Skip to content

V
V8
Commit 274eb226 authored by Georg Neis's avatar Georg Neis Committed by V8 LUCI CQ
Browse files
Options

[compiler] Load FixedArray length atomically 

... in FixedArrayBaseData's constructor. Also make get/TryGet check
if right-trimming happened (at the moment these methods are used such
that it can't happen yet).

Bug: v8:7790, v8:11956
Change-Id: I6bd23426b26bb7115c9d0f190eb4be04149368fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3018087
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75740}
parent adba0512
Hide whitespace changes
Inline Side-by-side
Showing with 10 additions and 2 deletions
src/compiler/heap-refs.cc
View file @ 274eb226
......@@ -1476,7 +1476,7 @@ class FixedArrayBaseData : public HeapObjectData {
FixedArrayBaseData(JSHeapBroker* broker, ObjectData** storage,
Handle<FixedArrayBase> object, ObjectDataKind kind)
: HeapObjectData(broker, storage, object, kind),
length_(object->length()) {}
length_(object->length(kAcquireLoad)) {}
int length() const { return length_; }
......@@ -2749,7 +2749,15 @@ int ArrayBoilerplateDescriptionRef::constants_elements_length() const {
ObjectRef FixedArrayRef::get(int i) const { return TryGet(i).value(); }
base::Optional<ObjectRef> FixedArrayRef::TryGet(int i) const {
return TryMakeRef(broker(), object()->get(i, kRelaxedLoad));
DisallowGarbageCollection no_gc;
CHECK_GE(i, 0);
Object value = object()->get(i, kAcquireLoad);
if (i >= object()->length(kAcquireLoad)) {
// Right-trimming happened.
CHECK_LT(i, length());
return {};
}
return TryMakeRef(broker(), value);
}
Float64 FixedDoubleArrayRef::GetFromImmutableFixedDoubleArray(int i) const {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment