Missing write barrier in DOMWrapperMap |
||
Issue descriptionThe setter of DOMWrapperMap is missing a write barrier for incremental wrapper tracing: https://cs.chromium.org/chromium/src/third_party/WebKit/Source/platform/bindings/DOMWrapperMap.h?rcl=64e2da98606c06b9a13deef29c5667a5d6c52052&l=72 WARN_UNUSED_RESULT bool Set(KeyType* key, const WrapperTypeInfo* wrapper_type_info, v8::Local<v8::Object>& wrapper) { if (UNLIKELY(ContainsKey(key))) { wrapper = NewLocal(isolate_, key); return false; } v8::Global<v8::Object> global(isolate_, wrapper); wrapper_type_info->ConfigureWrapper(&global); map_.Set(key, std::move(global)); return true; }
,
Jan 18 2018
Actually, TraceWrappers and WriteBarrier should be called one level higher in DOMDataStore because it knows that the key is ScriptWrappable.
,
Apr 23 2018
Fixed in https://chromium-review.googlesource.com/c/chromium/src/+/873919 |
||
►
Sign in to add a comment |
||
Comment 1 by u...@chromium.org
, Jan 18 2018