-
Anton Bikineev authored
When the stack is split in safe and unsafe parts, on-stack TracedReferences are allocated on the unsafe stack. What currently happens is that on GC we destroy all the on-stack references below the current frame of the *safe* stack. If the safe stack is allocated above the unsafe counterpart, then all the traced references will be preliminary destructed on GC. This CL fixes it by using __builtin___get_unsafe_stack_ptr() if -fsanitize=safe-stack is enabled. In addition, deduplicate OnStackTracedNodeSpace::IsOnStack() and Stack::IsOnStack() and move more logic into ::heap::base::Stack. Bug: chromium:1278780 Change-Id: I9582bb1321958b7ec8ef2c0c46b9e42d51bb6f94 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3395033Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Anton Bikineev <bikineev@chromium.org> Auto-Submit: Anton Bikineev <bikineev@chromium.org> Cr-Commit-Position: refs/heads/main@{#78660}
c7fbac6a
