[heap] Fix NewArrayList tripping DCHECK with LocalFactory

LocalFactory::AllocateRaw() only allows the kOld and kSharedOld allocation types, but NewArrayList() calls NewFixedArray() without an explicit allocation argument, which then defaults to kYoung. Add an allocation argument to NewArrayList() with the same default value as for NewFixedArray() and pass kOld when calling it from NewScriptWithId() to avoid tripping the DCHECK with LocalFactory. Follow-up to https://crrev.com/c/3211575 Bug: chromium:1244145 Change-Id: I88d394bda250c45bf49141b78c09f6ca4a61dbe3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3354087Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#78540}

[heap] Fix NewArrayList tripping DCHECK with LocalFactory
LocalFactory::AllocateRaw() only allows the kOld and kSharedOld allocation types, but NewArrayList() calls NewFixedArray() without an explicit allocation argument, which then defaults to kYoung. Add an allocation argument to NewArrayList() with the same default value as for NewFixedArray() and pass kOld when calling it from NewScriptWithId() to avoid tripping the DCHECK with LocalFactory. Follow-up to https://crrev.com/c/3211575 Bug: chromium:1244145 Change-Id: I88d394bda250c45bf49141b78c09f6ca4a61dbe3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3354087Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#78540}
d6f8af01 · Romain Pokrzywka · V8 LUCI CQ · 2cc1b981 · d6f8af01 · d6f8af01
Commit d6f8af01 authored Dec 23, 2021 by Romain Pokrzywka Committed by V8 LUCI CQ Jan 10, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 4 deletions

factory-base.cc src/heap/factory-base.cc +5 -3

factory-base.h src/heap/factory-base.h +2 -1

No files found.
--- a/src/heap/factory-base.cc
+++ b/src/heap/factory-base.cc
@@ -250,7 +250,7 @@ Handle<Script> FactoryBase<Impl>::NewScriptWithId(
  // Create and initialize script object.
  ReadOnlyRoots roots = read_only_roots();
 #ifdef V8_SCRIPTORMODULE_LEGACY_LIFETIME
-  Handle<ArrayList> list = NewArrayList(0);
+  Handle<ArrayList> list = NewArrayList(0, AllocationType::kOld);
 #endif
  Handle<Script> script = handle(
      NewStructInternal<Script>(SCRIPT_TYPE, AllocationType::kOld), isolate());
@@ -286,8 +286,10 @@ Handle<Script> FactoryBase<Impl>::NewScriptWithId(
 }
 template <typename Impl>
-Handle<ArrayList> FactoryBase<Impl>::NewArrayList(int size) {
+Handle<ArrayList> FactoryBase<Impl>::NewArrayList(int size,
-  Handle<FixedArray> fixed_array = NewFixedArray(size + ArrayList::kFirstIndex);
+                                                  AllocationType allocation) {
+  Handle<FixedArray> fixed_array =
+      NewFixedArray(size + ArrayList::kFirstIndex, allocation);
  fixed_array->set_map_no_write_barrier(read_only_roots().array_list_map());
  Handle<ArrayList> result = Handle<ArrayList>::cast(fixed_array);
  result->SetLength(0);

--- a/src/heap/factory-base.h
+++ b/src/heap/factory-base.h
@@ -157,7 +157,8 @@ class EXPORT_TEMPLATE_DECLARE(V8_EXPORT_PRIVATE) FactoryBase
  Handle<Script> NewScriptWithId(Handle<PrimitiveHeapObject> source,
                                 int script_id);
-  Handle<ArrayList> NewArrayList(int size);
+  Handle<ArrayList> NewArrayList(
+      int size, AllocationType allocation = AllocationType::kYoung);
  Handle<SharedFunctionInfo> NewSharedFunctionInfoForLiteral(
      FunctionLiteral* literal, Handle<Script> script, bool is_toplevel);