1. 16 Jul, 2020 1 commit
  2. 10 Jul, 2020 1 commit
  3. 03 Jul, 2020 2 commits
  4. 02 Jul, 2020 1 commit
  5. 01 Jul, 2020 1 commit
  6. 29 Jun, 2020 1 commit
  7. 22 Jun, 2020 1 commit
  8. 19 Jun, 2020 1 commit
    • Michael Lippautz's avatar
      Reland "cppgc: Properly clear (Weak)Peristent and WeakMember pointers" · 8bdce527
      Michael Lippautz authored
      This is a reland of e0c1a349
      
      The issue was passing SentinelPointer (== +1) through T*.
      
      The fix is disabling cfi unrelated cast diagnostic for the bottlenecks
      (Get()). This means that nullptr is treated the same as
      kSentinelPointer.
      
      The alternative would be a DCHECK that Get() does not return
      kSentinelPointer and adjusting all Member and Persistent logic that
      uses Get() to work on void*. This is quite intrusive as it involves
      Swap(), heterogeneous assignments, comparisons, etc.
      
      Original change's description:
      > cppgc: Properly clear (Weak)Peristent and WeakMember pointers
      >
      > The CL addresses two issues with (Weak)Persistent and WeakMember:
      > 1. (Weak)Persistent pointers are cleared on heap teardown. Before this
      >    CL the pointers would contain stale values which could lead to UAF.
      > 2. WeakPersistent and WeakMember are cleared using a combination of
      >    internal clearing methods and mutable fields which avoids the use
      >    of const_cast<>.
      >
      > Bug: chromium:1056170
      > Change-Id: Ibf2b0f0856771b4f6906608cde13a6d43ebf81f3
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248190
      > Reviewed-by: Omer Katz <omerkatz@chromium.org>
      > Reviewed-by: Anton Bikineev <bikineev@chromium.org>
      > Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#68394}
      
      Bug: chromium:1056170
      Change-Id: I3d74b43464c2973df1956f51b1419d755dd9f519
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250240Reviewed-by: 's avatarOmer Katz <omerkatz@chromium.org>
      Reviewed-by: 's avatarAnton Bikineev <bikineev@chromium.org>
      Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#68426}
      8bdce527
  9. 17 Jun, 2020 3 commits
  10. 16 Jun, 2020 2 commits
  11. 15 Jun, 2020 1 commit
  12. 11 Jun, 2020 1 commit
  13. 10 Jun, 2020 3 commits
  14. 08 Jun, 2020 2 commits
  15. 05 Jun, 2020 2 commits
  16. 03 Jun, 2020 2 commits
  17. 02 Jun, 2020 1 commit
  18. 28 May, 2020 1 commit
    • Michael Lippautz's avatar
      cppgc: Rely on per-heap platform objects · 3d53d7ac
      Michael Lippautz authored
      Split platform into a process-global initialization part and per-heap
      platform objects.
      
      These platform objects still contain allocators and executors. With
      per-heap platforms GetForegroundTaskRunner() returns by definition the
      correct runner.
      
      In future, when initialized throuhg V8, an adapter can be used to
      translate between the different platforms, avoiding the needed for V8
      embedders to provide additional information.
      
      Bug: chromium:1056170
      Change-Id: I11bdd15e945687cfbdf38cae4137facb02559e0a
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218030
      Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
      Commit-Queue: Anton Bikineev <bikineev@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarOmer Katz <omerkatz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#68059}
      3d53d7ac
  19. 26 May, 2020 3 commits
  20. 18 May, 2020 1 commit
  21. 15 May, 2020 1 commit
  22. 14 May, 2020 4 commits
    • Omer Katz's avatar
      Reland "cppgc: Stack scanning using ObjectStartBitmap" · 93059842
      Omer Katz authored
      This reverts commit 580917d2.
      
      Reason for revert: fix in patchset 2
      
      Original change's description:
      > Revert "cppgc: Stack scanning using ObjectStartBitmap"
      > 
      > This reverts commit d3a72e3c.
      > 
      > Reason for revert: MSAN failures (https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/32360)
      > 
      > Original change's description:
      > > cppgc: Stack scanning using ObjectStartBitmap
      > > 
      > > This CL implements stack scanning for cppgc.
      > > Given a value on the stack, the MarkingVisitor uses
      > > PageBackend::Lookup to checks whether that address is on
      > > the heap. If it is, BasePage::TryObjectHeaderFromInnerAddress
      > > (introduced in this CL) is used to get the relevant object
      > > header. Note that random addresses on the heap might point to
      > > free memory, object-start-bitmap, etc.
      > > 
      > > If a valid object header is found:
      > > * If the object is not in construction, the GCInfoIndex is used
      > > the get the relevant Trace method and the object is traced.
      > > * Otherwise, the object is conservatively scanned - i.e. the
      > > payload of the object is iterated word by word and each word is
      > > treated as a possible pointer.
      > > 
      > > Only addresses pointing to the payload on non-free objects are
      > > traced.
      > > 
      > > BasePage::TryObjectHeaderFromInnerAddress assumes on LAB on the
      > > relevant space, thus all LABs are reset before scanning the stack.
      > > 
      > > Bug: chromium:1056170
      > > Change-Id: I172850f6f1bbb6f0efca8e44ad8fdfe222977b9f
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190426
      > > Commit-Queue: Omer Katz <omerkatz@chromium.org>
      > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > Reviewed-by: Anton Bikineev <bikineev@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#67795}
      > 
      > TBR=ulan@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org
      > 
      > Change-Id: I3caef6f9f55911fd1a86e895c3495d1b98b1eac2
      > No-Presubmit: true
      > No-Tree-Checks: true
      > No-Try: true
      > Bug: chromium:1056170
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2201136
      > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#67796}
      
      TBR=ulan@chromium.org,mlippautz@chromium.org,leszeks@chromium.org,bikineev@chromium.org,omerkatz@chromium.org
      
      # Not skipping CQ checks because this is a reland.
      
      Bug: chromium:1056170
      Change-Id: If7ea4fe5cb794c07544d5545f5d6548e3375d3ae
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2201137Reviewed-by: 's avatarOmer Katz <omerkatz@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarAnton Bikineev <bikineev@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Commit-Queue: Omer Katz <omerkatz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#67803}
      93059842
    • Omer Katz's avatar
      Fix CountPopulation non-builtin implementation · cc6dfd5d
      Omer Katz authored
      The existing non-builtin implementation is returning wrong results.
      For example, given the value 63 as a uint8_t it returns 38 (should be 6).
      
      The new implementation follows the naive algorithm presented in figure 5-1
      in Hacker's Delight section 5-1.
      Note that the algorithm in the book is designed for 32 bit numbers, so we
      extended it to support 64 bit as well.
      
      Bug: chromium:1056170
      Change-Id: I8fed9c449f80b01b8cc93d339529c0e1e0863fc0
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2199345Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarAnton Bikineev <bikineev@chromium.org>
      Commit-Queue: Omer Katz <omerkatz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#67801}
      cc6dfd5d
    • Leszek Swirski's avatar
      Revert "cppgc: Stack scanning using ObjectStartBitmap" · 580917d2
      Leszek Swirski authored
      This reverts commit d3a72e3c.
      
      Reason for revert: MSAN failures (https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/32360)
      
      Original change's description:
      > cppgc: Stack scanning using ObjectStartBitmap
      > 
      > This CL implements stack scanning for cppgc.
      > Given a value on the stack, the MarkingVisitor uses
      > PageBackend::Lookup to checks whether that address is on
      > the heap. If it is, BasePage::TryObjectHeaderFromInnerAddress
      > (introduced in this CL) is used to get the relevant object
      > header. Note that random addresses on the heap might point to
      > free memory, object-start-bitmap, etc.
      > 
      > If a valid object header is found:
      > * If the object is not in construction, the GCInfoIndex is used
      > the get the relevant Trace method and the object is traced.
      > * Otherwise, the object is conservatively scanned - i.e. the
      > payload of the object is iterated word by word and each word is
      > treated as a possible pointer.
      > 
      > Only addresses pointing to the payload on non-free objects are
      > traced.
      > 
      > BasePage::TryObjectHeaderFromInnerAddress assumes on LAB on the
      > relevant space, thus all LABs are reset before scanning the stack.
      > 
      > Bug: chromium:1056170
      > Change-Id: I172850f6f1bbb6f0efca8e44ad8fdfe222977b9f
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190426
      > Commit-Queue: Omer Katz <omerkatz@chromium.org>
      > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Anton Bikineev <bikineev@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#67795}
      
      TBR=ulan@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org
      
      Change-Id: I3caef6f9f55911fd1a86e895c3495d1b98b1eac2
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: chromium:1056170
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2201136Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#67796}
      580917d2
    • Omer Katz's avatar
      cppgc: Stack scanning using ObjectStartBitmap · d3a72e3c
      Omer Katz authored
      This CL implements stack scanning for cppgc.
      Given a value on the stack, the MarkingVisitor uses
      PageBackend::Lookup to checks whether that address is on
      the heap. If it is, BasePage::TryObjectHeaderFromInnerAddress
      (introduced in this CL) is used to get the relevant object
      header. Note that random addresses on the heap might point to
      free memory, object-start-bitmap, etc.
      
      If a valid object header is found:
      * If the object is not in construction, the GCInfoIndex is used
      the get the relevant Trace method and the object is traced.
      * Otherwise, the object is conservatively scanned - i.e. the
      payload of the object is iterated word by word and each word is
      treated as a possible pointer.
      
      Only addresses pointing to the payload on non-free objects are
      traced.
      
      BasePage::TryObjectHeaderFromInnerAddress assumes on LAB on the
      relevant space, thus all LABs are reset before scanning the stack.
      
      Bug: chromium:1056170
      Change-Id: I172850f6f1bbb6f0efca8e44ad8fdfe222977b9f
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190426
      Commit-Queue: Omer Katz <omerkatz@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarAnton Bikineev <bikineev@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#67795}
      d3a72e3c
  23. 13 May, 2020 2 commits
  24. 12 May, 2020 2 commits