Commit d776fd9d authored by Andreas Haas's avatar Andreas Haas Committed by V8 LUCI CQ

[factory] Initialize bit fields in InitializeMap earlier

The method SetInstanceDescriptors accessed the bit field before it got
initialized, which is undefined behavior.

R=cbruni@chromium.org

Change-Id: Ie17e6e840a9a4278e066278d1ce81ac4b836a429
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3400970Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78684}
parent 0c4a512d
...@@ -1814,6 +1814,14 @@ Map Factory::InitializeMap(Map map, InstanceType type, int instance_size, ...@@ -1814,6 +1814,14 @@ Map Factory::InitializeMap(Map map, InstanceType type, int instance_size,
ElementsKind elements_kind, ElementsKind elements_kind,
int inobject_properties) { int inobject_properties) {
DisallowGarbageCollection no_gc; DisallowGarbageCollection no_gc;
map.set_bit_field(0);
map.set_bit_field2(Map::Bits2::NewTargetIsBaseBit::encode(true));
int bit_field3 =
Map::Bits3::EnumLengthBits::encode(kInvalidEnumCacheSentinel) |
Map::Bits3::OwnsDescriptorsBit::encode(true) |
Map::Bits3::ConstructionCounterBits::encode(Map::kNoSlackTracking) |
Map::Bits3::IsExtensibleBit::encode(true);
map.set_bit_field3(bit_field3);
map.set_instance_type(type); map.set_instance_type(type);
HeapObject raw_null_value = *null_value(); HeapObject raw_null_value = *null_value();
map.set_prototype(raw_null_value, SKIP_WRITE_BARRIER); map.set_prototype(raw_null_value, SKIP_WRITE_BARRIER);
...@@ -1840,14 +1848,6 @@ Map Factory::InitializeMap(Map map, InstanceType type, int instance_size, ...@@ -1840,14 +1848,6 @@ Map Factory::InitializeMap(Map map, InstanceType type, int instance_size,
map.SetInstanceDescriptors(isolate(), *empty_descriptor_array(), 0); map.SetInstanceDescriptors(isolate(), *empty_descriptor_array(), 0);
// Must be called only after |instance_type| and |instance_size| are set. // Must be called only after |instance_type| and |instance_size| are set.
map.set_visitor_id(Map::GetVisitorId(map)); map.set_visitor_id(Map::GetVisitorId(map));
map.set_bit_field(0);
map.set_bit_field2(Map::Bits2::NewTargetIsBaseBit::encode(true));
int bit_field3 =
Map::Bits3::EnumLengthBits::encode(kInvalidEnumCacheSentinel) |
Map::Bits3::OwnsDescriptorsBit::encode(true) |
Map::Bits3::ConstructionCounterBits::encode(Map::kNoSlackTracking) |
Map::Bits3::IsExtensibleBit::encode(true);
map.set_bit_field3(bit_field3);
DCHECK(!map.is_in_retained_map_list()); DCHECK(!map.is_in_retained_map_list());
map.clear_padding(); map.clear_padding();
map.set_elements_kind(elements_kind); map.set_elements_kind(elements_kind);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment