Only use the caging ArrayBufferAllocator when the heap sandbox is on

The current implementation of the default ArrayBufferAllocator for the
virtual memory cage is highly inefficient as it simply forwards all
requests to the cage's PageAllocator. With this CL, this allocator is
now only used when the heap sandbox is enabled, in which case
ArrayBuffer backing stores must be located inside the cage. In all other
cases, in particular when only the virtual memory cage is enabled, the
backing stores can be located outside the cage and so the malloc-based
ArrayBufferAllocator is used.

This change only affects configurations in which V8's default
ArrayBufferAllocator is used.

Bug: chromium:1218005
Change-Id: I39cb5de3034ccd4b6975dc5193d8c7309857433b
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3205018
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77276}
This commit is contained in:
Samuel Groß 2021-10-05 19:24:26 +02:00 committed by V8 LUCI CQ
parent 2ca7641f99
commit 7436a7b72a

View File

@ -382,11 +382,11 @@ void V8::SetSnapshotDataBlob(StartupData* snapshot_blob) {
namespace { namespace {
#ifdef V8_VIRTUAL_MEMORY_CAGE #ifdef V8_HEAP_SANDBOX
// ArrayBufferAllocator to use when the virtual memory cage is enabled, in which // ArrayBufferAllocator to use when the heap sandbox is enabled, in which case
// case all ArrayBuffer backing stores need to be allocated inside the data // all ArrayBuffer backing stores need to be allocated inside the virtual
// cage. Note, the current implementation is extremely inefficient as it uses // memory cage. Note, the current implementation is extremely inefficient as it
// the BoundedPageAllocator. In the future, we'll need a proper allocator // uses the BoundedPageAllocator. In the future, we'll need a proper allocator
// implementation. // implementation.
class ArrayBufferAllocator : public v8::ArrayBuffer::Allocator { class ArrayBufferAllocator : public v8::ArrayBuffer::Allocator {
public: public:
@ -454,7 +454,7 @@ class ArrayBufferAllocator : public v8::ArrayBuffer::Allocator {
return new_data; return new_data;
} }
}; };
#endif // V8_VIRTUAL_MEMORY_CAGE #endif // V8_HEAP_SANDBOX
struct SnapshotCreatorData { struct SnapshotCreatorData {
explicit SnapshotCreatorData(Isolate* isolate) explicit SnapshotCreatorData(Isolate* isolate)