AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Only use the caging ArrayBufferAllocator when the heap sandbox is on

Browse Source 
The current implementation of the default ArrayBufferAllocator for the
virtual memory cage is highly inefficient as it simply forwards all
requests to the cage's PageAllocator. With this CL, this allocator is
now only used when the heap sandbox is enabled, in which case
ArrayBuffer backing stores must be located inside the cage. In all other
cases, in particular when only the virtual memory cage is enabled, the
backing stores can be located outside the cage and so the malloc-based
ArrayBufferAllocator is used.

This change only affects configurations in which V8's default
ArrayBufferAllocator is used.

Bug: chromium:1218005
Change-Id: I39cb5de3034ccd4b6975dc5193d8c7309857433b
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3205018
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77276}
This commit is contained in:
Samuel Groß 2021-10-05 19:24:26 +02:00 committed by V8 LUCI CQ
parent 2ca7641f99
commit 7436a7b72a
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/api/api.cc
View File

@ -382,11 +382,11 @@ void V8::SetSnapshotDataBlob(StartupData* snapshot_blob) {
namespace {
#ifdef V8_VIRTUAL_MEMORY_CAGE
// ArrayBufferAllocator to use when the virtual memory cage is enabled, in which
// case all ArrayBuffer backing stores need to be allocated inside the data
// cage. Note, the current implementation is extremely inefficient as it uses
// the BoundedPageAllocator. In the future, we'll need a proper allocator
#ifdef V8_HEAP_SANDBOX
// ArrayBufferAllocator to use when the heap sandbox is enabled, in which case
// all ArrayBuffer backing stores need to be allocated inside the virtual
// memory cage. Note, the current implementation is extremely inefficient as it
// uses the BoundedPageAllocator. In the future, we'll need a proper allocator
// implementation.
class ArrayBufferAllocator : public v8::ArrayBuffer::Allocator {
public:
@ -454,7 +454,7 @@ class ArrayBufferAllocator : public v8::ArrayBuffer::Allocator {
return new_data;
}
};
#endif // V8_VIRTUAL_MEMORY_CAGE
#endif // V8_HEAP_SANDBOX
struct SnapshotCreatorData {
explicit SnapshotCreatorData(Isolate* isolate)