Description[left-trimming] Avoid creating duplicate handles in builtins.cc
EnsureJSArrayWithWritableFastElements
Having several handles pointing to the backing store of an array that gets
left-trimmed might cause the gc to start marking a stale-handle still pointing
to the old backing-store start. By introducing a separate handle scope for
EnsureJSArrayWithWritableFastElements we avoid this issue. Additionally a
SLOW_DCHECK in Heap::LeftTrimFixedArray ensurse that there are no more than one
active handle pointing to the backing store.
BUG=chr:585787
LOG=n
Committed: https://crrev.com/6dd16e8eb1440dcce91062ba92b8d1c3df3a121b
Cr-Commit-Position: refs/heads/master@{#34022}
Patch Set 1 #
Total comments: 1
Patch Set 2 : using CloseAndEscape #
Messages
Total messages: 15 (5 generated)
|