[*] Im fucking retarded. (potentially?) resolve (one of many?) critical issues with spurious dereferences found under the mark pass of GC.

This was seemingly less of an issue under older v8 for whatever reason. Could be how old AuRuntimeV8 managed threads and reimplementation of the gc-extension, dunno. Either way, this is fucked. This modified torque object had not had its new members initialized under a no-gc scope of the factory. Last aurora commit: f4b0ec56 Fixes a regression that happed somewhere unknown given the changes introduced in the, "speed glorious speed" commit: f86bf4d7
2023-02-08 18:00:32 +00:00 · 2023-02-08 18:00:32 +00:00 · b8f6b544b0
commit b8f6b544b0
parent f4b0ec560b
2 changed files with 1 additions and 1 deletions
--- a/src/heap/factory.cc
+++ b/src/heap/factory.cc
@ -2086,6 +2086,7 @@ Map Factory::InitializeMap(Map map, InstanceType type, int instance_size,
  map.SetInstanceDescriptors(isolate(), ro_roots.empty_descriptor_array(), 0);
  // Must be called only after |instance_type| and |instance_size| are set.
  map.set_visitor_id(Map::GetVisitorId(map));
+  map.set_cached_property_handler(*undefined_value());
  DCHECK(!map.is_in_retained_map_list());
  map.clear_padding();
  map.set_elements_kind(elements_kind);
--- a/src/objects/map.tq
+++ b/src/objects/map.tq
@ -69,7 +69,6 @@ extern class Map extends HeapObject {
  @ifnot(TAGGED_SIZE_8_BYTES) optional_padding: void;

  cached_property_handler: InterceptorInfo|Undefined;
-  pad: Undefined;

  prototype: JSReceiver|Null;
  constructor_or_back_pointer_or_native_context: Object;