[arraybuffer] Flag EmptyBackingStore as free_on_destruct
In {EmptyBackingStore}, the {free_on_destruct} flag was not set as an
optimization: Since there is no memory, it also does not have to be
freed. However, this flag has a side-effect: any backing store where
this flag is not set is considered {external}. The {external} flag is
mis-used by blink to indicate if ArrayBuffers need to be wrapped or not.
With this CL we set the {free_on_destruct} flag in {EmptyBackingStore},
but we change the ArrayBufferTracker to just ignore empty backing
stores.
R=ulan@chromium.org
Bug: chromium:1008840
Change-Id: I1552a6e013c8b23f39fba1c2d9d9c61dc30c0c74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924263
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65067}
This commit is contained in:
Andreas Haas
Commit Bot
parent
3b0329abb1
commit
ec46cef0ee
@ -32,6 +32,8 @@ void ArrayBufferTracker::RegisterNew(
|
||||
Heap* heap, JSArrayBuffer buffer,
|
||||
std::shared_ptr<BackingStore> backing_store) {
|
||||
if (!backing_store) return;
|
||||
// If {buffer_start} is {nullptr}, we don't have to track and free it.
|
||||
if (!backing_store->buffer_start()) return;
|
||||
|
||||
// ArrayBuffer tracking works only for small objects.
|
||||
DCHECK(!heap->IsLargeObject(buffer));
|
||||
|
||||
@ -542,7 +542,7 @@ std::unique_ptr<BackingStore> BackingStore::EmptyBackingStore(
|
||||
0, // capacity
|
||||
shared, // shared
|
||||
false, // is_wasm_memory
|
||||
false, // free_on_destruct
|
||||
true, // free_on_destruct
|
||||
false, // has_guard_regions
|
||||
false); // custom_deleter
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user