src/heap · 3834c6377ceaeba1209d8fff50f82ee3e712f9ea · Linshizhi / V8

[torque] Stricter object field verification, part 1 · 3834c637

Seth Brenith authored Jun 12, 2019

This change adjusts object initialization order for a few classes so
that the GC can never see those objects in an invalid, partially-
initialized state.

AccessorInfo: Just zeros out a few fields upon construction. This is the
simplest case.

FunctionTemplateInfo: Slightly changes the order in which fields are
set, so that the Smi field is set ahead of the call to SetCallHandler,
which can GC. Also a pretty simple case.

JSListFormat, JSPluralRules, JSRelativeTimeFormat, JSSegmenter: The spec
requires that we start with OrdinaryCreateFromConstructor, which has
observable side effects (it fetches the prototype from the new.target).
So we split JSObject::New in half: the first half does all of the user-
visible things and returns a Map, which we can pass to the second half
when we're ready to actually allocate the object.

JSTypedArray: Extends the pattern from JSListFormat into Torque code:
start with a Map and don't allocate the object until we're ready to set
all of its properties.

Bug: v8:9311
Change-Id: Id7703e8a0727ec756c774cfbb56af787658a111a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1646844
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62123}

3834c637

Name	Last commit	Last update
..
OWNERS		Loading commit data...
array-buffer-collector.cc		Loading commit data...
array-buffer-collector.h		Loading commit data...
array-buffer-tracker-inl.h		Loading commit data...
array-buffer-tracker.cc		Loading commit data...
array-buffer-tracker.h		Loading commit data...
barrier.h		Loading commit data...
code-stats.cc		Loading commit data...
code-stats.h		Loading commit data...
combined-heap.cc		Loading commit data...
combined-heap.h		Loading commit data...
concurrent-marking.cc		Loading commit data...
concurrent-marking.h		Loading commit data...
embedder-tracing.cc		Loading commit data...
embedder-tracing.h		Loading commit data...
factory-inl.h		Loading commit data...
factory.cc		Loading commit data...
factory.h		Loading commit data...
gc-idle-time-handler.cc		Loading commit data...
gc-idle-time-handler.h		Loading commit data...
gc-tracer.cc		Loading commit data...
gc-tracer.h		Loading commit data...
heap-controller.cc		Loading commit data...
heap-controller.h		Loading commit data...
heap-inl.h		Loading commit data...
heap-write-barrier-inl.h		Loading commit data...
heap-write-barrier.h		Loading commit data...
heap.cc		Loading commit data...
heap.h		Loading commit data...
incremental-marking-inl.h		Loading commit data...
incremental-marking-job.cc		Loading commit data...
incremental-marking-job.h		Loading commit data...
incremental-marking.cc		Loading commit data...
incremental-marking.h		Loading commit data...
invalidated-slots-inl.h		Loading commit data...
invalidated-slots.cc		Loading commit data...
invalidated-slots.h		Loading commit data...
item-parallel-job.cc		Loading commit data...
item-parallel-job.h		Loading commit data...
local-allocator-inl.h		Loading commit data...
local-allocator.h		Loading commit data...
mark-compact-inl.h		Loading commit data...
mark-compact.cc		Loading commit data...
mark-compact.h		Loading commit data...
marking.cc		Loading commit data...
marking.h		Loading commit data...
memory-reducer.cc		Loading commit data...
memory-reducer.h		Loading commit data...
object-stats.cc		Loading commit data...
object-stats.h		Loading commit data...
objects-visiting-inl.h		Loading commit data...
objects-visiting.cc		Loading commit data...
objects-visiting.h		Loading commit data...
read-only-heap-inl.h		Loading commit data...
read-only-heap.cc		Loading commit data...
read-only-heap.h		Loading commit data...
remembered-set.h		Loading commit data...
scavenge-job.cc		Loading commit data...
scavenge-job.h		Loading commit data...
scavenger-inl.h		Loading commit data...
scavenger.cc		Loading commit data...
scavenger.h		Loading commit data...
setup-heap-internal.cc		Loading commit data...
slot-set.cc		Loading commit data...
slot-set.h		Loading commit data...
spaces-inl.h		Loading commit data...
spaces.cc		Loading commit data...
spaces.h		Loading commit data...
store-buffer-inl.h		Loading commit data...
store-buffer.cc		Loading commit data...
store-buffer.h		Loading commit data...
stress-marking-observer.cc		Loading commit data...
stress-marking-observer.h		Loading commit data...
stress-scavenge-observer.cc		Loading commit data...
stress-scavenge-observer.h		Loading commit data...
sweeper.cc		Loading commit data...
sweeper.h		Loading commit data...
worklist.h		Loading commit data...