[heap] Bailout in top frame visitor for references into client heaps
Unlike regular marking code we can encounter client references in a shared GC, so we need a bail out here as well. Bug: v8:11708, v8:12647 Change-Id: Ie5ccb66206a8dca7d7bb08c75c90ce4999ed5a78 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3483663 Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Auto-Submit: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#79241}
This commit is contained in:
parent
d7e6146bc6
commit
ca6d783e74
@ -1180,7 +1180,12 @@ class MarkCompactCollector::CustomRootBodyMarkingVisitor final
|
||||
V8_INLINE void MarkObject(HeapObject host, Object object) {
|
||||
if (!object.IsHeapObject()) return;
|
||||
HeapObject heap_object = HeapObject::cast(object);
|
||||
if (!collector_->is_shared_heap() && heap_object.InSharedHeap()) return;
|
||||
// We use this visitor both in client and shared GCs. The client GC should
|
||||
// not mark objects in the shared heap. In shared GCs we are marking each
|
||||
// client's top stack frame, so it is actually legal to encounter references
|
||||
// into the client heap here in a shared GC. We need to bail out in these
|
||||
// cases as well.
|
||||
if (collector_->is_shared_heap() != heap_object.InSharedHeap()) return;
|
||||
collector_->MarkObject(host, heap_object);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user