• Ben L. Titzer's avatar
    [arraybuffer] Rearchitect backing store ownership · 31cd5d83
    Ben L. Titzer authored
    This CL completely rearchitects the ownership of array buffer backing stores,
    consolidating ownership into a {BackingStore} C++ object that is tracked
    throughout V8 using unique_ptr and shared_ptr where appropriate.
    
    Overall, lifetime management is simpler and more explicit. The numerous
    ways that array buffers were initialized have been streamlined to one
    Attach() method on JSArrayBuffer. The array buffer tracker in the
    GC implementation now manages std::shared_ptr<BackingStore> pointers,
    and the construction and destruction of the BackingStore object itself
    handles the underlying page or embedder-allocated memory.
    
    The embedder API remains unchanged for now. We use the
    v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
    keep the backing store alive properly, even in the case of aliases
    from live heap objects. Thus the embedder has a lower chance of making
    a mistake. Long-term, we should move the embedder to a model where they
    manage backing stores using shared_ptr to an opaque backing store object.
    
    R=mlippautz@chromium.org
    BUG=v8:9380,v8:9221
    
    Change-Id: I48fae5ac85dcf6172a83f252439e77e7c1a16ccd
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584323
    Commit-Queue: Ben Titzer <titzer@chromium.org>
    Reviewed-by: 's avatarBen Titzer <titzer@chromium.org>
    Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
    Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
    Reviewed-by: 's avatarDeepti Gandluri <gdeepti@chromium.org>
    Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
    Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#62572}
    31cd5d83
js-array-buffer-inl.h 5.54 KB