[runtime] Avoid handles in PropertyCell-related code

Bug: v8:11263 Change-Id: I02c51fae400a9a5d67376ed645ea01be4ef1dc1e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3417437Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#78810}

[runtime] Avoid handles in PropertyCell-related code
Bug: v8:11263 Change-Id: I02c51fae400a9a5d67376ed645ea01be4ef1dc1e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3417437Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#78810}
9f4f472b · Camillo Bruni · V8 LUCI CQ · 2775ad63 · 9f4f472b · 9f4f472b
Commit 9f4f472b authored Jan 26, 2022 by Camillo Bruni Committed by V8 LUCI CQ Jan 27, 2022
Showing with 26 additions and 28 deletions

lookup.cc src/objects/lookup.cc +1 -1

objects.cc src/objects/objects.cc +21 -21

property-cell.h src/objects/property-cell.h +3 -5

web-snapshot.cc src/web-snapshot/web-snapshot.cc +1 -1

No files found.
--- a/src/objects/lookup.cc
+++ b/src/objects/lookup.cc
@@ -587,7 +587,7 @@ void LookupIterator::PrepareTransitionToDataProperty(
      // Don't set enumeration index (it will be set during value store).
      property_details_ =
          PropertyDetails(PropertyKind::kData, attributes,
-                          PropertyCell::InitialType(isolate_, value));
+                          PropertyCell::InitialType(isolate_, *value));
      transition_ = isolate_->factory()->NewPropertyCell(
          name(), property_details_, value);
      has_property_ = true;

--- a/src/objects/objects.cc
+++ b/src/objects/objects.cc
@@ -6516,38 +6516,36 @@ Handle<PropertyCell> PropertyCell::InvalidateAndReplaceEntry(
  return new_cell;
 }
-static bool RemainsConstantType(Handle<PropertyCell> cell,
+static bool RemainsConstantType(PropertyCell cell, Object value) {
-                                Handle<Object> value) {
+  DisallowGarbageCollection no_gc;
  // TODO(dcarney): double->smi and smi->double transition from kConstant
-  if (cell->value().IsSmi() && value->IsSmi()) {
+  if (cell.value().IsSmi() && value.IsSmi()) {
    return true;
-  } else if (cell->value().IsHeapObject() && value->IsHeapObject()) {
+  } else if (cell.value().IsHeapObject() && value.IsHeapObject()) {
-    return HeapObject::cast(cell->value()).map() ==
+    Map map = HeapObject::cast(value).map();
-               HeapObject::cast(*value).map() &&
+    return HeapObject::cast(cell.value()).map() == map && map.is_stable();
-           HeapObject::cast(*value).map().is_stable();
  }
  return false;
 }
 // static
-PropertyCellType PropertyCell::InitialType(Isolate* isolate,
+PropertyCellType PropertyCell::InitialType(Isolate* isolate, Object value) {
-                                           Handle<Object> value) {
+  return value.IsUndefined(isolate) ? PropertyCellType::kUndefined
-  return value->IsUndefined(isolate) ? PropertyCellType::kUndefined
+                                    : PropertyCellType::kConstant;
-                                     : PropertyCellType::kConstant;
 }
 // static
-PropertyCellType PropertyCell::UpdatedType(Isolate* isolate,
+PropertyCellType PropertyCell::UpdatedType(Isolate* isolate, PropertyCell cell,
-                                           Handle<PropertyCell> cell,
+                                           Object value,
-                                           Handle<Object> value,
                                           PropertyDetails details) {
-  DCHECK(!value->IsTheHole(isolate));
+  DisallowGarbageCollection no_gc;
-  DCHECK(!cell->value().IsTheHole(isolate));
+  DCHECK(!value.IsTheHole(isolate));
+  DCHECK(!cell.value().IsTheHole(isolate));
  switch (details.cell_type()) {
    case PropertyCellType::kUndefined:
      return PropertyCellType::kConstant;
    case PropertyCellType::kConstant:
-      if (*value == cell->value()) return PropertyCellType::kConstant;
+      if (value == cell.value()) return PropertyCellType::kConstant;
      V8_FALLTHROUGH;
    case PropertyCellType::kConstantType:
      if (RemainsConstantType(cell, value)) {
@@ -6565,9 +6563,9 @@ Handle<PropertyCell> PropertyCell::PrepareForAndSetValue(
    Isolate* isolate, Handle<GlobalDictionary> dictionary, InternalIndex entry,
    Handle<Object> value, PropertyDetails details) {
  DCHECK(!value->IsTheHole(isolate));
-  Handle<PropertyCell> cell(dictionary->CellAt(entry), isolate);
+  PropertyCell raw_cell = dictionary->CellAt(entry);
-  CHECK(!cell->value().IsTheHole(isolate));
+  CHECK(!raw_cell.value().IsTheHole(isolate));
-  const PropertyDetails original_details = cell->property_details();
+  const PropertyDetails original_details = raw_cell.property_details();
  // Data accesses could be cached in ics or optimized code.
  bool invalidate = original_details.kind() == PropertyKind::kData &&
                    details.kind() == PropertyKind::kAccessor;
@@ -6576,9 +6574,11 @@ Handle<PropertyCell> PropertyCell::PrepareForAndSetValue(
  details = details.set_index(index);
  PropertyCellType new_type =
-      UpdatedType(isolate, cell, value, original_details);
+      UpdatedType(isolate, raw_cell, *value, original_details);
  details = details.set_cell_type(new_type);
+  Handle<PropertyCell> cell(raw_cell, isolate);
  if (invalidate) {
    cell = PropertyCell::InvalidateAndReplaceEntry(isolate, dictionary, entry,
                                                   details, value);

--- a/src/objects/property-cell.h
+++ b/src/objects/property-cell.h
@@ -41,14 +41,12 @@ class PropertyCell
  // For protectors:
  void InvalidateProtector();
-  static PropertyCellType InitialType(Isolate* isolate, Handle<Object> value);
+  static PropertyCellType InitialType(Isolate* isolate, Object value);
  // Computes the new type of the cell's contents for the given value, but
  // without actually modifying the details.
-  static PropertyCellType UpdatedType(Isolate* isolate,
+  static PropertyCellType UpdatedType(Isolate* isolate, PropertyCell cell,
-                                      Handle<PropertyCell> cell,
+                                      Object value, PropertyDetails details);
-                                      Handle<Object> value,
-                                      PropertyDetails details);
  // Prepares property cell at given entry for receiving given value and sets
  // that value.  As a result the old cell could be invalidated and/or dependent

--- a/src/web-snapshot/web-snapshot.cc
+++ b/src/web-snapshot/web-snapshot.cc
@@ -1788,7 +1788,7 @@ void WebSnapshotDeserializer::DeserializeExports() {
    PropertyDetails property_details =
        PropertyDetails(PropertyKind::kData, NONE,
-                        PropertyCell::InitialType(isolate_, export_value));
+                        PropertyCell::InitialType(isolate_, *export_value));
    Handle<PropertyCell> transition_cell = isolate_->factory()->NewPropertyCell(
        export_name, property_details, export_value);