-
Benedikt Meurer authored
The contract between V8 and Blink is that embedder fields belong to Blink, at least when the object has two or more of them. Now we had 2-3 embedder fields used by the debug proxies and that was confusing Blink, since it expects the first slot to hold an aligned pointer in that case and we had a HeapObject reference stored there. This is a quickfix, which avoids internal fields completely for the context extension proxy (using interceptors on the prototype instead) and changes the named proxies to store the name table under a private symbol instead of using a second internal field. A proper but way more involved fix is to introduce a proper instance type here and use space in the header instead of misusing embedder fields. Fixed: chromium:1170283 Bug: chromium:1159402 Change-Id: I6c4bbe2fe88fef29a6b9946708588245efbbe72b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649033 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#72323}
7e2f1108
