summaryrefslogtreecommitdiff
path: root/chromium/v8/src/heap
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/v8/src/heap')
-rw-r--r--chromium/v8/src/heap/array-buffer-tracker-inl.h12
-rw-r--r--chromium/v8/src/heap/array-buffer-tracker.cc14
-rw-r--r--chromium/v8/src/heap/array-buffer-tracker.h9
3 files changed, 21 insertions, 14 deletions
diff --git a/chromium/v8/src/heap/array-buffer-tracker-inl.h b/chromium/v8/src/heap/array-buffer-tracker-inl.h
index 3ab5aefaaf6..8ed4a66664b 100644
--- a/chromium/v8/src/heap/array-buffer-tracker-inl.h
+++ b/chromium/v8/src/heap/array-buffer-tracker-inl.h
@@ -51,12 +51,15 @@ void ArrayBufferTracker::Unregister(Heap* heap, JSArrayBuffer* buffer) {
template <typename Callback>
void LocalArrayBufferTracker::Free(Callback should_free) {
size_t new_retained_size = 0;
+ Isolate* isolate = heap_->isolate();
for (TrackingData::iterator it = array_buffers_.begin();
it != array_buffers_.end();) {
- JSArrayBuffer* buffer = reinterpret_cast<JSArrayBuffer*>(*it);
- const size_t length = buffer->byte_length()->Number();
+ JSArrayBuffer* buffer = reinterpret_cast<JSArrayBuffer*>(it->first);
+ const size_t length = it->second;
if (should_free(buffer)) {
- buffer->FreeBackingStore();
+ JSArrayBuffer::FreeBackingStore(
+ isolate, {buffer->backing_store(), length, buffer->backing_store(),
+ buffer->allocation_mode(), buffer->is_wasm_memory()});
it = array_buffers_.erase(it);
} else {
new_retained_size += length;
@@ -87,7 +90,7 @@ void ArrayBufferTracker::FreeDead(Page* page, MarkingState* marking_state) {
void LocalArrayBufferTracker::Add(JSArrayBuffer* buffer, size_t length) {
DCHECK_GE(retained_size_ + length, retained_size_);
retained_size_ += length;
- auto ret = array_buffers_.insert(buffer);
+ auto ret = array_buffers_.insert({buffer, length});
USE(ret);
// Check that we indeed inserted a new value and did not overwrite an existing
// one (which would be a bug).
@@ -100,6 +103,7 @@ void LocalArrayBufferTracker::Remove(JSArrayBuffer* buffer, size_t length) {
TrackingData::iterator it = array_buffers_.find(buffer);
// Check that we indeed find a key to remove.
DCHECK(it != array_buffers_.end());
+ DCHECK_EQ(length, it->second);
array_buffers_.erase(it);
}
diff --git a/chromium/v8/src/heap/array-buffer-tracker.cc b/chromium/v8/src/heap/array-buffer-tracker.cc
index 1b870491ac2..589756fdc37 100644
--- a/chromium/v8/src/heap/array-buffer-tracker.cc
+++ b/chromium/v8/src/heap/array-buffer-tracker.cc
@@ -29,7 +29,7 @@ void LocalArrayBufferTracker::Process(Callback callback) {
size_t moved_size = 0;
for (TrackingData::iterator it = array_buffers_.begin();
it != array_buffers_.end();) {
- old_buffer = reinterpret_cast<JSArrayBuffer*>(*it);
+ old_buffer = reinterpret_cast<JSArrayBuffer*>(it->first);
const CallbackResult result = callback(old_buffer, &new_buffer);
if (result == kKeepEntry) {
new_retained_size += NumberToSize(old_buffer->byte_length());
@@ -51,14 +51,12 @@ void LocalArrayBufferTracker::Process(Callback callback) {
}
it = array_buffers_.erase(it);
} else if (result == kRemoveEntry) {
- // Size of freed memory is computed to avoid looking at dead objects.
- void* allocation_base = old_buffer->allocation_base();
- DCHECK_NOT_NULL(allocation_base);
-
+ // We pass backing_store() and stored length to the collector for freeing
+ // the backing store. Wasm allocations will go through their own tracker
+ // based on the backing store.
backing_stores_to_free->emplace_back(
- allocation_base, old_buffer->allocation_length(),
- old_buffer->backing_store(), old_buffer->allocation_mode(),
- old_buffer->is_wasm_memory());
+ old_buffer->backing_store(), it->second, old_buffer->backing_store(),
+ old_buffer->allocation_mode(), old_buffer->is_wasm_memory());
it = array_buffers_.erase(it);
} else {
UNREACHABLE();
diff --git a/chromium/v8/src/heap/array-buffer-tracker.h b/chromium/v8/src/heap/array-buffer-tracker.h
index 6bf4f79261b..c9c1a5b645e 100644
--- a/chromium/v8/src/heap/array-buffer-tracker.h
+++ b/chromium/v8/src/heap/array-buffer-tracker.h
@@ -5,7 +5,7 @@
#ifndef V8_HEAP_ARRAY_BUFFER_TRACKER_H_
#define V8_HEAP_ARRAY_BUFFER_TRACKER_H_
-#include <unordered_set>
+#include <unordered_map>
#include "src/allocation.h"
#include "src/base/platform/mutex.h"
@@ -111,7 +111,12 @@ class LocalArrayBufferTracker {
}
};
- typedef std::unordered_set<JSArrayBuffer*, Hasher> TrackingData;
+ // Keep track of the backing store and the corresponding length at time of
+ // registering. The length is accessed from JavaScript and can be a
+ // HeapNumber. The reason for tracking the length is that in the case of
+ // length being a HeapNumber, the buffer and its length may be stored on
+ // different memory pages, making it impossible to guarantee order of freeing.
+ typedef std::unordered_map<JSArrayBuffer*, size_t, Hasher> TrackingData;
Heap* heap_;
// The set contains raw heap pointers which are removed by the GC upon
View Lorry Controller Status