[objects] Add extension field to JSArrayBuffer

Add pointer-sized field extension to the JSArrayBuffer class. Only reserve space for this field when feature is enabled for now. Bug: v8:10064 Change-Id: Idb6fdcdce2a048e6aed9a892bc46ce029e1119f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1956166Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#65471}

[objects] Add extension field to JSArrayBuffer
Add pointer-sized field extension to the JSArrayBuffer class. Only reserve space for this field when feature is enabled for now. Bug: v8:10064 Change-Id: Idb6fdcdce2a048e6aed9a892bc46ce029e1119f3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1956166Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#65471}
221f4068 · Dominik Inführ · Commit Bot · 9c37ec0b · 221f4068 · 221f4068
Commit 221f4068 authored Dec 16, 2019 by Dominik Inführ Committed by Commit Bot Dec 17, 2019
5 changed files
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -124,6 +124,9 @@ declare_args() {
  # Sets -dV8_CONCURRENT_MARKING
  v8_enable_concurrent_marking = true
+  # Sets -dV8_ARRAY_BUFFER_EXTENSION
+  v8_enable_array_buffer_extension = true
  # Enables various testing features.
  v8_enable_test_features = ""
@@ -455,6 +458,9 @@ config("features") {
  if (v8_enable_concurrent_marking) {
    defines += [ "V8_CONCURRENT_MARKING" ]
  }
+  if (v8_enable_array_buffer_extension) {
+    defines += [ "V8_ARRAY_BUFFER_EXTENSION" ]
+  }
  if (v8_enable_lazy_source_positions) {
    defines += [ "V8_ENABLE_LAZY_SOURCE_POSITIONS" ]
  }
@@ -1665,6 +1671,8 @@ v8_compiler_sources = [
  "src/compiler/access-builder.h",
  "src/compiler/access-info.cc",
  "src/compiler/access-info.h",
+  "src/compiler/add-type-assertions-reducer.cc",
+  "src/compiler/add-type-assertions-reducer.h",
  "src/compiler/all-nodes.cc",
  "src/compiler/all-nodes.h",
  "src/compiler/allocation-builder-inl.h",
@@ -1873,8 +1881,6 @@ v8_compiler_sources = [
  "src/compiler/state-values-utils.h",
  "src/compiler/store-store-elimination.cc",
  "src/compiler/store-store-elimination.h",
-  "src/compiler/add-type-assertions-reducer.cc",
-  "src/compiler/add-type-assertions-reducer.h",
  "src/compiler/type-cache.cc",
  "src/compiler/type-cache.h",
  "src/compiler/type-narrowing-reducer.cc",

--- a/src/flags/flag-definitions.h
+++ b/src/flags/flag-definitions.h
@@ -886,6 +886,11 @@ DEFINE_BOOL(write_protect_code_memory, true, "write protect code memory")
 #endif
 DEFINE_BOOL(concurrent_marking, V8_CONCURRENT_MARKING_BOOL,
            "use concurrent marking")
+#ifdef V8_ARRAY_BUFFER_EXTENSION
+#define V8_ARRAY_BUFFER_EXTENSION_BOOL true
+#else
+#define V8_ARRAY_BUFFER_EXTENSION_BOOL false
+#endif
 DEFINE_BOOL(parallel_marking, true, "use parallel marking in atomic pause")
 DEFINE_INT(ephemeron_fixpoint_iterations, 10,
           "number of fixpoint iterations it takes to switch to linear "

--- a/src/objects/js-array-buffer-inl.h
+++ b/src/objects/js-array-buffer-inl.h
@@ -40,10 +40,26 @@ void* JSArrayBuffer::backing_store() const {
  return reinterpret_cast<void*>(ReadField<Address>(kBackingStoreOffset));
 }
-void JSArrayBuffer::set_backing_store(void* value, WriteBarrierMode mode) {
+void JSArrayBuffer::set_backing_store(void* value) {
  WriteField<Address>(kBackingStoreOffset, reinterpret_cast<Address>(value));
 }
+void* JSArrayBuffer::extension() const {
+  if (V8_ARRAY_BUFFER_EXTENSION_BOOL) {
+    return reinterpret_cast<void*>(ReadField<Address>(kExtensionOffset));
+  } else {
+    return nullptr;
+  }
+}
+void JSArrayBuffer::set_extension(void* value) {
+  if (V8_ARRAY_BUFFER_EXTENSION_BOOL) {
+    WriteField<Address>(kExtensionOffset, reinterpret_cast<Address>(value));
+  } else {
+    CHECK_EQ(value, nullptr);
+  }
+}
 size_t JSArrayBuffer::allocation_length() const {
  if (backing_store() == nullptr) {
    return 0;

--- a/src/objects/js-array-buffer.cc
+++ b/src/objects/js-array-buffer.cc
@@ -43,13 +43,13 @@ void JSArrayBuffer::Setup(SharedFlag shared,
  for (int i = 0; i < v8::ArrayBuffer::kEmbedderFieldCount; i++) {
    SetEmbedderField(i, Smi::zero());
  }
+  set_extension(nullptr);
  if (!backing_store) {
    set_backing_store(nullptr);
    set_byte_length(0);
  } else {
    Attach(std::move(backing_store));
  }
  if (shared == SharedFlag::kShared) {
    GetIsolate()->CountUsage(
        v8::Isolate::UseCounterFeature::kSharedArrayBufferConstructed);

--- a/src/objects/js-array-buffer.h
+++ b/src/objects/js-array-buffer.h
@@ -31,7 +31,10 @@ class JSArrayBuffer : public JSObject {
  DECL_PRIMITIVE_ACCESSORS(byte_length, size_t)
  // [backing_store]: backing memory for this array
-  DECL_ACCESSORS(backing_store, void*)
+  DECL_PRIMITIVE_ACCESSORS(backing_store, void*)
+  // [extension]: extension object used for GC
+  DECL_PRIMITIVE_ACCESSORS(extension, void*)
  // For non-wasm, allocation_length and allocation_base are byte_length and
  // backing_store, respectively.
@@ -110,6 +113,8 @@ class JSArrayBuffer : public JSObject {
  /* Raw data fields. */                                                    \
  V(kByteLengthOffset, kUIntptrSize)                                        \
  V(kBackingStoreOffset, kSystemPointerSize)                                \
+  V(kExtensionOffset,                                                       \
+    (V8_ARRAY_BUFFER_EXTENSION_BOOL ? kSystemPointerSize : 0))              \
  V(kBitFieldOffset, kInt32Size)                                            \
  /* Pads header size to be a multiple of kTaggedSize. */                   \
  V(kOptionalPaddingOffset, OBJECT_POINTER_PADDING(kOptionalPaddingOffset)) \