-
Igor Sheludko authored
This is a reland of 6f9b2bd4 We must load JSTypedArray::base_pointer in TurboFan as tagged value otherwise this value may become stale pointer after GC. Original change's description: > [ptr-compr] Make on-heap JSTypedArrays smi-corrupting friendly > > On-heap typed arrays contain HeapObject value in |base_pointer| field > and an offset in |external_pointer| field. When pointer compression is > enabled we want to combine decompression with the offset addition. > In order to do that we add an isolate root to the external_pointer value > and therefore the data pointer computation can is a simple addition of > a (potentially sign-extended) |base_pointer| loaded as Tagged_t value > and an |external_pointer| value. > > Bug: v8:9706 > Change-Id: Id5c546c353c81fb25e3598921bc78165d10a9c44 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807369 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Commit-Queue: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/heads/master@{#63874} Bug: v8:9706, chromium:1005599 Cq-Include-Trybots: luci.chromium.try:gpu-fyi-try-win10-nvidia-rel-64 Change-Id: I7bbd2a439306cdd11f2bb0dab5863498624d9740 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813744Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#63898}
dc1a93b8
