Google Git
Sign in
chromium / v8 / v8 / 59acab802a319da23c1c005e062fbc2bab4d348b
commit59acab802a319da23c1c005e062fbc2bab4d348b[log] [tgz]
authorClemens Backes <clemensb@chromium.org>Thu Jan 04 10:01:36 2024
committerV8 LUCI CQ <v8-scoped@luci-project-accounts.iam.gserviceaccount.com>Thu Jan 04 15:22:24 2024
tree56c6b845319e8f575360331af85bf733b2c75a23
parent8cf17a14a78cc1276eb42e1b4bb699f705675530 [diff]
[wasm] Introduce WasmTrustedInstanceData

This CL moves most data from the WasmInstanceObject to a new
WasmTrustedInstanceData. As the name suggests, this new object is
allocated in the trusted space and can hence hold otherwise-unsafe data
(like direct pointers). As the Wasm instance was still storing some
unsafe pointers, this CL closes holes in the V8 sandbox, and allows us
to land follow-up refactorings to remove more indirections for
sandboxing (potentially after moving more data structures to the trusted
space).

The general idea is that during execution we mostly work with the
WasmTrustedInstanceData object. This is passed as a direct pointer to
Wasm functions and is stored in Wasm frames.
The WasmInstanceObject is the JS-exposed wrapper, which also holds
user-defined properties and elements.

See the design doc (linked from the tracking bug) for all the details.

R=ahaas@chromium.org, saelo@chromium.org

Bug: v8:14499
Change-Id: I44fc81078d0785db1507ffcad1c1aaca39351e45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5130974
Reviewed-by: Samuel Groß <saelo@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Eric Leese <leese@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#91680}
82 files changed
tree: 56c6b845319e8f575360331af85bf733b2c75a23
  1. .github/
  2. bazel/
  3. build_overrides/
  4. custom_deps/
  5. docs/
  6. gni/
  7. include/
  8. infra/
  9. samples/
  10. src/
  11. test/
  12. testing/
  13. third_party/
  14. tools/
  15. .bazelrc
  16. .clang-format
  17. .clang-tidy
  18. .editorconfig
  19. .flake8
  20. .git-blame-ignore-revs
  21. .gitattributes
  22. .gitignore
  23. .gn
  24. .mailmap
  25. .style.yapf
  26. .vpython3
  27. .ycm_extra_conf.py
  28. AUTHORS
  29. BUILD.bazel
  30. BUILD.gn
  31. CODE_OF_CONDUCT.md
  32. codereview.settings
  33. COMMON_OWNERS
  34. DEPS
  35. DIR_METADATA
  36. ENG_REVIEW_OWNERS
  37. INFRA_OWNERS
  38. INTL_OWNERS
  39. LICENSE
  40. LICENSE.fdlibm
  41. LICENSE.strongtalk
  42. LICENSE.v8
  43. LOONG_OWNERS
  44. MIPS_OWNERS
  45. OWNERS
  46. PPC_OWNERS
  47. PRESUBMIT.py
  48. README.md
  49. RISCV_OWNERS
  50. S390_OWNERS
  51. WATCHLISTS
  52. WORKSPACE
README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Google Chrome, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://v8.dev/docs

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned at v8.dev/docs/contribute.