Skip to content

V
V8
Commit 37869a07 authored by Samuel Groß's avatar Samuel Groß Committed by V8 LUCI CQ
Browse files
Options

Allow GC during Deserializer::PostProcessNewJSReceiver 

JSArrayBuffer::Setup may trigger GC during PostProcessNewJSReceiver.
This is Ok if we drop the raw_obj parameter and instead always reference
the object through a Handle.

Bug: v8:13121
Change-Id: I70361b16a48599ff83094d11008f6288a1402c7f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810342
Auto-Submit: Samuel Groß <saelo@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82289}
parent 116e84ef
Show whitespace changes
Inline Side-by-side
Showing with 9 additions and 11 deletions
src/snapshot/deserializer.cc
View file @ 37869a07
...@@ -356,15 +356,12 @@ void PostProcessExternalString(ExternalString string, Isolate* isolate) { ...@@ -356,15 +356,12 @@ void PostProcessExternalString(ExternalString string, Isolate* isolate) {
template <typename IsolateT> template <typename IsolateT>
void Deserializer<IsolateT>::PostProcessNewJSReceiver( void Deserializer<IsolateT>::PostProcessNewJSReceiver(
Map map, Handle<JSReceiver> obj, JSReceiver raw_obj, Map map, Handle<JSReceiver> obj, InstanceType instance_type,
InstanceType instance_type, SnapshotSpace space) { SnapshotSpace space) {
DisallowGarbageCollection no_gc;
DCHECK_EQ(*obj, raw_obj);
DCHECK_EQ(raw_obj.map(), map);
DCHECK_EQ(map.instance_type(), instance_type); DCHECK_EQ(map.instance_type(), instance_type);
if (InstanceTypeChecker::IsJSDataView(instance_type)) { if (InstanceTypeChecker::IsJSDataView(instance_type)) {
auto data_view = JSDataView::cast(raw_obj); auto data_view = JSDataView::cast(*obj);
auto buffer = JSArrayBuffer::cast(data_view.buffer()); auto buffer = JSArrayBuffer::cast(data_view.buffer());
if (buffer.was_detached()) { if (buffer.was_detached()) {
// Directly set the data pointer to point to the EmptyBackingStoreBuffer. // Directly set the data pointer to point to the EmptyBackingStoreBuffer.
...@@ -379,7 +376,7 @@ void Deserializer<IsolateT>::PostProcessNewJSReceiver( ...@@ -379,7 +376,7 @@ void Deserializer<IsolateT>::PostProcessNewJSReceiver(
reinterpret_cast<uint8_t*>(backing_store) + data_view.byte_offset()); reinterpret_cast<uint8_t*>(backing_store) + data_view.byte_offset());
} }
} else if (InstanceTypeChecker::IsJSTypedArray(instance_type)) { } else if (InstanceTypeChecker::IsJSTypedArray(instance_type)) {
auto typed_array = JSTypedArray::cast(raw_obj); auto typed_array = JSTypedArray::cast(*obj);
// Note: ByteArray objects must not be deferred s.t. they are // Note: ByteArray objects must not be deferred s.t. they are
// available here for is_on_heap(). See also: CanBeDeferred. // available here for is_on_heap(). See also: CanBeDeferred.
// Fixup typed array pointers. // Fixup typed array pointers.
...@@ -397,7 +394,7 @@ void Deserializer<IsolateT>::PostProcessNewJSReceiver( ...@@ -397,7 +394,7 @@ void Deserializer<IsolateT>::PostProcessNewJSReceiver(
typed_array.byte_offset()); typed_array.byte_offset());
} }
} else if (InstanceTypeChecker::IsJSArrayBuffer(instance_type)) { } else if (InstanceTypeChecker::IsJSArrayBuffer(instance_type)) {
auto buffer = JSArrayBuffer::cast(raw_obj); auto buffer = JSArrayBuffer::cast(*obj);
uint32_t store_index = buffer.GetBackingStoreRefForDeserialization(); uint32_t store_index = buffer.GetBackingStoreRefForDeserialization();
if (store_index == kEmptyBackingStoreRefSentinel) { if (store_index == kEmptyBackingStoreRefSentinel) {
buffer.set_backing_store(main_thread_isolate(), buffer.set_backing_store(main_thread_isolate(),
...@@ -510,9 +507,10 @@ void Deserializer<IsolateT>::PostProcessNewObject(Handle<Map> map, ...@@ -510,9 +507,10 @@ void Deserializer<IsolateT>::PostProcessNewObject(Handle<Map> map,
PostProcessExternalString(ExternalString::cast(raw_obj), PostProcessExternalString(ExternalString::cast(raw_obj),
main_thread_isolate()); main_thread_isolate());
} else if (InstanceTypeChecker::IsJSReceiver(instance_type)) { } else if (InstanceTypeChecker::IsJSReceiver(instance_type)) {
// PostProcessNewJSReceiver may trigger GC.
no_gc.Release();
return PostProcessNewJSReceiver(raw_map, Handle<JSReceiver>::cast(obj), return PostProcessNewJSReceiver(raw_map, Handle<JSReceiver>::cast(obj),
JSReceiver::cast(raw_obj), instance_type, instance_type, space);
space);
} else if (InstanceTypeChecker::IsDescriptorArray(instance_type)) { } else if (InstanceTypeChecker::IsDescriptorArray(instance_type)) {
DCHECK(InstanceTypeChecker::IsStrongDescriptorArray(instance_type)); DCHECK(InstanceTypeChecker::IsStrongDescriptorArray(instance_type));
Handle<DescriptorArray> descriptors = Handle<DescriptorArray>::cast(obj); Handle<DescriptorArray> descriptors = Handle<DescriptorArray>::cast(obj);
......
src/snapshot/deserializer.h
View file @ 37869a07
...@@ -187,7 +187,7 @@ class Deserializer : public SerializerDeserializer { ...@@ -187,7 +187,7 @@ class Deserializer : public SerializerDeserializer {
void PostProcessNewObject(Handle<Map> map, Handle<HeapObject> obj, void PostProcessNewObject(Handle<Map> map, Handle<HeapObject> obj,
SnapshotSpace space); SnapshotSpace space);
void PostProcessNewJSReceiver(Map map, Handle<JSReceiver> obj, void PostProcessNewJSReceiver(Map map, Handle<JSReceiver> obj,
JSReceiver raw_obj, InstanceType instance_type, InstanceType instance_type,
SnapshotSpace space); SnapshotSpace space);
HeapObject Allocate(AllocationType allocation, int size, HeapObject Allocate(AllocationType allocation, int size,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment