[arraybuffer] Flag EmptyBackingStore as free_on_destruct

In {EmptyBackingStore}, the {free_on_destruct} flag was not set as an optimization: Since there is no memory, it also does not have to be freed. However, this flag has a side-effect: any backing store where this flag is not set is considered {external}. The {external} flag is mis-used by blink to indicate if ArrayBuffers need to be wrapped or not. With this CL we set the {free_on_destruct} flag in {EmptyBackingStore}, but we change the ArrayBufferTracker to just ignore empty backing stores. R=ulan@chromium.org Bug: chromium:1008840 Change-Id: I1552a6e013c8b23f39fba1c2d9d9c61dc30c0c74 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924263Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#65067}

[arraybuffer] Flag EmptyBackingStore as free_on_destruct
In {EmptyBackingStore}, the {free_on_destruct} flag was not set as an optimization: Since there is no memory, it also does not have to be freed. However, this flag has a side-effect: any backing store where this flag is not set is considered {external}. The {external} flag is mis-used by blink to indicate if ArrayBuffers need to be wrapped or not. With this CL we set the {free_on_destruct} flag in {EmptyBackingStore}, but we change the ArrayBufferTracker to just ignore empty backing stores. R=ulan@chromium.org Bug: chromium:1008840 Change-Id: I1552a6e013c8b23f39fba1c2d9d9c61dc30c0c74 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924263Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#65067}
ec46cef0 · Andreas Haas · Commit Bot · 3b0329ab · ec46cef0 · ec46cef0
Commit ec46cef0 authored Nov 20, 2019 by Andreas Haas Committed by Commit Bot Nov 20, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

array-buffer-tracker-inl.h src/heap/array-buffer-tracker-inl.h +2 -0

backing-store.cc src/objects/backing-store.cc +1 -1

No files found.
--- a/src/heap/array-buffer-tracker-inl.h
+++ b/src/heap/array-buffer-tracker-inl.h
@@ -32,6 +32,8 @@ void ArrayBufferTracker::RegisterNew(
    Heap* heap, JSArrayBuffer buffer,
    std::shared_ptr<BackingStore> backing_store) {
  if (!backing_store) return;
+  // If {buffer_start} is {nullptr}, we don't have to track and free it.
+  if (!backing_store->buffer_start()) return;

  // ArrayBuffer tracking works only for small objects.
  DCHECK(!heap->IsLargeObject(buffer));

--- a/src/objects/backing-store.cc
+++ b/src/objects/backing-store.cc
@@ -542,7 +542,7 @@ std::unique_ptr<BackingStore> BackingStore::EmptyBackingStore(
                                 0,        // capacity
                                 shared,   // shared
                                 false,    // is_wasm_memory
-                                 false,    // free_on_destruct
+                                 true,     // free_on_destruct
                                 false,    // has_guard_regions
                                 false);   // custom_deleter