- 29 Aug, 2022 3 commits
-
-
Shu-yu Guo authored
Shared values need to be kept alive while being conveyed across threads (i.e. by postMessage). Currently they are meant to be conveyed through the serializer/deserializer by the embedder via API. This both clunky and the embedder has no good choice for what to do, because the most natural choice is v8::Global and it is not designed to be threadsafe. This CL removes the API and transparently handles conveying shared values by using a wrapper around PersistentHandles called SharedValueConveyors. Any isolate can own the conveyor provided it outlives the receipt of the message by the receiving isolate. For simpler lifetime management, the shared isolate currently owns all conveyors. Bug: v8:12547 Change-Id: I8f71b2faa0f8a1973f8b97ffccf4f5ad230f4e16 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857453Reviewed-by:
Jakob Linke <jgruber@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#82795}
-
Michael Lippautz authored
- Unify AIX and Starboard wrapping code. - Move all wrapping code into `platform/memory.h` Change-Id: I42c04dd1e982edff2db7bbfa9eecdbdd67f40714 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858226Reviewed-by:
Jakob Linke <jgruber@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#82794}
-
Clemens Backes authored
The API was deprecated in v10.6 (https://crrev.com/c/3789510). Remove now, in v10.7. R=mlippautz@chromium.org Bug: v8:12899 Change-Id: I21d79cdd357315daf9684d9cdd6c1f1be088ad6b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3852490Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#82768}
-
- 26 Aug, 2022 1 commit
-
-
Shu-yu Guo authored
Currently the ability to create shared isolates is partially exposed to API. Instead of fully exposing it, this CL makes shared isolate and shared heap handling transparent to the embedder. If a flag that requires the shared heap is true (currently --shared-string-table and --harmony-struct), the first isolate created in the process will create and attach to a process-wide shared isolate. Subsequent isolates will attach to that shared isolate. When that first isolate is deleted, the shared isolate is also deleted. Bug: v8:12547 Change-Id: Idaf2947bc354066c44f2d10243e10162b1b7e4d6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3848825Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Owners-Override: Shu-yu Guo <syg@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#82756}
-
- 24 Aug, 2022 1 commit
-
-
Michael Lippautz authored
Users should rely on CppHeap which is the only supported way of using v8::TracedReference in going forward. Bug: v8:13207 Change-Id: Idd03f458167c74b06f285bb568e5c77ad46003fe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849037Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/main@{#82681}
-
- 22 Aug, 2022 1 commit
-
-
ishell@chromium.org authored
Namely: - AccessorInfo::getter and AccessorInfo::js_getter, - CallHandlerInfo::callback and CallHandlerInfo::js_callback. The redirected/non-redirected callback distinction is required only for simulated builds but we wasted memory also for all native builds. Now we store these fields in "redirected" form which allows us to call them directly from builtins or generated code. In case it's necessary to call a callback from C++ code the C function address is read from the redirection. This additional indirection makes the callback calls from C++ code in simulated builds slower but saves memory for native builds. This CL should recover a part of memory regression caused by inlining Foreign fields into AccessorInfo and CallHandlerInfo. Bug: v8:12949, chromium:1336105, chromium:1335930 Change-Id: I38470ed21ee23b281247c11a9531542c7e4acca1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835686Reviewed-by:
Jakob Linke <jgruber@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#82631}
-
- 19 Aug, 2022 2 commits
-
-
Samuel Groß authored
Now that V8_SANDBOXED_POINTERS is enabled by default on every platform if the sandbox is enabled, it is no longer necessary to have a separate option to enable/disable sandboxed pointers. Bug: chromium:1218005 Change-Id: I2ab4c7c758010007765a3b0595357ddecfe9f258 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840937Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#82587}
-
Samuel Groß authored
The function is no longer used in Chromium or V8 and can therefore be deleted. This CL also simplifies V8::GetSandboxSizeInBytes, which now no longer needs to be able to deal with an uninitialized sandbox. Bug: v8:10391 Change-Id: I22d6b0e03de1fd2ba3d38c4e476fca44068b62f9 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769690Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#82583}
-
- 16 Aug, 2022 1 commit
-
-
Camillo authored
Remove the following deprecated functions: include/v8-inspector.h:364 v10.3 Use version with client_is_trusted argument include/v8-locker.h:130 v10.3 This method will be removed. include/v8-message.h:90 v10.3 Use GetHostDefinedOptions include/v8-script.h:51 v10.0 Use HostDefinedOptions include/v8-script.h:671 v10.0 Use CompileFunction Output generated by tools/release/list_deprecated.py. Remove CompileFunctionInContext for chrome and only implement it if V8_SCRIPTORMODULE_LEGACY_LIFETIME is defined. Change-Id: I33dd3665220f484e277e66f340e17ed2c3b49916 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702449Reviewed-by:
Victor Gomes <victorgomes@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Auto-Submit: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#82476}
-
- 11 Aug, 2022 2 commits
-
-
ishell@chromium.org authored
... in compiler and other components. Bug: v8:11880 Change-Id: I3a51c33499e7c7169f171c4be0600d7822dafc27 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825883 Auto-Submit: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Jakob Linke <jgruber@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Commit-Queue: Jakob Linke <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#82391}
-
Jakob Kummerow authored
This function should properly forward any exceptions it encounters, instead of silently swallowing them. Being an API function, that means moving them from "pending" to "scheduled" state. Fixed: v8:13123 Change-Id: I20b0782fd806e456f14dda84100000c857481d09 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825880Reviewed-by:
Andreas Haas <ahaas@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/main@{#82386}
-
- 10 Aug, 2022 1 commit
-
-
Michael Lippautz authored
This is a reland of commit 6953b555 The reland fixes tests that retrieved the stack start from a non-inlined frame's fp. This does not work in certain configurations as the resulting marker is too low to consider the first local variables in subsequent calls. The fix uses an inline frame address for the tests to get an upper bound of stack addresses to consider. Original change's description: > [handles] Remove precise on-stack representation of global handles > > Since https://crrev.com/c/3806439 on-stack traced handles are marked > conservatively when being used in combination with CppHeap. > > This change removes the precise on-stack representation of the > internal traced nodes as they nodes would anyways be marked > conservatively. The effects are: > - cheaper representation (just a single node space); > - uniform handling: no checks to distinguish on-stack vs on-heap; > - no brittleness around cleaning on-stack handles when the event loop > is empty; > > Change-Id: Id859623bfed77a66bdd064ea8065536264515eae > Bug: v8:13141 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812039 > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/main@{#82306} Bug: v8:13141 Change-Id: I53ece36220e99d02be6df18f83c18450e5d5037b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820585Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#82342}
-
- 09 Aug, 2022 3 commits
-
-
Michael Lippautz authored
This reverts commit 6953b555. Reason for revert: Failing on CI: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20full%20debug/22876/overview Original change's description: > [handles] Remove precise on-stack representation of global handles > > Since https://crrev.com/c/3806439 on-stack traced handles are marked > conservatively when being used in combination with CppHeap. > > This change removes the precise on-stack representation of the > internal traced nodes as they nodes would anyways be marked > conservatively. The effects are: > - cheaper representation (just a single node space); > - uniform handling: no checks to distinguish on-stack vs on-heap; > - no brittleness around cleaning on-stack handles when the event loop > is empty; > > Change-Id: Id859623bfed77a66bdd064ea8065536264515eae > Bug: v8:13141 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812039 > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/main@{#82306} Bug: v8:13141 Change-Id: I5ebb2ed9eeec1394c2dd48504e91f6ff789b0711 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820584 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#82313}
-
Carl Smith authored
Exit with a non-zero exit code on OOM crashes such that Fuzzilli can discard these samples. Otherwise Fuzzilli treats these as valid samples and adds them to the corpus. Bug: v8:10571 Change-Id: Ia450a86288d9c2e8ee1cf0eb57bd8808de2f7dd7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3816665Reviewed-by:
Samuel Groß <saelo@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Carl Smith <cffsmith@google.com> Cr-Commit-Position: refs/heads/main@{#82311}
-
Michael Lippautz authored
Since https://crrev.com/c/3806439 on-stack traced handles are marked conservatively when being used in combination with CppHeap. This change removes the precise on-stack representation of the internal traced nodes as they nodes would anyways be marked conservatively. The effects are: - cheaper representation (just a single node space); - uniform handling: no checks to distinguish on-stack vs on-heap; - no brittleness around cleaning on-stack handles when the event loop is empty; Change-Id: Id859623bfed77a66bdd064ea8065536264515eae Bug: v8:13141 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812039Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#82306}
-
- 08 Aug, 2022 1 commit
-
-
Clemens Backes authored
Many messages already do not end in a ".", which makes sense for embedders that format location and message in one line, like Chrome. Before: V8 error: Empty MaybeLocal. (v8::ToLocalChecked). After: V8 error: Empty MaybeLocal (v8::ToLocalChecked). R=mlippautz@chromium.org Change-Id: Ibfb226c50ae8dce4057cdf0012e58fa1f27faa2a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811586Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#82257}
-
- 05 Aug, 2022 1 commit
-
-
Yoshisato Yanagisawa authored
In the previous CL (https://chromium-review.googlesource.com/c/v8/v8/+/3778969), we executed i::Compiler::Compile regardless of the function has been compiled or not. That caused DCHECK failures in the Compile function, which allows to compile only once. Bug: chromium:1347319 Change-Id: I240591cbec46dc4fac4028a80a8ba5ab2f05c450 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3806929Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Yoshisato Yanagisawa <yyanagisawa@chromium.org> Cr-Commit-Position: refs/heads/main@{#82217}
-
- 02 Aug, 2022 1 commit
-
-
Michael Lippautz authored
This reverts commit 61193620. Reason for revert: Blocking roll: https://chromium-review.googlesource.com/c/chromium/src/+/3802992/ Original change's description: > [heap, api] Check assumptions for embedder fields on set > > Previously, we would set embedder fields and do type checks (on > embedder fields) in the GC. This does not work nicely as embedder > fields contain system pointers whereas we can only operate with > tag-aligned reads/writes. The end result of assembling pointers was > somtimes broken for concurrent marking. > > In this CL we reverse the mode and check assumptions when writing the > fields. From Blink we generally only write once and use the fields in > the GC and via reads multiple times. > > We assume, that when running with CppHeap, any pointer on an instance > field that points into CppHeap, also has the type field set with the > appropriate tracing information. In debug builds we also verify that > the embedder field indeed points to the start of an Oilpan object. > > Bug: chromium:1337690 > Change-Id: I9f9a8e691cdcf666861a455dcf8f65f2fe80b034 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3788206 > Commit-Queue: Michael Lippautz <mlippautz@chromium.org> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Omer Katz <omerkatz@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/main@{#82120} Bug: chromium:1337690 Change-Id: Iaece8f51883c7d001fb18ef48faaf271c48b8f11 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3804245 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Owners-Override: Leszek Swirski <leszeks@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#82127}
-
- 01 Aug, 2022 3 commits
-
-
Michael Lippautz authored
Previously, we would set embedder fields and do type checks (on embedder fields) in the GC. This does not work nicely as embedder fields contain system pointers whereas we can only operate with tag-aligned reads/writes. The end result of assembling pointers was somtimes broken for concurrent marking. In this CL we reverse the mode and check assumptions when writing the fields. From Blink we generally only write once and use the fields in the GC and via reads multiple times. We assume, that when running with CppHeap, any pointer on an instance field that points into CppHeap, also has the type field set with the appropriate tracing information. In debug builds we also verify that the embedder field indeed points to the start of an Oilpan object. Bug: chromium:1337690 Change-Id: I9f9a8e691cdcf666861a455dcf8f65f2fe80b034 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3788206 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Omer Katz <omerkatz@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#82120}
-
Michael Lippautz authored
- No slots are invalidated as all slots are always treated as tagged or aligned pointers. - The map is not updated. Change-Id: Ifb8ffddfa3b626de3233f17f67b46fec36146f2e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3795378Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#82104}
-
Yoshisato Yanagisawa authored
The function returns true if the function does not do anything like: () => {}. Change-Id: I049d7956c443b5d2bb8017a48547376f13acd0a2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3778969Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Yoshisato Yanagisawa <yyanagisawa@chromium.org> Cr-Commit-Position: refs/heads/main@{#82093}
-
- 28 Jul, 2022 1 commit
-
-
Clemens Backes authored
This is deprecated since 10.5 and replaced by the new callback which receives more OOM details. R=mlippautz@chromium.org Bug: chromium:1323177 Change-Id: I9385da33c3d9227144ebc47d6dddae702701ff82 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3789509Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#82033}
-
- 22 Jul, 2022 1 commit
-
-
Suraj Sharma authored
All ETW Events are controlled by v8_enable_system_instrumentation. This flag is turned off when perfetto is enabled since traces events flowing through TRACE_EVENT macros can't be intercepted by Recorder. Since, stack walking Events don't use TRACE_EVENT it can be turned back on, when using perfetto. Hence, creating a separate Build Flag for emitting stack walking event until the recorder is ported. Bug: v8:11043 Change-Id: I6cdb81400780e54fddf6d6e2476cad29c60483d2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3704465Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Commit-Queue: Suraj Sharma <surshar@microsoft.com> Cr-Commit-Position: refs/heads/main@{#81879}
-
- 15 Jul, 2022 2 commits
-
-
Samuel Groß authored
As sandboxed pointers are now default-enabled when the sandbox is enabled, it is no longer possible to deactivate the sandbox at runtime. This CL therefore removes all the logic that was required to support a sandbox that could be disabled at runtime, moves the initialization of the sandbox into V8::Initialize, and deprecates V8::InitializeSandbox. This change also makes the sandbox initialization deterministic if FLAG_random_seed is supplied. Bug: v8:10391 Change-Id: Ibd49f7c251b7c58c642f18a551ecc2c391740970 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762583Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#81746}
-
Marja Hölttä authored
Raw data access is already possible via GetBackingStore()->GetData(). This API exposes a more efficient way for accessing JSArrayBuffer::backing_store (which, despite the confusing name, is no the BackingStore but its raw data pointer). Bug: v8:10343 Change-Id: I695cea91e2c3de75ce6c86bac6e413ce6617958b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3764341Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#81745}
-
- 12 Jul, 2022 1 commit
-
-
Jose Dapena Paz authored
If a tracing session starts after a script load has happened, then it is not emitted, so the source information is not visible in ETW. This is because we keep track of the loads already emitted, and we try to launch traces even when recording is not happening. To prevent this problem, this CS keeps track of when recording is happening. So, when it starts, it will emit all the already generated code immediately. This will add some overhead on tracing session start if system instrumentation is enabled, but this is better than not having instrumentation for previous symbols. There is still one problem: for each active isolate, it calls for replaying the event recording in an asynchronous task. So, for any JS task that is already running when tracing start, symbols will not be available. This makes this change less useful as, for a batch task or any long JS code that is already running when tracing start, we will not get symbols yet. Only after the foreground task runner runs the task to emit the ETW events we will get the symbols resolved in the trace. An specific approach was required for d8 interactive shell. As, when showing prompt, it is not processing the task runner queue, and it is only processed when the next script is launched, it first checks if it needs to generate ETW symbols information before running the script. Bug: v8:12932 Change-Id: I8b056c69cee0350f921a01c87beb9f2d51e10583 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3705541Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: José Dapena Paz <jdapena@igalia.com> Cr-Commit-Position: refs/heads/main@{#81673}
-
- 11 Jul, 2022 3 commits
-
-
Maksim Sadym authored
1. Add `toISOString` to `v8::Date`. 2. Switch serialization to `ISOString`. Bug: v8:13043 Change-Id: I8a852f4a4a46bb3b8e5d52ef3cdffde7a408b403 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749203 Auto-Submit: Maksim Sadym <sadym@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#81647}
-
Joyee Cheung authored
Previously SnapshotCreator demanded a blob to be created before it can be destructed in debug build, this patch removes the DCHECK so that the embedder can choose not to create the blob when e.g. the snapshot building isn't successful due to errors. Change-Id: I72939be1e0d79b257b9761f48a72e45325a1f6d8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716682Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Commit-Queue: Joyee Cheung <joyee@igalia.com> Cr-Commit-Position: refs/heads/main@{#81644}
-
Samuel Groß authored
This CL does the following: - It enables (i.e. allocates and initializes) the per-Isolate ExternalPointerTable when the sandbox is enabled. - It refactors the list of external pointer tags to mark them as "sandboxed" or "unsandboxed". An unsandboxed external pointer has a null tag. - It changes V8_SANDBOXED_EXTERNAL_POINTERS to now essentially just enable sandboxing for all available tags. - It modifies all low-level external pointer accessors to perform the ExternalPointerLookup only if the tag is non-zero and otherwise treat the slot as containing a raw pointer. This now allows rolling out external pointer sandboxing incrementally (separately for each external pointer type), which will in turn allow for more precise performance measurements of the impact of the sandbox. Note: when an external pointer tag is now marked as sandboxed (and V8_SANDBOXED_EXTERNAL_POINTERS is not enabled), the underlying slots are still 64-bits in size. This simplifies the implementation as we would otherwise need to deal with variably-sized external pointer slots. Local benchmarking suggests that the benefits from 32-bit external pointer slots are insignificant on typical benchmarks, so this should be ok. Drive-by: rename kExternalPointerSize to kExternalPointerSlotSize to make it more clear what it refers to (the on-heap storage size). Also delete CodeStubAssembler::InitializeExternalPointerField as it is not currently used and the implementation is fairly inefficient. Bug: v8:10391 Change-Id: I7c38729c7e9048d737a1a8ced84749f5b1f7feab Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736447Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/main@{#81636}
-
- 07 Jul, 2022 1 commit
-
-
Paul Semel authored
This adds support for a better error message when wasm code generation is not allowed. Chrome will use this new API here: https://chromium-review.googlesource.com/c/chromium/src/+/3738183. Bug: chromium:1255058 Change-Id: I8c9639c4fd08d1dff0a5a2fc6a8360f40a7e140e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3740721Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Paul Semel <paulsemel@chromium.org> Cr-Commit-Position: refs/heads/main@{#81573}
-
- 05 Jul, 2022 3 commits
-
-
Manos Koukoutos authored
This is a reland of commit 2d74bfa4 Difference compared to original: Restore one needed include. Original change's description: > Remove some unused includes > > Mostly src/api, src/asmjs. src/ast, src/base, src/wasm. > > Bug: v8:13006 > Change-Id: If4e85afe003fda9f8a681077827c3502e939fe57 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3742702 > Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/main@{#81523} Bug: v8:13006 Change-Id: I88c45059572fa25af4e0999f479ba5c28572db7f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3746077Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by:
Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/main@{#81539}
-
Manos Koukoutos authored
This reverts commit 2d74bfa4. Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20debug%20builder/7403/overview Original change's description: > Remove some unused includes > > Mostly src/api, src/asmjs. src/ast, src/base, src/wasm. > > Bug: v8:13006 > Change-Id: If4e85afe003fda9f8a681077827c3502e939fe57 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3742702 > Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/main@{#81523} Bug: v8:13006 Change-Id: I7579dc3805ed4cbcd56488c31450c7941b430b1a No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3746076 Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by:
Manos Koukoutos <manoskouk@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Owners-Override: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/main@{#81526}
-
Manos Koukoutos authored
Mostly src/api, src/asmjs. src/ast, src/base, src/wasm. Bug: v8:13006 Change-Id: If4e85afe003fda9f8a681077827c3502e939fe57 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3742702Reviewed-by:
Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#81523}
-
- 01 Jul, 2022 1 commit
-
-
Toon Verwaest authored
This was already removed as part of the lazy api accessor work, but was never cleaned up throughout v8. Change-Id: I00621d0e0f33c58efaed0f6b55cd22f1f8803825 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735131Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Auto-Submit: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#81481}
-
- 28 Jun, 2022 2 commits
-
-
Andreas Haas authored
The class is dead code, and has not been used for years. I tried to deprecate the class first, but this caused build errors on GCC [1]. That's why this CL just deletes the class. Deleting the class is okay because this class was part of the original implementation of streaming compilation. There is only a single embedder who uses streaming compilation, which is Chrome, and Chrome switched to the new API already years ago. If there were other embedders that use this class, then this embedder would already have no working implementation of streaming compilation for years. R=adamk@chromium.org Bug: v8:12926 Change-Id: I3342167245822cf8ee52d9632cba236fb1b0646c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714236 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by:
Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/heads/main@{#81421}
-
Seth Brenith authored
This change is only to get the API in place; the newly added functions don't yet do anything. Bug: v8:12808 Change-Id: Ic6a697d4f62c2b61761b2545dae6fcdf37653bbf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3681880Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/main@{#81418}
-
- 27 Jun, 2022 1 commit
-
-
Samuel Groß authored
The ExternalPointerTags are assumed to be compile-time constants in most cases, so turning them into template parameters enforces that. As decisions such as whether to use the per-isolate or the shared external pointer table are encoded into the tag values, forcing those to be compile-time constants guarantees that the compiler will be able to inline the correct logic when accessing an external pointer. With this, there are now two (high-level) ways of accessing external pointer fields from C++: the Read/WriteExternalPointerField methods which require the ExternalPointerTag to be a template parameter, and the ExternalPointerSlot class which takes the tag as an argument. The latter is for example used for snapshot deserialization and by the garbage collector (more generally, by the ObjectVisitor::VisitExternalPointer method), where the tag is not a compile-time constant. Finally, this CL also introduces a new ExternalPointerHandle type which represents the (opaque) on-heap representation of a reference to an entry in an ExternalPointerTable when sandboxing is enabled. Making this its own type makes the code a bit more readable. Bug: v8:10391 Change-Id: I867b8ce41d15d485f1dc66786f233c710c56afcb Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3720641Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#81402}
-
- 21 Jun, 2022 1 commit
-
-
Samuel Groß authored
Previously it was implemented in api.cc, therefore requiring an additional function call when accessing external pointer fields from embedder code with the sandbox enabled. Now ReadExternalPointerField can be inlined. Bug: v8:10391 Change-Id: Ia8cb2df148ac96f979fd3e22989b0ff6177abcec Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714245Reviewed-by:
Igor Sheludko <ishell@chromium.org> Auto-Submit: Samuel Groß <saelo@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/main@{#81271}
-
- 20 Jun, 2022 2 commits
-
-
Samuel Groß authored
Previously, when embedders attempted to create ArrayBuffers backed by memory outside the sandbox, V8 would simply crash with a failed CHECK when converting the raw backing store pointer into a SandboxedPointer. The new ApiCheck now provides a better error message in that case. Bug: chromium:1218005 Change-Id: I7a1ad8cbf07fa346b1f09521850df9b18b428427 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3711882Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#81254}
-
Igor Sheludko authored
... to avoid additional indirection on every access. Drive-by: given that AccessorInfo class now has a custom body visitor it's no longer necessary to encode flags field as Smi. Bug: v8:12949 Change-Id: I30eabee3cbc5ded2bf3f050dfe22208713a764bf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3701590Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#81237}
-