-
Jakob Gruber authored
There are two aspects to the non-JSObject parts of JSArrayRef: - JSArrayRef::length. Relevant only in two spots, 1. when reading (immutable) array boilerplates and 2. for GetOwnCowElement. - JSArrayRef::GetOwnCowElement. May read into a copy-on-write backing store. Relies on the invariant that cow backing stores are immutable. This CL renames the length accessor to length_unsafe to make the danger explicit at callsites. For GetOwnCowElement the refactor is slightly larger, since we now need to read into the backing store while keeping full control of object reads (e.g. JSArray::length and JSArray::elements_kind). We make all reads explicit at the call site by requiring that elements, elements kind, and length are passed in as arguments to GetOwnCowElement. Inside GetOwnCowElement, consistency between these is *not* guaranteed due to concurrency. At runtime, consistency *is* guaranteed through the reference-equality check on the elements seen during compilation. The actual elements read is implemented in ConcurrentLookupIterator::GetOwnCowElement. Bug: v8:7790 Change-Id: I9aa169ce4f2b1e2bfe1e9232007669eb7654a995 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695403 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#72834}
76a2ab06
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| benchmarks | ||
| cctest | ||
| common | ||
| debugger | ||
| debugging | ||
| fuzzer | ||
| fuzzilli | ||
| inspector | ||
| intl | ||
| js-perf-test | ||
| memory | ||
| message | ||
| mjsunit | ||
| mkgrokdump | ||
| mozilla | ||
| test262 | ||
| torque | ||
| unittests | ||
| wasm-api-tests | ||
| wasm-js | ||
| wasm-spec-tests | ||
| webkit | ||
| BUILD.gn | ||
| OWNERS |