AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
66,154 Commits 1 Branch 0 Tags 839 MiB
C++ 67.6%
JavaScript 30.1%
Python 1.2%
C 0.3%
TypeScript 0.3%
Other 0.4%
fc1d6f35ef
Go to file
Etienne Pierre-doray fc1d6f35ef Reland "Reland "[wasm]: Use CancelAndDetach and barrier on BackgroundCompileJob."" 
This is a reland of 064ee3c835

Issue 1: WasmEngine UAF when CompilationState is destroyed
asynchronously
Fix: Include https://chromium-review.googlesource.com/c/v8/v8/+/2565508
in this CL. Use OperationBarrier to keep WasmEngine alive.

Issue 2: In gin, JobTask lifetime is not extended beyond
JobHandle, thus making CancelAndDetach unusable.
This is fixed in chromium here:
https://chromium-review.googlesource.com/c/chromium/src/+/2566724

Original change's description:
> Reland "[wasm]: Use CancelAndDetach and barrier on BackgroundCompileJob."
>
> Reason for revert: Data race:
> https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/34121
>
> It was assume that MockPlatform runs everything on 1 thread. However,
> MockPlatform::PostJob previously would schedule the job through
> TestPlatform, which eventually posts concurrent tasks, thus causing
> data race.
> Fix: Manually calling NewDefaultJobHandle and passing the MockPlatform
> ensures the jobs also run sequentially.
>
> Additional change:
> - CancelAndDetach is now called in ~CompilationStateImpl() to make sure
> it's called in sequence with ScheduleCompileJobForNewUnits
>
> Original CL description:
> To avoid keeping around a list of job handles, CancelAndDetach() is
> used in CancelCompilation. Dependency on WasmEngine is handled by a
> barrier that waits on all jobs to finish.
>
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498659
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Original-Commit-Position: refs/heads/master@{#71074}
> Change-Id: Ie9556f7f96f6fb9a61ada0e5cbd58d4fb4a0f571
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2559137
> Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71459}

TBR=ulan@chromium.org

Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Change-Id: I6175092c97fea0d5f63a97af232e2d54cccea535
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2569360
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71662}
2020-12-08 15:42:15 +00:00
build_overrides tracing: Enable using Perfetto client library from Chromium 2020-05-11 11:17:57 +00:00
custom_deps
docs
gni cppgc: Fix cppgc build 2020-11-24 09:35:50 +00:00
include Allow casting to Primitive types from Data 2020-12-07 19:41:09 +00:00
infra [MB][test] Add builders for RISC-V 2020-12-07 13:14:55 +00:00
samples [api] Use shorter 8::Local::As<*> casts in more places 2020-11-28 11:04:26 +00:00
src Reland "Reland "[wasm]: Use CancelAndDetach and barrier on BackgroundCompileJob."" 2020-12-08 15:42:15 +00:00
test Reland "Reland "[wasm]: Use CancelAndDetach and barrier on BackgroundCompileJob."" 2020-12-08 15:42:15 +00:00
testing build: Remove no-op calls to set_sources_assignment_filter 2020-10-08 14:44:01 +00:00
third_party [csa][cleanup] Remove ParameterMode/TNodify StoreFixedDoubleArrayElement 2020-08-26 17:14:44 +00:00
tools [tools] Add system-analyzer list view 2020-12-08 12:26:24 +00:00
.clang-format
.clang-tidy
.editorconfig
.flake8
.git-blame-ignore-revs
.gitattributes
.gitignore [gcmole] Update to LLVM 9.0.1, bootstrap from git 2020-11-16 13:05:40 +00:00
.gn
.vpython
.ycm_extra_conf.py
AUTHORS Remove duplicate AUTHORS entry 2020-12-08 13:49:34 +00:00
BUILD.gn Reland "Reland "[wasm]: Use CancelAndDetach and barrier on BackgroundCompileJob."" 2020-12-08 15:42:15 +00:00
CODE_OF_CONDUCT.md
codereview.settings
COMMON_OWNERS Adding vahl@ to the common owners to be able to handle 2020-08-21 09:04:56 +00:00
DEPS Update V8 DEPS. 2020-12-08 03:49:03 +00:00
DIR_METADATA Add DIR_METADATA files to v8. 2020-10-20 22:12:28 +00:00
ENG_REVIEW_OWNERS
INFRA_OWNERS Add team members as owners 2020-08-18 08:29:04 +00:00
INTL_OWNERS add ftang as owner 2020-04-24 19:19:36 +00:00
LICENSE
LICENSE.fdlibm
LICENSE.strongtalk
LICENSE.v8
MIPS_OWNERS [mips] Request to be an owner of MIPS files 2020-11-23 09:43:49 +00:00
OWNERS Add DIR_METADATA files to v8. 2020-10-20 22:12:28 +00:00
PPC_OWNERS Adding myself to relevant OWNERS files. 2020-11-02 16:37:28 +00:00
PRESUBMIT.py [tools] Format JS files in system-analyzer/ if they're unformatted 2020-11-10 11:02:32 +00:00
README.md
S390_OWNERS Adding myself to relevant OWNERS files. 2020-11-02 16:37:28 +00:00
WATCHLISTS

README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://v8.dev/docs

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned at v8.dev/docs/contribute.