[heap] Only main thread handles may reference left-trimmed objects
Left-trimming only works when there is a single reference to the backing store from the JS object. Main thread handles are an exception to this rule because it is not feasible to ensure that no such leftover handles may store such stale pointers. FixStaleLeftTrimmedHandlesVisitor clears such references in main thread handles, such that the GC never tries to visit them. This CL renames this class to ClearStaleLeftTrimmedHandlesVisitor to emphasize that such slots are cleared rather than "fixed up" to point to the new object start. Previously ClearStaleLeftTrimmedHandlesVisitor was used for local and persistent handles as well. Starting with this CL, stale references to left-trimmed objects are only allowed in main thread handles. https://crrev.com/c/2928502 enabled us to be more restrictive here. Change-Id: If4db0630f1df2d6c3fe5f242bf866c57a8ae2969 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944807Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#74989}
Showing
Please
register
or
sign in
to comment