This is a reland of commit 60e9b50374
Original change's description:
> cppgc: Consistently treat sentinel pointer as live
>
> Sentinel pointers would be treated as live by the GC (through
> `HandleWeak()` but would be treated as dead when checked explicitly
> through the `LivenessBroker` in e.g. custom callbacks.
>
> Treat sentinel pointers as live consistently across all callsites
> and weak types.
>
> Change-Id: I9a4c096ddac1a111df808f3683325b55e7597eea
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3782800
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81916}
Change-Id: Ie2476345b9ea8406015a3b07bd6880c1159ede08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3779913
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81975}
This reverts commit 60e9b50374.
Reason for revert: Speculative revert for https://luci-milo.appspot.com/ui/inv/build-8807661142690641489/test-results?q=conformance%2Fogles%2FGL%2FgreaterThanEqual%2FgreaterThanEqual_001_to_008.html
Original change's description:
> cppgc: Consistently treat sentinel pointer as live
>
> Sentinel pointers would be treated as live by the GC (through
> `HandleWeak()` but would be treated as dead when checked explicitly
> through the `LivenessBroker` in e.g. custom callbacks.
>
> Treat sentinel pointers as live consistently across all callsites
> and weak types.
>
> Change-Id: I9a4c096ddac1a111df808f3683325b55e7597eea
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3782800
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81916}
Change-Id: Ic1ea0655499ae2e4ae7252fda7158d809e4970ca
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3783992
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81929}
Sentinel pointers would be treated as live by the GC (through
`HandleWeak()` but would be treated as dead when checked explicitly
through the `LivenessBroker` in e.g. custom callbacks.
Treat sentinel pointers as live consistently across all callsites
and weak types.
Change-Id: I9a4c096ddac1a111df808f3683325b55e7597eea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3782800
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81916}
nullptr objects are considered alive to allow weakness to be used from
stack while running into a conservative GC. Treating nullptr as dead
would mean that e.g. custom collectins could not be strongified on
stack.
Bug: chromium:1231286
Change-Id: Ibeddef18fcbae366c3f54304bf36b75c47bd74ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085280
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76229}
WeakMember references are used in ephemerons which uses the ordinary
LivenessBroker for determining whether an object is dead or not.
Bug: chromium:1056170
Change-Id: I7f25da22637fba24603bccb76e266357b0371525
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649042
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72346}
This is a reland of e0c1a349ea
The issue was passing SentinelPointer (== +1) through T*.
The fix is disabling cfi unrelated cast diagnostic for the bottlenecks
(Get()). This means that nullptr is treated the same as
kSentinelPointer.
The alternative would be a DCHECK that Get() does not return
kSentinelPointer and adjusting all Member and Persistent logic that
uses Get() to work on void*. This is quite intrusive as it involves
Swap(), heterogeneous assignments, comparisons, etc.
Original change's description:
> cppgc: Properly clear (Weak)Peristent and WeakMember pointers
>
> The CL addresses two issues with (Weak)Persistent and WeakMember:
> 1. (Weak)Persistent pointers are cleared on heap teardown. Before this
> CL the pointers would contain stale values which could lead to UAF.
> 2. WeakPersistent and WeakMember are cleared using a combination of
> internal clearing methods and mutable fields which avoids the use
> of const_cast<>.
>
> Bug: chromium:1056170
> Change-Id: Ibf2b0f0856771b4f6906608cde13a6d43ebf81f3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248190
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68394}
Bug: chromium:1056170
Change-Id: I3d74b43464c2973df1956f51b1419d755dd9f519
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250240
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68426}
The CL addresses two issues with (Weak)Persistent and WeakMember:
1. (Weak)Persistent pointers are cleared on heap teardown. Before this
CL the pointers would contain stale values which could lead to UAF.
2. WeakPersistent and WeakMember are cleared using a combination of
internal clearing methods and mutable fields which avoids the use
of const_cast<>.
Bug: chromium:1056170
Change-Id: Ibf2b0f0856771b4f6906608cde13a6d43ebf81f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248190
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68394}
The category name changed in https://crrev.com/c/2159690 (in
depot_tools), hence presubmit tests start failing whenever someone
touches a file which still refers to the old category.
R=zhin@chromium.orgTBR=machenbach@chromium.org
No-Try: true
No-Tree-Checks: true
Change-Id: I62813a42d63e512d421c4fe94229d04a56056978
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165760
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67403}
- Fixes includes to be relative to include/ which allows embedders
to just add V8's include directory to get started.
- Adds public target for the library as "cppgc".
Bug: chromium:1056170
Change-Id: Iec9b644e20016a5d7281275b739821a050fd2540
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2157366
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67278}
Introduce LivenessBroker which is a temporary broker object to expose
liveness during specific garbage collection phases.
This broker can be used to handle:
- PreFinalizer
- Custom weak callbacks
- Internal weak callbacks used for WeakMember
Change-Id: I3870c2b89b2538f04feabf2eb7a4676ce2fe7d61
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144059
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67107}
