• Maya Lekova's avatar
    Reland "[fastcall] Add support for leaf interface type checks" · 5540fbfc
    Maya Lekova authored
    This is a reland of 6124a534
    
    It fixes a UAF issue in the d8 test by moving the test API object
    constructor to PerIsolateData. It also fixes a crash in Chromium
    caused by current usage of v8::ApiObject, which should be migrated
    to v8::Value*.
    
    Original change's description:
    > [fastcall] Add support for leaf interface type checks
    >
    > This CL adds an IsTemplateForApiObject method to FunctionTemplate
    > allowing the embedder to check whether a given API object was
    > instantiated by this template without including parent templates
    > in the search. It also replaces the v8::ApiObject in the fast API
    > with a raw v8::Value pointer to allow use of standard C++ casts.
    >
    > Bug: chromium:1052746
    > Change-Id: I0812ec8b4daaa5f5005aabf10b63e1e84e0b8f03
    > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595310
    > Commit-Queue: Maya Lekova <mslekova@chromium.org>
    > Reviewed-by: Georg Neis <neis@chromium.org>
    > Reviewed-by: Camillo Bruni <cbruni@chromium.org>
    > Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
    > Cr-Commit-Position: refs/heads/master@{#73999}
    
    Bug: chromium:1052746, chromium:1199900
    Change-Id: I4b7f0c9e9152919dde4a1d0c48fbf5ac8c5b13d8
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2835711Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
    Reviewed-by: 's avatarSathya Gunasekaran  <gsathya@chromium.org>
    Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
    Commit-Queue: Maya Lekova <mslekova@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#74064}
    5540fbfc
d8.cc 178 KB