Skip to content

Commit

Permalink
deps: patch V8 to 7.9.317.23
Browse files Browse the repository at this point in the history
Refs: v8/v8@7.9.317.20...7.9.317.23

PR-URL: #30560
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Jiawen Geng <[email protected]>
  • Loading branch information
MylesBorins committed Nov 21, 2019
1 parent 03b5c46 commit cf1f1de
Show file tree
Hide file tree
Showing 9 changed files with 85 additions and 7 deletions.
2 changes: 1 addition & 1 deletion deps/v8/include/v8-version.h
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
#define V8_MAJOR_VERSION 7
#define V8_MINOR_VERSION 9
#define V8_BUILD_NUMBER 317
#define V8_PATCH_LEVEL 20
#define V8_PATCH_LEVEL 23

// Use 1 for candidates and 0 otherwise.
// (Boolean macro values are not supported by all preprocessors.)
Expand Down
5 changes: 2 additions & 3 deletions deps/v8/src/execution/isolate.cc
Original file line number Diff line number Diff line change
Expand Up @@ -4274,9 +4274,8 @@ void Isolate::AddDetachedContext(Handle<Context> context) {
HandleScope scope(this);
Handle<WeakArrayList> detached_contexts = factory()->detached_contexts();
detached_contexts = WeakArrayList::AddToEnd(
this, detached_contexts, MaybeObjectHandle(Smi::kZero, this));
detached_contexts = WeakArrayList::AddToEnd(this, detached_contexts,
MaybeObjectHandle::Weak(context));
this, detached_contexts, MaybeObjectHandle(Smi::kZero, this),
MaybeObjectHandle::Weak(context));
heap()->set_detached_contexts(*detached_contexts);
}

Expand Down
10 changes: 8 additions & 2 deletions deps/v8/src/objects/backing-store.cc
Original file line number Diff line number Diff line change
Expand Up @@ -605,8 +605,14 @@ std::shared_ptr<BackingStore> GlobalBackingStoreRegistry::Lookup(
return std::shared_ptr<BackingStore>();
}
auto backing_store = result->second.lock();
DCHECK_EQ(buffer_start, backing_store->buffer_start());
DCHECK_EQ(length, backing_store->byte_length());
CHECK_EQ(buffer_start, backing_store->buffer_start());
if (backing_store->is_wasm_memory()) {
// Grow calls to shared WebAssembly threads can be triggered from different
// workers, length equality cannot be guaranteed here.
CHECK_LE(length, backing_store->byte_length());
} else {
CHECK_EQ(length, backing_store->byte_length());
}
return backing_store;
}

Expand Down
6 changes: 6 additions & 0 deletions deps/v8/src/objects/fixed-array.h
Original file line number Diff line number Diff line change
Expand Up @@ -338,6 +338,12 @@ class WeakArrayList : public HeapObject {
Isolate* isolate, Handle<WeakArrayList> array,
const MaybeObjectHandle& value);

// A version that adds to elements. This ensures that the elements are
// inserted atomically w.r.t GC.
V8_EXPORT_PRIVATE static Handle<WeakArrayList> AddToEnd(
Isolate* isolate, Handle<WeakArrayList> array,
const MaybeObjectHandle& value1, const MaybeObjectHandle& value2);

inline MaybeObject Get(int index) const;
inline MaybeObject Get(Isolate* isolate, int index) const;

Expand Down
14 changes: 14 additions & 0 deletions deps/v8/src/objects/objects.cc
Original file line number Diff line number Diff line change
Expand Up @@ -3951,6 +3951,20 @@ Handle<WeakArrayList> WeakArrayList::AddToEnd(Isolate* isolate,
return array;
}

Handle<WeakArrayList> WeakArrayList::AddToEnd(Isolate* isolate,
Handle<WeakArrayList> array,
const MaybeObjectHandle& value1,
const MaybeObjectHandle& value2) {
int length = array->length();
array = EnsureSpace(isolate, array, length + 2);
// Reload length; GC might have removed elements from the array.
length = array->length();
array->Set(length, *value1);
array->Set(length + 1, *value2);
array->set_length(length + 2);
return array;
}

bool WeakArrayList::IsFull() { return length() == capacity(); }

// static
Expand Down
7 changes: 6 additions & 1 deletion deps/v8/src/wasm/wasm-objects.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1375,7 +1375,12 @@ int32_t WasmMemoryObject::Grow(Isolate* isolate,
new_pages);
// Broadcasting the update should update this memory object too.
CHECK_NE(*old_buffer, memory_object->array_buffer());
CHECK_EQ(new_byte_length, memory_object->array_buffer().byte_length());
// This is a less than check, as it is not guaranteed that the SAB
// length here will be equal to the stashed length above as calls to
// grow the same memory object can come in from different workers.
// It is also possible that a call to Grow was in progress when
// handling this call.
CHECK_LE(new_byte_length, memory_object->array_buffer().byte_length());
return static_cast<int32_t>(old_pages); // success
}
}
Expand Down
3 changes: 3 additions & 0 deletions deps/v8/test/mjsunit/mjsunit.status
Original file line number Diff line number Diff line change
Expand Up @@ -930,6 +930,9 @@
# Deadlocks on predictable platform (https://crbug.com/v8/9760).
'wasm/async-compile': [SKIP],
'wasm/streaming-compile': [SKIP],

# Race between postMessage and wasm memory.grow. (https://crbug.com/1010272).
'regress/wasm/regress-1010272': [SKIP],
}], # 'predictable == True'

##############################################################################
Expand Down
15 changes: 15 additions & 0 deletions deps/v8/test/mjsunit/regress/regress-1016703.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
// Copyright 2019 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// Flags: --expose-gc

let realms = [];
for (let i = 0; i < 4; i++) {
realms.push(Realm.createAllowCrossRealmAccess());
}

for (let i = 0; i < 4; i++) {
Realm.detachGlobal(realms[i]);
gc();
}
30 changes: 30 additions & 0 deletions deps/v8/test/mjsunit/regress/wasm/regress-1010272.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
// Copyright 2019 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// Flags: --wasm-grow-shared-memory --experimental-wasm-threads

const kNumWorkers = 100;
const kNumMessages = 50;

function AllocMemory(initial, maximum = initial) {
return new WebAssembly.Memory({initial : initial, maximum : maximum, shared : true});
}

(function RunTest() {
let worker = [];
for (let w = 0; w < kNumWorkers; w++) {
worker[w] = new Worker(
`onmessage =
function(msg) {
msg.memory.grow(1);
}`, {type : 'string'});
}

for (let i = 0; i < kNumMessages; i++) {
let memory = AllocMemory(1, 128);
for (let w = 0; w < kNumWorkers; w++) {
worker[w].postMessage({memory : memory});
}
}
})();

0 comments on commit cf1f1de

Please sign in to comment.