1. 05 Feb, 2021 1 commit
    • Michael Lippautz's avatar
      cppgc: Fix low-level write barriers · 65893d84
      Michael Lippautz authored
      Some types of supported low-level write barrier only requires passing
      a slot, which may not be even part of a heap object but stack.
      
      This complicates the situation, as even with caged heap, there's no
      way to distinguish a stack and heap slot.
      
      Solve this by passing an optional callback that can lazy be used to
      get the heap. This can be used by the embedder to retrieve the heap
      from e.g. TLS if needed.  This aligns the barrier with Oilpan in
      Blink.
      
      Bug: chromium:1056170
      Change-Id: I1e5d022ab17a2614a67b6ef39ed12691bcbd0ac6
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2675924Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarOmer Katz <omerkatz@chromium.org>
      Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#72550}
      65893d84
  2. 28 Jan, 2021 1 commit
  3. 14 Jan, 2021 1 commit
  4. 23 Oct, 2020 1 commit
    • Omer Katz's avatar
      Reland "cppgc: Port backing store compaction." · b5979eaa
      Omer Katz authored
      This is a reland of 90ea9b35
      
      Original change's description:
      > cppgc: Port backing store compaction.
      >
      > This CL ports the existing backing store compaction algorithm from
      > blink. It does not attempt to improve on the existing algorithm.
      >
      > Currently only unified heap uses the compaction implementation. It is
      > never triggered through standalone GCs.
      >
      > The compaction implementation resides within an internal "subtle" namespace.
      >
      > Bug: v8:10990
      > Change-Id: I4aa781db1b711e7aafc34234c4fb142de84394d7
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485228
      > Commit-Queue: Omer Katz <omerkatz@chromium.org>
      > Reviewed-by: Anton Bikineev <bikineev@chromium.org>
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70714}
      
      Bug: v8:10990
      Change-Id: I527c2042a26648d058bfe4d355527cce9a3eeadc
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2492331
      Commit-Queue: Omer Katz <omerkatz@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70736}
      b5979eaa
  5. 22 Oct, 2020 2 commits
  6. 28 Aug, 2020 1 commit
  7. 19 Jun, 2020 1 commit
    • Michael Lippautz's avatar
      Reland "cppgc: Properly clear (Weak)Peristent and WeakMember pointers" · 8bdce527
      Michael Lippautz authored
      This is a reland of e0c1a349
      
      The issue was passing SentinelPointer (== +1) through T*.
      
      The fix is disabling cfi unrelated cast diagnostic for the bottlenecks
      (Get()). This means that nullptr is treated the same as
      kSentinelPointer.
      
      The alternative would be a DCHECK that Get() does not return
      kSentinelPointer and adjusting all Member and Persistent logic that
      uses Get() to work on void*. This is quite intrusive as it involves
      Swap(), heterogeneous assignments, comparisons, etc.
      
      Original change's description:
      > cppgc: Properly clear (Weak)Peristent and WeakMember pointers
      >
      > The CL addresses two issues with (Weak)Persistent and WeakMember:
      > 1. (Weak)Persistent pointers are cleared on heap teardown. Before this
      >    CL the pointers would contain stale values which could lead to UAF.
      > 2. WeakPersistent and WeakMember are cleared using a combination of
      >    internal clearing methods and mutable fields which avoids the use
      >    of const_cast<>.
      >
      > Bug: chromium:1056170
      > Change-Id: Ibf2b0f0856771b4f6906608cde13a6d43ebf81f3
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248190
      > Reviewed-by: Omer Katz <omerkatz@chromium.org>
      > Reviewed-by: Anton Bikineev <bikineev@chromium.org>
      > Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#68394}
      
      Bug: chromium:1056170
      Change-Id: I3d74b43464c2973df1956f51b1419d755dd9f519
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250240Reviewed-by: 's avatarOmer Katz <omerkatz@chromium.org>
      Reviewed-by: 's avatarAnton Bikineev <bikineev@chromium.org>
      Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#68426}
      8bdce527
  8. 17 Jun, 2020 2 commits
  9. 27 Apr, 2020 3 commits
  10. 21 Apr, 2020 1 commit
  11. 15 Apr, 2020 1 commit
  12. 14 Apr, 2020 1 commit
  13. 08 Apr, 2020 1 commit
  14. 07 Apr, 2020 1 commit
  15. 01 Apr, 2020 1 commit
  16. 31 Mar, 2020 1 commit