chore: cherry-pick 32b7dc86a763 from v8 (#36651)
* chore: cherry-pick 32b7dc86a763 from v8 * chore: update patches Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com> Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
This commit is contained in:
parent
9e7fbc7021
commit
fb461effae
2 changed files with 66 additions and 0 deletions
|
@ -9,3 +9,4 @@ fix_disable_implies_dcheck_for_node_stream_array_buffers.patch
|
|||
revert_runtime_dhceck_terminating_exception_in_microtasks.patch
|
||||
chore_disable_is_execution_terminating_dcheck.patch
|
||||
force_cppheapcreateparams_to_be_noncopyable.patch
|
||||
cherry-pick-32b7dc86a763.patch
|
||||
|
|
65
patches/v8/cherry-pick-32b7dc86a763.patch
Normal file
65
patches/v8/cherry-pick-32b7dc86a763.patch
Normal file
|
@ -0,0 +1,65 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Igor Sheludko <ishell@chromium.org>
|
||||
Date: Thu, 1 Dec 2022 16:05:49 +0100
|
||||
Subject: Fix DCHECKs in VisitSpillSlot
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
... to match new encoding of the forwarding pointers.
|
||||
|
||||
Bug: v8:11880, chromium:1393256
|
||||
Change-Id: I8bc8183c22ef8933c02470d5c8ed77cf83489e0f
|
||||
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4069706
|
||||
Commit-Queue: Igor Sheludko <ishell@chromium.org>
|
||||
Auto-Submit: Igor Sheludko <ishell@chromium.org>
|
||||
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
|
||||
Cr-Commit-Position: refs/heads/main@{#84601}
|
||||
|
||||
diff --git a/src/execution/frames.cc b/src/execution/frames.cc
|
||||
index 5065f5fe3bab7d8a9aca3db98754339ed86b0907..6dfdda7059cafb8a5bf597cd61b46fdb3177ddeb 100644
|
||||
--- a/src/execution/frames.cc
|
||||
+++ b/src/execution/frames.cc
|
||||
@@ -1119,8 +1119,8 @@ void VisitSpillSlot(Isolate* isolate, RootVisitor* v,
|
||||
? map_word.ToForwardingAddress(raw)
|
||||
: raw;
|
||||
bool is_self_forwarded =
|
||||
- forwarded.map_word(cage_base, kRelaxedLoad).ptr() ==
|
||||
- forwarded.address();
|
||||
+ forwarded.map_word(cage_base, kRelaxedLoad) ==
|
||||
+ MapWord::FromForwardingAddress(forwarded, forwarded);
|
||||
if (is_self_forwarded) {
|
||||
// The object might be in a self-forwarding state if it's located
|
||||
// in new large object space. GC will fix this at a later stage.
|
||||
diff --git a/src/objects/objects.h b/src/objects/objects.h
|
||||
index a40a169ce5d2b14e4b973cc1c5e6b4d986cbb314..2fa31a912c75a832cc0e051dfd54f4cd1ac50a79 100644
|
||||
--- a/src/objects/objects.h
|
||||
+++ b/src/objects/objects.h
|
||||
@@ -904,7 +904,17 @@ class MapWord {
|
||||
// View this map word as a forwarding address.
|
||||
inline HeapObject ToForwardingAddress(HeapObject map_word_host);
|
||||
|
||||
- inline Address ptr() { return value_; }
|
||||
+ constexpr inline Address ptr() const { return value_; }
|
||||
+
|
||||
+ // When pointer compression is enabled, MapWord is uniquely identified by
|
||||
+ // the lower 32 bits. On the other hand full-value comparison is not correct
|
||||
+ // because map word in a forwarding state might have corrupted upper part.
|
||||
+ constexpr bool operator==(MapWord other) const {
|
||||
+ return static_cast<Tagged_t>(ptr()) == static_cast<Tagged_t>(other.ptr());
|
||||
+ }
|
||||
+ constexpr bool operator!=(MapWord other) const {
|
||||
+ return static_cast<Tagged_t>(ptr()) != static_cast<Tagged_t>(other.ptr());
|
||||
+ }
|
||||
|
||||
#ifdef V8_MAP_PACKING
|
||||
static constexpr Address Pack(Address map) {
|
||||
@@ -929,7 +939,7 @@ class MapWord {
|
||||
template <typename TFieldType, int kFieldOffset, typename CompressionScheme>
|
||||
friend class TaggedField;
|
||||
|
||||
- explicit MapWord(Address value) : value_(value) {}
|
||||
+ explicit constexpr MapWord(Address value) : value_(value) {}
|
||||
|
||||
Address value_;
|
||||
};
|
Loading…
Reference in a new issue