heap: Implement JS-related write barriers for Oilpan library

This adds write barriers for
- TraceWrapperV8Reference (C++->JS)
- Embedder fields (JS->C++)

Depends on
  https://crrev.com/c/2640419

Bug: chromium:1056170
Change-Id: I79c5e7242d0ff8b83579a5258970436df6026ee8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2640618Reviewed-by: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#845630}

third_party/blink/renderer/platform/bindings/trace_wrapper_v8_reference.h

@@ -124,11 +124,19 @@ class TraceWrapperV8Reference {
  protected:
   ALWAYS_INLINE void InternalSet(v8::Isolate* isolate, v8::Local<T> handle) {
     handle_.Reset(isolate, handle);
+#if BUILDFLAG(USE_V8_OILPAN)
+    UnifiedHeapMarkingVisitor::WriteBarrier(UnsafeCast<v8::Value>().Get());
+#else   // !USE_V8_OILPAN
     UnifiedHeapMarkingVisitor::WriteBarrier(UnsafeCast<v8::Value>());
+#endif  // !USE_V8_OILPAN
   }
 
   ALWAYS_INLINE void WriteBarrier() const {
+#if BUILDFLAG(USE_V8_OILPAN)
+    UnifiedHeapMarkingVisitor::WriteBarrier(UnsafeCast<v8::Value>().Get());
+#else   // !USE_V8_OILPAN
     UnifiedHeapMarkingVisitor::WriteBarrier(UnsafeCast<v8::Value>());
+#endif  // !USE_V8_OILPAN
   }
 
   v8::TracedReference<T> handle_;

third_party/blink/renderer/platform/bindings/v8_dom_wrapper.h

@@ -116,7 +116,7 @@ inline void V8DOMWrapper::SetNativeInfoInternal(
   // The following write barrier is necessary as V8 might not see the newly
   // created object during garbage collection, e.g., when the object is black
   // allocated.
-  UnifiedHeapMarkingVisitor::WriteBarrier(isolate, wrapper_type_info,
+  UnifiedHeapMarkingVisitor::WriteBarrier(isolate, wrapper, wrapper_type_info,
                                           wrappable);
 }
 

third_party/blink/renderer/platform/heap/impl/unified_heap_marking_visitor.cc

@@ -68,6 +68,7 @@ void UnifiedHeapMarkingVisitor::WriteBarrier(
 // static
 void UnifiedHeapMarkingVisitor::WriteBarrier(
     v8::Isolate* isolate,
+    v8::Local<v8::Object>&,
     const WrapperTypeInfo* wrapper_type_info,
     const void* object) {
   // |object| here is either ScriptWrappable or CustomWrappable.

third_party/blink/renderer/platform/heap/impl/unified_heap_marking_visitor.h

@@ -7,6 +7,7 @@
 
 #include "base/macros.h"
 #include "third_party/blink/renderer/platform/heap/impl/marking_visitor.h"
+#include "v8/include/v8.h"
 
 namespace v8 {
 class EmbedderHeapTracer;
@@ -49,7 +50,10 @@ class PLATFORM_EXPORT UnifiedHeapMarkingVisitor
  public:
   // Write barriers for annotating a write during incremental marking.
   static void WriteBarrier(const TraceWrapperV8Reference<v8::Value>&);
-  static void WriteBarrier(v8::Isolate*, const WrapperTypeInfo*, const void*);
+  static void WriteBarrier(v8::Isolate*,
+                           v8::Local<v8::Object>&,
+                           const WrapperTypeInfo*,
+                           const void*);
 
   UnifiedHeapMarkingVisitor(ThreadState*, MarkingMode, v8::Isolate*);
   ~UnifiedHeapMarkingVisitor() override = default;

third_party/blink/renderer/platform/heap/v8_wrapper/unified_heap_marking_visitor.h

@@ -5,20 +5,40 @@
 #ifndef THIRD_PARTY_BLINK_RENDERER_PLATFORM_HEAP_V8_WRAPPER_UNIFIED_HEAP_MARKING_VISITOR_H_
 #define THIRD_PARTY_BLINK_RENDERER_PLATFORM_HEAP_V8_WRAPPER_UNIFIED_HEAP_MARKING_VISITOR_H_
 
+#include "base/compiler_specific.h"
+#include "third_party/blink/renderer/platform/bindings/wrapper_type_info.h"
+#include "third_party/blink/renderer/platform/heap/v8_wrapper/thread_state.h"
 #include "third_party/blink/renderer/platform/wtf/allocator/allocator.h"
-#include "v8/include/v8.h"
+#include "v8/include/v8-cppgc.h"
 
 namespace blink {
 
-template <typename T>
-class TraceWrapperV8Reference;
-
-class UnifiedHeapMarkingVisitor final {
+class PLATFORM_EXPORT UnifiedHeapMarkingVisitor final {
   STATIC_ONLY(UnifiedHeapMarkingVisitor);
 
  public:
-  static void WriteBarrier(const TraceWrapperV8Reference<v8::Value>&) {
-    // TODO(mlippautz): Delegate to cppgc write barrier.
+  static ALWAYS_INLINE void WriteBarrier(
+      const v8::TracedReference<v8::Value>& ref) {
+    v8::JSHeapConsistency::WriteBarrierParams params;
+    if (v8::JSHeapConsistency::GetWriteBarrierType(ref, params) ==
+        v8::JSHeapConsistency::WriteBarrierType::kMarking) {
+      v8::JSHeapConsistency::DijkstraMarkingBarrier(
+          params, ThreadState::Current()->cpp_heap().GetHeapHandle(), ref);
+    }
+  }
+
+  static ALWAYS_INLINE void WriteBarrier(v8::Isolate*,
+                                         v8::Local<v8::Object>& wrapper,
+                                         const WrapperTypeInfo*,
+                                         const void* wrappable) {
+    v8::JSHeapConsistency::WriteBarrierParams params;
+    if (v8::JSHeapConsistency::GetWriteBarrierType(
+            wrapper, kV8DOMWrapperObjectIndex, wrappable, params) ==
+        v8::JSHeapConsistency::WriteBarrierType::kMarking) {
+      v8::JSHeapConsistency::DijkstraMarkingBarrier(
+          params, ThreadState::Current()->cpp_heap().GetHeapHandle(),
+          wrappable);
+    }
   }
 };