff5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497764Reviewed-by: 's avatarOmer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79442}
      cf25b3bc
  49. 09 Mar, 2022 1 commit
  51. 02 Mar, 2022 1 commit
  53. 01 Mar, 2022 1 commit
  55. 17 Feb, 2022 1 commit
  57. 14 Feb, 2022 1 commit
    • Anton Bikineev's avatar
      cppgc: young-gen: Implement GenerationalBarrier for source objects · 3f5c2dda
      Anton Bikineev authored 
      The generational barrier for source objects records the entire source
object to be processed later during remembered set visitation. It's
planned to be used for Blink backing stores when an inlined object (or a
range thereof) is added (HeapAllocator::NotifyNewObject(s)).

An alternative approach would be to eagerly process the inlined objects
using a custom callback. However, this requires changing Visitors to
bring slots into the context. This approach should better work for
scenarios where small ranges or single elements are added, to avoid
processing potentially large backing stores. The followup CL implements
this idea.

Bug: chromium:1029379
Change-Id: Iacb59e4b10a66354526ed293d7f43f14d8761a8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460402Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79073}
      3f5c2dda
  59. 04 Feb, 2022 1 commit