chore: cherry-pick 32b7dc86a763 from v8 (#36651)
* chore: cherry-pick 32b7dc86a763 from v8 * chore: update patches Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com> Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
This commit is contained in:
parent
9e7fbc7021
commit
fb461effae
2 changed files with 66 additions and 0 deletions
|
@ -9,3 +9,4 @@ fix_disable_implies_dcheck_for_node_stream_array_buffers.patch
|
||||||
revert_runtime_dhceck_terminating_exception_in_microtasks.patch
|
revert_runtime_dhceck_terminating_exception_in_microtasks.patch
|
||||||
chore_disable_is_execution_terminating_dcheck.patch
|
chore_disable_is_execution_terminating_dcheck.patch
|
||||||
force_cppheapcreateparams_to_be_noncopyable.patch
|
force_cppheapcreateparams_to_be_noncopyable.patch
|
||||||
|
cherry-pick-32b7dc86a763.patch
|
||||||
|
|
65
patches/v8/cherry-pick-32b7dc86a763.patch
Normal file
65
patches/v8/cherry-pick-32b7dc86a763.patch
Normal file
|
@ -0,0 +1,65 @@
|
||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Igor Sheludko <ishell@chromium.org>
|
||||||
|
Date: Thu, 1 Dec 2022 16:05:49 +0100
|
||||||
|
Subject: Fix DCHECKs in VisitSpillSlot
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
... to match new encoding of the forwarding pointers.
|
||||||
|
|
||||||
|
Bug: v8:11880, chromium:1393256
|
||||||
|
Change-Id: I8bc8183c22ef8933c02470d5c8ed77cf83489e0f
|
||||||
|
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4069706
|
||||||
|
Commit-Queue: Igor Sheludko <ishell@chromium.org>
|
||||||
|
Auto-Submit: Igor Sheludko <ishell@chromium.org>
|
||||||
|
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
|
||||||
|
Cr-Commit-Position: refs/heads/main@{#84601}
|
||||||
|
|
||||||
|
diff --git a/src/execution/frames.cc b/src/execution/frames.cc
|
||||||
|
index 5065f5fe3bab7d8a9aca3db98754339ed86b0907..6dfdda7059cafb8a5bf597cd61b46fdb3177ddeb 100644
|
||||||
|
--- a/src/execution/frames.cc
|
||||||
|
+++ b/src/execution/frames.cc
|
||||||
|
@@ -1119,8 +1119,8 @@ void VisitSpillSlot(Isolate* isolate, RootVisitor* v,
|
||||||
|
? map_word.ToForwardingAddress(raw)
|
||||||
|
: raw;
|
||||||
|
bool is_self_forwarded =
|
||||||
|
- forwarded.map_word(cage_base, kRelaxedLoad).ptr() ==
|
||||||
|
- forwarded.address();
|
||||||
|
+ forwarded.map_word(cage_base, kRelaxedLoad) ==
|
||||||
|
+ MapWord::FromForwardingAddress(forwarded, forwarded);
|
||||||
|
if (is_self_forwarded) {
|
||||||
|
// The object might be in a self-forwarding state if it's located
|
||||||
|
// in new large object space. GC will fix this at a later stage.
|
||||||
|
diff --git a/src/objects/objects.h b/src/objects/objects.h
|
||||||
|
index a40a169ce5d2b14e4b973cc1c5e6b4d986cbb314..2fa31a912c75a832cc0e051dfd54f4cd1ac50a79 100644
|
||||||
|
--- a/src/objects/objects.h
|
||||||
|
+++ b/src/objects/objects.h
|
||||||
|
@@ -904,7 +904,17 @@ class MapWord {
|
||||||
|
// View this map word as a forwarding address.
|
||||||
|
inline HeapObject ToForwardingAddress(HeapObject map_word_host);
|
||||||
|
|
||||||
|
- inline Address ptr() { return value_; }
|
||||||
|
+ constexpr inline Address ptr() const { return value_; }
|
||||||
|
+
|
||||||
|
+ // When pointer compression is enabled, MapWord is uniquely identified by
|
||||||
|
+ // the lower 32 bits. On the other hand full-value comparison is not correct
|
||||||
|
+ // because map word in a forwarding state might have corrupted upper part.
|
||||||
|
+ constexpr bool operator==(MapWord other) const {
|
||||||
|
+ return static_cast<Tagged_t>(ptr()) == static_cast<Tagged_t>(other.ptr());
|
||||||
|
+ }
|
||||||
|
+ constexpr bool operator!=(MapWord other) const {
|
||||||
|
+ return static_cast<Tagged_t>(ptr()) != static_cast<Tagged_t>(other.ptr());
|
||||||
|
+ }
|
||||||
|
|
||||||
|
#ifdef V8_MAP_PACKING
|
||||||
|
static constexpr Address Pack(Address map) {
|
||||||
|
@@ -929,7 +939,7 @@ class MapWord {
|
||||||
|
template <typename TFieldType, int kFieldOffset, typename CompressionScheme>
|
||||||
|
friend class TaggedField;
|
||||||
|
|
||||||
|
- explicit MapWord(Address value) : value_(value) {}
|
||||||
|
+ explicit constexpr MapWord(Address value) : value_(value) {}
|
||||||
|
|
||||||
|
Address value_;
|
||||||
|
};
|
Loading…
Reference in a new issue