deps: backport 0d01728 from v8's upstream #2912
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original commit message:
[objects] do not visit ArrayBuffer's backing store
ArrayBuffer's backing store is a pointer to external heap, and
can't be treated as a heap object. Doing so will result in
crashes, when the backing store is unaligned.
See: nodejs#2791
BUG=chromium:530531
R=mlippautz@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1327403002
Cr-Commit-Position: refs/heads/master@{nodejs#30771}
Fix: nodejs#2791
|
|
||
| // Visit inherited JSObject properties and byte length of ArrayBuffer | ||
| Address regular_slot = | ||
| dst->address() + JSArrayBuffer::BodyDescriptor::kStartOffset; |
There was a problem hiding this comment.
The kStartOffset property is inherited from JSObject, right?
|
I don't feel qualified to review this, but Rubberstamp-LGTM if others sign off. |
| RecordMigratedSlot(Memory::Object_at(internal_field_slot), | ||
| internal_field_slot); | ||
| internal_field_slot += kPointerSize; | ||
| } |
There was a problem hiding this comment.
So if I read this right, it basically iterates over the arraybuffer's properties skipping the kBitFieldSlot and kBitFieldOffset fields? Seems awfully implicit. (EDIT: And evidently it results in redundancy.)
There was a problem hiding this comment.
@bnoordhuis yeah, this is what v8 team advised me to do...
|
LGTM although it's not the approach I would have taken. The test is clever though. |
|
@bnoordhuis I'd rather move the backing store pointer down, but idk |
|
Change looks good, but I'm not qualified to fully sign off. |
|
Looks like CI is a bit borked? cc @rvagg |
|
@indutny CI also seems more or less fine. Maybe wait for armv7. |
|
@Fishrock123 please land the thing! |
|
Landed in 2b8a06b, thank you! |
indutny
added a commit
that referenced
this pull request
Sep 17, 2015
Original commit message:
[objects] do not visit ArrayBuffer's backing store
ArrayBuffer's backing store is a pointer to external heap, and
can't be treated as a heap object. Doing so will result in
crashes, when the backing store is unaligned.
See: #2791
BUG=chromium:530531
R=mlippautz@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1327403002
Cr-Commit-Position: refs/heads/master@{#30771}
Fix: #2791
PR-URL: #2912
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Fishrock123
pushed a commit
to Fishrock123/node
that referenced
this pull request
Sep 17, 2015
Original commit message:
[objects] do not visit ArrayBuffer's backing store
ArrayBuffer's backing store is a pointer to external heap, and
can't be treated as a heap object. Doing so will result in
crashes, when the backing store is unaligned.
See: nodejs#2791
BUG=chromium:530531
R=mlippautz@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1327403002
Cr-Commit-Position: refs/heads/master@{nodejs#30771}
Fix: nodejs#2791
PR-URL: nodejs#2912
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
TooTallNate
added a commit
to node-ffi/node-ffi
that referenced
this pull request
Sep 18, 2015
Needed for nodejs/node#2912. See #238 and #239.
indutny
added a commit
that referenced
this pull request
Sep 29, 2015
Original commit message:
[objects] do not visit ArrayBuffer's backing store
ArrayBuffer's backing store is a pointer to external heap, and
can't be treated as a heap object. Doing so will result in
crashes, when the backing store is unaligned.
See: #2791
BUG=chromium:530531
R=mlippautz@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1327403002
Cr-Commit-Position: refs/heads/master@{#30771}
Fix: #2791
PR-URL: #2912
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
targos
pushed a commit
to targos/node
that referenced
this pull request
Oct 5, 2015
Original commit message:
[objects] do not visit ArrayBuffer's backing store
ArrayBuffer's backing store is a pointer to external heap, and
can't be treated as a heap object. Doing so will result in
crashes, when the backing store is unaligned.
See: nodejs#2791
BUG=chromium:530531
R=mlippautz@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1327403002
Cr-Commit-Position: refs/heads/master@{nodejs#30771}
Fix: nodejs#2791
PR-URL: nodejs#2912
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
targos
pushed a commit
to targos/node
that referenced
this pull request
Oct 6, 2015
Original commit message:
[objects] do not visit ArrayBuffer's backing store
ArrayBuffer's backing store is a pointer to external heap, and
can't be treated as a heap object. Doing so will result in
crashes, when the backing store is unaligned.
See: nodejs#2791
BUG=chromium:530531
R=mlippautz@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1327403002
Cr-Commit-Position: refs/heads/master@{nodejs#30771}
Fix: nodejs#2791
PR-URL: nodejs#2912
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
indutny
added a commit
that referenced
this pull request
Oct 8, 2015
Original commit message:
[objects] do not visit ArrayBuffer's backing store
ArrayBuffer's backing store is a pointer to external heap, and
can't be treated as a heap object. Doing so will result in
crashes, when the backing store is unaligned.
See: #2791
BUG=chromium:530531
R=mlippautz@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1327403002
Cr-Commit-Position: refs/heads/master@{#30771}
Fix: #2791
PR-URL: #2912
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
indutny
added a commit
that referenced
this pull request
Oct 11, 2015
Original commit message:
[objects] do not visit ArrayBuffer's backing store
ArrayBuffer's backing store is a pointer to external heap, and
can't be treated as a heap object. Doing so will result in
crashes, when the backing store is unaligned.
See: #2791
BUG=chromium:530531
R=mlippautz@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1327403002
Cr-Commit-Position: refs/heads/master@{#30771}
Fix: #2791
PR-URL: #2912
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
ofrobots
pushed a commit
to ofrobots/node
that referenced
this pull request
Oct 14, 2015
Original commit message:
[objects] do not visit ArrayBuffer's backing store
ArrayBuffer's backing store is a pointer to external heap, and
can't be treated as a heap object. Doing so will result in
crashes, when the backing store is unaligned.
See: nodejs#2791
BUG=chromium:530531
R=mlippautz@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1327403002
Cr-Commit-Position: refs/heads/master@{nodejs#30771}
Ref: nodejs#2791
Ref: nodejs#2912
PR-URL: nodejs#3351
Reviewed-By: indutny - Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
indutny
added a commit
that referenced
this pull request
Oct 14, 2015
Original commit message:
[objects] do not visit ArrayBuffer's backing store
ArrayBuffer's backing store is a pointer to external heap, and
can't be treated as a heap object. Doing so will result in
crashes, when the backing store is unaligned.
See: #2791
BUG=chromium:530531
R=mlippautz@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1327403002
Cr-Commit-Position: refs/heads/master@{#30771}
Ref: #2791
Ref: #2912
PR-URL: #3351
Reviewed-By: indutny - Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
|
landed in lts-v4.x-staging as 94972d5 |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Original commit message:
Fix: #2791
cc @Fishrock123 @trevnorris @nodejs/v8