- 20 Apr, 2020 1 commit
-
-
Ulan Degenbaev authored
Deserializer can trigger OOB read in the marking bitmap inside the RegisterDeserializedObjectsForBlackAllocation function. This happens for example if an internalized string is deserialized as the last object on a page and is the turned into a thin-string leaving a one-word filler at the end of the page. In such a case IsBlack(filler) will try to fetch a cell outside the marking bitmap. The fix is to increase the size of the marking bitmap by one cell, so that it is always safe to query markbits of any object on a page. Bug: chromium:978156 Change-Id: If3c74e4f97d2caeb3c3f37a4147f38dea5f0e5a8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2152838 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#67223}
-
- 25 Feb, 2019 1 commit
-
-
Pierre Langlois authored
When calling the `bitmap(chunk)` method of the various *MarkingState accessors we would receive a raw `Bitmap` pointer which does not tell you if accesses to markbits should be made atomically or not. As a result, we would default to doing atomic operation when in fact it may not be necessary. Here we're introducing a templated `ConcurrentBitmap` class that wraps operations done on the markbits and allows them to be made non-atomic. Additionaly, some of the `Bitmap` methods were only used to verify the heap and in the tests so they do not need atomic implementations. Using them in a concurrent context should now fail to link to make sure they're not mis-used in the future. Change-Id: Ifb55f8522c8bf0c87d65da9227864ee428d21bbd Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel Reviewed-on: https://chromium-review.googlesource.com/c/1482916Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Pierre Langlois <pierre.langlois@arm.com> Cr-Commit-Position: refs/heads/master@{#59836}
-
- 05 Oct, 2018 1 commit
-
-
Hannes Payer authored
Bug=chromium:852420 Change-Id: Ia810292e4f9592836e7ce734686cadc69328b1c3 Reviewed-on: https://chromium-review.googlesource.com/c/1262475 Commit-Queue: Hannes Payer <hpayer@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#56408}
-
- 20 Mar, 2018 1 commit
-
-
Dan Elphick authored
Adds a new space RO_SPACE and modifies the serializer and other machinery to support it. Currently RO_SPACE has nothing in it, but will eventually contain all the immovable immutable objects, so the GC can ignore it. Bug: v8:7464 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: Ib2ff474699196c138df8c24f7a2248471e30fbac Reviewed-on: https://chromium-review.googlesource.com/925703 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#52053}
-
- 21 Aug, 2017 1 commit
-
-
Ulan Degenbaev authored
Bug: chromium:757175 Change-Id: I6c566475a730084e8ab35e6f8505a12c466644ff Reviewed-on: https://chromium-review.googlesource.com/622430Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#47461}
-
- 13 Jun, 2017 1 commit
-
-
Michael Lippautz authored
Bug: Change-Id: I5ea0e072c3ac100a6f3bed62a9a4d2c11d2b7c9a Reviewed-on: https://chromium-review.googlesource.com/533414 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#45920}
-
- 12 Jun, 2017 1 commit
-
-
Ulan Degenbaev authored
The fence ensures that the concurrent marker observes consistent state of mark-bits for newly allocated objects. The patch also moves Bitmap functions to cc file and removes non-atomic versions of SetRange and ClearRange. BUG=chromium:694255 Change-Id: I466bef654f3d4a21b7aaebdfd6d5a39ddb5f2a0a Reviewed-on: https://chromium-review.googlesource.com/530367Reviewed-by:
Hannes Payer <hpayer@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#45868}
-