• Z Nguyen-Huu's avatar
    Add new nonextensible element kinds · 1f4bec27
    Z Nguyen-Huu authored
    Currently the backing store and elements kind might not aligned aka
    backing store can be dictionary where elements kind is frozen/sealed
    element kinds or the other way around. The reason is that
    Object.preventExtensions change elements kind to DICTIONARY while
    Object.seal/freeze change elements kind to SEALED/FROZEN element kind.
    Apply both these operations can lead to that problem as in
    chromium:992914
    
    To solve this issue, we avoid Object.preventExtensions to change backing
    store to dictionary by introducing new nonextensible elements kind.
    These new nonextensible elements kind are handled similar to frozen,
    sealed element kinds. This change not only fixes the problem but also
    optimize the performance of nonextensible objects.
    
    Change-Id: Iffc7f14eb48223c11abf3c577f305d2d072eb65b
    Bug: chromium:992914, v8:6831
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1760976
    Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
    Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
    Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#63432}
    1f4bec27
builtins-array-gen.cc 88.5 KB