v8/test/cctest/cctest.h

827 lines
28 KiB
C
Raw Normal View History

// Copyright 2008 the V8 project authors. All rights reserved.
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
// * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following
// disclaimer in the documentation and/or other materials provided
// with the distribution.
// * Neither the name of Google Inc. nor the names of its
// contributors may be used to endorse or promote products derived
// from this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#ifndef CCTEST_H_
#define CCTEST_H_
#include <memory>
#include "include/libplatform/libplatform.h"
#include "include/v8-platform.h"
#include "src/base/enum-set.h"
#include "src/codegen/register-configuration.h"
#include "src/debug/debug-interface.h"
#include "src/execution/isolate-inl.h"
Reland "[arm64] Protect return addresses stored on stack" This is a reland of 137bfe47c9af56dcf8466e2736579616e51b86df Original change's description: > [arm64] Protect return addresses stored on stack > > This change uses the Arm v8.3 pointer authentication instructions in > order to protect return addresses stored on the stack. The generated > code signs the return address before storing on the stack and > authenticates it after loading it. This also changes the stack frame > iterator in order to authenticate stored return addresses and re-sign > them when needed, as well as the deoptimizer in order to sign saved > return addresses when creating new frames. This offers a level of > protection against ROP attacks. > > This functionality is enabled with the v8_control_flow_integrity flag > that this CL introduces. > > The code size effect of this change is small for Octane (up to 2% in > some cases but mostly much lower) and negligible for larger benchmarks, > however code size measurements are rather noisy. The performance impact > on current cores (where the instructions are NOPs) is single digit, > around 1-2% for ARES-6 and Octane, and tends to be smaller for big > cores than for little cores. > > Bug: v8:10026 > Change-Id: I0081f3938c56e2f24d8227e4640032749f4f8368 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1373782 > Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66239} Bug: v8:10026 Change-Id: Id1adfa2e6c713f6977d69aa467986e48fe67b3c2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051958 Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#66254}
2020-02-12 11:45:31 +00:00
#include "src/execution/simulator.h"
#include "src/heap/factory.h"
#include "src/objects/js-function.h"
#include "src/objects/objects.h"
#include "src/zone/accounting-allocator.h"
namespace v8 {
namespace base {
class RandomNumberGenerator;
} // namespace base
namespace internal {
const auto GetRegConfig = RegisterConfiguration::Default;
class HandleScope;
class Zone;
namespace compiler {
class JSHeapBroker;
} // namespace compiler
} // namespace internal
} // namespace v8
#ifndef TEST
#define TEST(Name) \
static void Test##Name(); \
CcTest register_test_##Name(Test##Name, __FILE__, #Name, true, true, \
nullptr); \
static void Test##Name()
#endif
#ifndef UNINITIALIZED_TEST
#define UNINITIALIZED_TEST(Name) \
static void Test##Name(); \
CcTest register_test_##Name(Test##Name, __FILE__, #Name, true, false, \
nullptr); \
static void Test##Name()
#endif
#ifndef TEST_WITH_PLATFORM
#define TEST_WITH_PLATFORM(Name, PlatformClass) \
static void Test##Name(PlatformClass& platform); \
static void TestWithoutPlatform##Name() { \
Test##Name(*static_cast<PlatformClass*>(i::V8::GetCurrentPlatform())); \
} \
CcTest register_test_##Name(TestWithoutPlatform##Name, __FILE__, #Name, \
true, true, \
[]() -> std::unique_ptr<TestPlatform> { \
return std::make_unique<PlatformClass>(); \
}); \
static void Test##Name(PlatformClass& platform)
#endif
#ifndef DISABLED_TEST
#define DISABLED_TEST(Name) \
static void Test##Name(); \
CcTest register_test_##Name(Test##Name, __FILE__, #Name, false, true, \
nullptr); \
static void Test##Name()
#endif
// Similar to TEST, but used when test definitions appear as members of a
// (probably parameterized) class. This allows re-using the given tests multiple
// times. For this to work, the following conditions must hold:
// 1. The class has a template parameter named kTestFileName of type char
// const*, which is instantiated with __FILE__ at the *use site*, in order
// to correctly associate the tests with the test suite using them.
// 2. To actually execute the tests, create an instance of the class
// containing the MEMBER_TESTs.
#define MEMBER_TEST(Name) \
CcTest register_test_##Name = \
CcTest(Test##Name, kTestFileName, #Name, true, true, nullptr); \
static void Test##Name()
#define EXTENSION_LIST(V) \
V(GC_EXTENSION, "v8/gc") \
V(PRINT_EXTENSION, "v8/print") \
V(PROFILER_EXTENSION, "v8/profiler") \
V(TRACE_EXTENSION, "v8/trace")
#define DEFINE_EXTENSION_ID(Name, Ident) Name##_ID,
enum CcTestExtensionId { EXTENSION_LIST(DEFINE_EXTENSION_ID) kMaxExtensions };
#undef DEFINE_EXTENSION_ID
using CcTestExtensionFlags = v8::base::EnumSet<CcTestExtensionId>;
#define DEFINE_EXTENSION_NAME(Name, Ident) Ident,
static constexpr const char* kExtensionName[kMaxExtensions] = {
EXTENSION_LIST(DEFINE_EXTENSION_NAME)};
#undef DEFINE_EXTENSION_NAME
class CcTest;
class TestPlatform;
using CcTestMapType = std::map<std::string, CcTest*>;
class CcTest {
public:
using TestFunction = void();
using TestPlatformFactory = std::unique_ptr<TestPlatform>();
CcTest(TestFunction* callback, const char* file, const char* name,
bool enabled, bool initialize,
TestPlatformFactory* platform_factory = nullptr);
void Run(const char* argv0);
static v8::Isolate* isolate() {
CHECK_NOT_NULL(isolate_);
v8::base::Relaxed_Store(&isolate_used_, 1);
return isolate_;
}
static i::Isolate* InitIsolateOnce() {
if (!initialize_called_) InitializeVM();
return i_isolate();
}
static i::Isolate* i_isolate() {
return reinterpret_cast<i::Isolate*>(isolate());
}
static i::Heap* heap();
Reland "[heap] Skip ro-space from heap iterators, add CombinedHeapIterator." Code relocation info is now always allocated in old-space. Before relocation info allocated for placeholders and builtins (which get replaced with trampolines in nosnap builds) would become unreachable. Since read-only space is not GCed and ReadOnlyHeapIterator doesn't check for reachability, ValidateSnapshot would fail finding unreachable objects returned by ReadOnlyHeapIterator. Because trampoline relocation info gets replaced with canonical one, this only affects no-embdded-builtins nosnap builds, which don't get much benefit from read-only relocation info anyway. A new check has been added to the read-only deserializer to verify that every read-only object is reachable at mksnapshot-time. The CombinedHeapIterator iteration order was changed to iterate over read-only space first, because that's how HeapIterator worked. This is a reland of 3d1d8eae772877422e7082571e77c326e7e8e60a Original change's description: > [heap] Skip ro-space from heap iterators, add CombinedHeapIterator. > > Read-only space sharing requires an iterator independent of heap. This > also enables future removal of read-only space from heap. > > Bug: v8:7464 > Change-Id: Ia07a9369494ea2c547d12c01ffa1d7b8b6bbeabc > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552795 > Commit-Queue: Maciej Goszczycki <goszczycki@google.com> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Dan Elphick <delphick@chromium.org> > Cr-Commit-Position: refs/heads/master@{#60819} Bug: v8:7464 Change-Id: I49ae070955b77956962334a84f762ab29052d5ff Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566513 Reviewed-by: Dan Elphick <delphick@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Maciej Goszczycki <goszczycki@google.com> Cr-Commit-Position: refs/heads/master@{#61185}
2019-05-02 15:35:51 +00:00
static i::ReadOnlyHeap* read_only_heap();
static v8::Platform* default_platform() { return default_platform_; }
[cpu-profiler] Ensure sampled thread has Isolate lock under Windows While the sampler checked if the sampled thread had the Isolate locked (if locks are being used) under Linux, the check was not done under Windows (or Fuchsia) which meant that in a multi-threading application under Windows, thread locking was not checked making it prone to seg faults and the like as the profiler would be using isolate->js_entry_sp to determine the stack to walk but isolate->js_entry_sp is the stack pointer for the thread that currently has the Isolate lock so, if the sampled thread does not have the lock, the sampler woud be iterating over the wrong stack, one that might actually be actively changing on another thread. The fix was to move the lock check into CpuSampler and Ticker (--prof) so all OSes would do the correct check. The basic concept is that on all operating systems a CpuProfiler, and so its corresponding CpuCampler, the profiler is tied to a thread. This is not based on first principles or anything, it's simply the way it works in V8, though it is a useful conceit as it makes visualization and interpretation of profile data much easier. To collect a sample on a thread associated with a profiler the thread must be stopped for obvious reasons -- walking the stack of a running thread is a formula for disaster. The mechanism for stopping a thread is OS-specific and is done in sample.cc. There are currently three basic approaches, one for Linux/Unix variants, one for Windows and one for Fuchsia. The approaches vary as to which thread actually collects the sample -- under Linux the sample is actually collected on the (interrupted) sampled thread whereas under Fuchsia/Windows it's on a separate thread. However, in a multi-threaded environment (where Locker is used), it's not sufficient for the sampled thread to be stopped. Because the stack walk involves looking in the Isolate heap, no other thread can be messing with the heap while the sample is collected. The only ways to ensure this would be to either stop all threads whenever collecting a sample, or to ensure that the thread being sampled holds the Isolate lock so prevents other threads from messing with the heap. While there might be something to be said for the "stop all threads" approach, the current approach in V8 is to only stop the sampled thread so, if in a multi-threaded environment, the profiler must check if the thread being sampled holds the Isolate lock. Since this check must be done, independent of which thread the sample is being collected on (since it varies from OS to OS), the approach is to save the thread id of the thread to be profiled/sampled when the CpuSampler is instantiated (on all OSes it is instantiated on the sampled thread) and then check that thread id against the Isolate lock holder thread id before collecting a sample. If it matches, we know sample.cc has stop the sampled thread, one way or another, and we know that no other thread can mess with the heap (since the stopped thread holds the Isolate lock) so it's safe to walk the stack and collect data from the heap so the sample can be taken. It it doesn't match, we can't safely collect the sample so we don't. Bug: v8:10850 Change-Id: Iba6cabcd3e11a19c261c004103e37e806934dc6f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2411343 Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#69952}
2020-09-16 12:00:30 +00:00
static void AddGlobalFunction(v8::Local<v8::Context> env, const char* name,
v8::FunctionCallback callback);
static void CollectGarbage(i::AllocationSpace space,
i::Isolate* isolate = nullptr);
static void CollectAllGarbage(i::Isolate* isolate = nullptr);
static void CollectAllAvailableGarbage(i::Isolate* isolate = nullptr);
static void PreciseCollectAllGarbage(i::Isolate* isolate = nullptr);
static i::Handle<i::String> MakeString(const char* str);
static i::Handle<i::String> MakeName(const char* str, int suffix);
static v8::base::RandomNumberGenerator* random_number_generator();
static v8::Local<v8::Object> global();
static v8::ArrayBuffer::Allocator* array_buffer_allocator() {
return allocator_;
}
static void set_array_buffer_allocator(
v8::ArrayBuffer::Allocator* allocator) {
allocator_ = allocator;
}
// TODO(dcarney): Remove.
// This must be called first in a test.
static void InitializeVM();
// Helper function to configure a context.
// Must be in a HandleScope.
static v8::Local<v8::Context> NewContext(
v8::Isolate* isolate = CcTest::isolate()) {
return NewContext({}, isolate);
}
static v8::Local<v8::Context> NewContext(
CcTestExtensionFlags extension_flags,
v8::Isolate* isolate = CcTest::isolate());
static v8::Local<v8::Context> NewContext(
std::initializer_list<CcTestExtensionId> extensions,
v8::Isolate* isolate = CcTest::isolate()) {
return NewContext(CcTestExtensionFlags{extensions}, isolate);
}
private:
static std::unordered_map<std::string, CcTest*>* tests_;
static v8::ArrayBuffer::Allocator* allocator_;
static v8::Isolate* isolate_;
static v8::Platform* default_platform_;
static bool initialize_called_;
static v8::base::Atomic32 isolate_used_;
TestFunction* callback_;
bool initialize_;
TestPlatformFactory* test_platform_factory_;
friend int main(int argc, char** argv);
friend class ManualGCScope;
};
// Switches between all the Api tests using the threading support.
// In order to get a surprising but repeatable pattern of thread
// switching it has extra semaphores to control the order in which
// the tests alternate, not relying solely on the big V8 lock.
//
// A test is augmented with calls to ApiTestFuzzer::Fuzz() in its
// callbacks. This will have no effect when we are not running the
// thread fuzzing test. In the thread fuzzing test it will
// pseudorandomly select a successor thread and switch execution
// to that thread, suspending the current test.
class ApiTestFuzzer: public v8::base::Thread {
public:
void CallTest();
// The ApiTestFuzzer is also a Thread, so it has a Run method.
void Run() override;
enum PartOfTest {
FIRST_PART,
SECOND_PART,
THIRD_PART,
FOURTH_PART,
FIFTH_PART,
SIXTH_PART,
SEVENTH_PART,
EIGHTH_PART,
LAST_PART = EIGHTH_PART
};
static void SetUp(PartOfTest part);
static void RunAllTests();
static void TearDown();
// This method switches threads if we are running the Threading test.
// Otherwise it does nothing.
static void Fuzz();
private:
explicit ApiTestFuzzer(int num)
: Thread(Options("ApiTestFuzzer")),
test_number_(num),
gate_(0),
active_(true) {}
~ApiTestFuzzer() override = default;
static bool fuzzing_;
static int tests_being_run_;
static int current_;
static int active_tests_;
static bool NextThread();
int test_number_;
v8::base::Semaphore gate_;
bool active_;
void ContextSwitch();
static int GetNextTestNumber();
static v8::base::Semaphore all_tests_done_;
};
#define THREADED_TEST(Name) \
static void Test##Name(); \
RegisterThreadedTest register_##Name(Test##Name, #Name); \
/* */ TEST(Name)
class RegisterThreadedTest {
public:
explicit RegisterThreadedTest(CcTest::TestFunction* callback,
const char* name)
: fuzzer_(nullptr), callback_(callback), name_(name) {
prev_ = first_;
first_ = this;
count_++;
}
static int count() { return count_; }
static RegisterThreadedTest* nth(int i) {
CHECK(i < count());
RegisterThreadedTest* current = first_;
while (i > 0) {
i--;
current = current->prev_;
}
return current;
}
CcTest::TestFunction* callback() { return callback_; }
ApiTestFuzzer* fuzzer_;
const char* name() { return name_; }
private:
static RegisterThreadedTest* first_;
static int count_;
CcTest::TestFunction* callback_;
RegisterThreadedTest* prev_;
const char* name_;
};
// A LocalContext holds a reference to a v8::Context.
class LocalContext {
public:
LocalContext(v8::Isolate* isolate,
v8::ExtensionConfiguration* extensions = nullptr,
v8::Local<v8::ObjectTemplate> global_template =
v8::Local<v8::ObjectTemplate>(),
v8::Local<v8::Value> global_object = v8::Local<v8::Value>()) {
Initialize(isolate, extensions, global_template, global_object);
}
LocalContext(v8::ExtensionConfiguration* extensions = nullptr,
v8::Local<v8::ObjectTemplate> global_template =
v8::Local<v8::ObjectTemplate>(),
v8::Local<v8::Value> global_object = v8::Local<v8::Value>()) {
Initialize(CcTest::isolate(), extensions, global_template, global_object);
}
virtual ~LocalContext();
v8::Context* operator->() {
return *reinterpret_cast<v8::Context**>(&context_);
}
v8::Context* operator*() { return operator->(); }
bool IsReady() { return !context_.IsEmpty(); }
[cpu-profiler] Ensure sampled thread has Isolate lock under Windows While the sampler checked if the sampled thread had the Isolate locked (if locks are being used) under Linux, the check was not done under Windows (or Fuchsia) which meant that in a multi-threading application under Windows, thread locking was not checked making it prone to seg faults and the like as the profiler would be using isolate->js_entry_sp to determine the stack to walk but isolate->js_entry_sp is the stack pointer for the thread that currently has the Isolate lock so, if the sampled thread does not have the lock, the sampler woud be iterating over the wrong stack, one that might actually be actively changing on another thread. The fix was to move the lock check into CpuSampler and Ticker (--prof) so all OSes would do the correct check. The basic concept is that on all operating systems a CpuProfiler, and so its corresponding CpuCampler, the profiler is tied to a thread. This is not based on first principles or anything, it's simply the way it works in V8, though it is a useful conceit as it makes visualization and interpretation of profile data much easier. To collect a sample on a thread associated with a profiler the thread must be stopped for obvious reasons -- walking the stack of a running thread is a formula for disaster. The mechanism for stopping a thread is OS-specific and is done in sample.cc. There are currently three basic approaches, one for Linux/Unix variants, one for Windows and one for Fuchsia. The approaches vary as to which thread actually collects the sample -- under Linux the sample is actually collected on the (interrupted) sampled thread whereas under Fuchsia/Windows it's on a separate thread. However, in a multi-threaded environment (where Locker is used), it's not sufficient for the sampled thread to be stopped. Because the stack walk involves looking in the Isolate heap, no other thread can be messing with the heap while the sample is collected. The only ways to ensure this would be to either stop all threads whenever collecting a sample, or to ensure that the thread being sampled holds the Isolate lock so prevents other threads from messing with the heap. While there might be something to be said for the "stop all threads" approach, the current approach in V8 is to only stop the sampled thread so, if in a multi-threaded environment, the profiler must check if the thread being sampled holds the Isolate lock. Since this check must be done, independent of which thread the sample is being collected on (since it varies from OS to OS), the approach is to save the thread id of the thread to be profiled/sampled when the CpuSampler is instantiated (on all OSes it is instantiated on the sampled thread) and then check that thread id against the Isolate lock holder thread id before collecting a sample. If it matches, we know sample.cc has stop the sampled thread, one way or another, and we know that no other thread can mess with the heap (since the stopped thread holds the Isolate lock) so it's safe to walk the stack and collect data from the heap so the sample can be taken. It it doesn't match, we can't safely collect the sample so we don't. Bug: v8:10850 Change-Id: Iba6cabcd3e11a19c261c004103e37e806934dc6f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2411343 Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#69952}
2020-09-16 12:00:30 +00:00
v8::Local<v8::Context> local() const {
return v8::Local<v8::Context>::New(isolate_, context_);
}
private:
void Initialize(v8::Isolate* isolate, v8::ExtensionConfiguration* extensions,
v8::Local<v8::ObjectTemplate> global_template,
v8::Local<v8::Value> global_object);
v8::Persistent<v8::Context> context_;
v8::Isolate* isolate_;
};
static inline uint16_t* AsciiToTwoByteString(const char* source) {
size_t array_length = strlen(source) + 1;
uint16_t* converted = i::NewArray<uint16_t>(array_length);
for (size_t i = 0; i < array_length; i++) converted[i] = source[i];
return converted;
}
template <typename T>
static inline i::Handle<T> GetGlobal(const char* name) {
i::Isolate* isolate = CcTest::i_isolate();
i::Handle<i::String> str_name =
isolate->factory()->InternalizeUtf8String(name);
i::Handle<i::Object> value =
i::Object::GetProperty(isolate, isolate->global_object(), str_name)
.ToHandleChecked();
return i::Handle<T>::cast(value);
}
static inline v8::Local<v8::Boolean> v8_bool(bool val) {
return v8::Boolean::New(v8::Isolate::GetCurrent(), val);
}
static inline v8::Local<v8::Value> v8_num(double x) {
return v8::Number::New(v8::Isolate::GetCurrent(), x);
}
static inline v8::Local<v8::Integer> v8_int(int32_t x) {
return v8::Integer::New(v8::Isolate::GetCurrent(), x);
}
[compiler] Re-reland "Faster JS-to-Wasm calls" This is a reland of 6ada6a90ee387d8de183208b0ef8b786f1768665 - Fixed a GC issue https://bugs.chromium.org/p/v8/issues/detail?id=11335: GC expected all arguments on the stack from code with CodeKind::TURBOFAN to be tagged objects. This is not the case now with inlined Wasm calls, and this information can be passed in SafepointEntry for each call site. - Disabled JS-to-Wasm inlining for calls inside try/catch. For more details, see updated doc: https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit# Bug: v8:11092 Original change's description: > Reland "Faster JS-to-Wasm calls" > > This is a reland of 860fcb1bd2bd6447e08f3636874ac7abcd77b781 > > - Disabled the tests for this feature in V8-lite mode (the original > change broke V8-lite tests). > - Also modified test console-profile-wasm.js that was brittle with this > change because it assumed that there was always a JS-to-Wasm wrapper > but this is not the case when the TurboFan compilation completes before > the Liftoff-compiled code starts to run. > > More changes in Patchset 8: > > - Moved inlining of the "JSToWasm Wrapper" away from simplified-lowering, > into a new phase, wasm-inlining that reuses the JSInliner reducer. > The doc > https://docs.google.com/document/d/1mXxYnYN77tK-R1JOVo6tFG3jNpMzfueQN1Zp5h3r9aM/edit# > describes the new logic. > > - Fixed a couple of small issues in wasm_compiler.cc to make sure that > the graph "JSToWasm Wrapper" subgraph has a valid Control chain; > this should solve the problem we had inlining the calls in functions > that can throw exception. Original change's description: > Faster JS-to-Wasm calls > > This replaces https://chromium-review.googlesource.com/c/v8/v8/+/2376165/. > > Currently JS-to-Wasm calls go through a wrapper/trampoline, built on > the basis of the signature of a Wasm function to call, and whose task > is to: > - set "thread_in_wasm_flag" to true > - convert the arguments from tagged types into Wasm native types > - calculate the address of the Wasm function to call and call it > - convert back the result from Wasm native types into tagged types > - reset "thread_in_wasm_flag" to false. > > This CL tries to improve the performance of JS-to-Wasm calls by > inlining the code of the JS-to-Wasm wrappers in the call site. > > It introduces a new IR operand, JSWasmCall, which replaces JSCall for > this kind of calls. A 'JSWasmCall' node is associated to > WasmCallParameters, which contain information about the signature of > the Wasm function to call. > > WasmWrapperGraphBuilder::BuildJSToWasmWrapper is modified to avoid > generating code to convert the types for the arguments > of the Wasm function, when the conversion is not necessary. > The actual inlining of the graph generated for this wrapper happens in > the simplified-lowering phase. > > A new builtin, JSToWasmLazyDeoptContinuation, is introduced to manage > lazy deoptimizations that can happen if the Wasm function callee calls > back some JS code that invalidates the compiled JS caller function. > Bug: v8:11092 Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng Change-Id: Ie052634598754feab4ff36d10fd04e008b5227a5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649777 Commit-Queue: Paolo Severini <paolosev@microsoft.com> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#72541}
2021-02-04 15:46:10 +00:00
static inline v8::Local<v8::BigInt> v8_bigint(int64_t x) {
return v8::BigInt::New(v8::Isolate::GetCurrent(), x);
}
static inline v8::Local<v8::String> v8_str(const char* x) {
[api] Create v8::String::NewFromLiteral that returns Local<String> String::NewFromLiteral is a templated function that takes a char[N] argument that can be used as an alternative to String::NewFromUtf8 and returns a Local<String> rather than a MaybeLocal<String> reducing the number of ToLocalChecked() or other checks. Since the string length is known at compile time, it can statically assert that the length is less than String::kMaxLength, which means that it can never fail at runtime. This also converts all found uses of NewFromUtf8 taking a string literal or a variable initialized from a string literal to use the new API. In some cases the types of stored string literals are changed from const char* to const char[] to ensure the size is retained. This API does introduce a small difference compared to NewFromUtf8. For a case like "abc\0def", NewFromUtf8 (using length -1 to infer length) would treat this as a 3 character string, whereas the new API will treat it as a 7 character string. As a drive-by fix, this also fixes all redundant uses of v8::NewStringType::kNormal when passed to any of the String::New* functions. Change-Id: Id96a44bc068d9c4eaa634aea688e024675a0e5b3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2089935 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Mathias Bynens <mathias@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#66622}
2020-03-09 10:41:45 +00:00
return v8::String::NewFromUtf8(v8::Isolate::GetCurrent(), x).ToLocalChecked();
}
static inline v8::Local<v8::String> v8_str(v8::Isolate* isolate,
const char* x) {
[api] Create v8::String::NewFromLiteral that returns Local<String> String::NewFromLiteral is a templated function that takes a char[N] argument that can be used as an alternative to String::NewFromUtf8 and returns a Local<String> rather than a MaybeLocal<String> reducing the number of ToLocalChecked() or other checks. Since the string length is known at compile time, it can statically assert that the length is less than String::kMaxLength, which means that it can never fail at runtime. This also converts all found uses of NewFromUtf8 taking a string literal or a variable initialized from a string literal to use the new API. In some cases the types of stored string literals are changed from const char* to const char[] to ensure the size is retained. This API does introduce a small difference compared to NewFromUtf8. For a case like "abc\0def", NewFromUtf8 (using length -1 to infer length) would treat this as a 3 character string, whereas the new API will treat it as a 7 character string. As a drive-by fix, this also fixes all redundant uses of v8::NewStringType::kNormal when passed to any of the String::New* functions. Change-Id: Id96a44bc068d9c4eaa634aea688e024675a0e5b3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2089935 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Mathias Bynens <mathias@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#66622}
2020-03-09 10:41:45 +00:00
return v8::String::NewFromUtf8(isolate, x).ToLocalChecked();
}
static inline v8::Local<v8::Symbol> v8_symbol(const char* name) {
return v8::Symbol::New(v8::Isolate::GetCurrent(), v8_str(name));
}
static inline v8::Local<v8::Script> v8_compile(v8::Local<v8::String> x) {
v8::Local<v8::Script> result;
CHECK(v8::Script::Compile(v8::Isolate::GetCurrent()->GetCurrentContext(), x)
.ToLocal(&result));
return result;
}
static inline v8::Local<v8::Script> v8_compile(const char* x) {
return v8_compile(v8_str(x));
}
static inline v8::MaybeLocal<v8::Script> v8_try_compile(
v8::Local<v8::String> x) {
return v8::Script::Compile(v8::Isolate::GetCurrent()->GetCurrentContext(), x);
}
static inline v8::MaybeLocal<v8::Script> v8_try_compile(const char* x) {
return v8_try_compile(v8_str(x));
}
static inline int32_t v8_run_int32value(v8::Local<v8::Script> script) {
v8::Local<v8::Context> context = CcTest::isolate()->GetCurrentContext();
return script->Run(context).ToLocalChecked()->Int32Value(context).FromJust();
}
static inline v8::Local<v8::Script> CompileWithOrigin(
v8::Local<v8::String> source, v8::Local<v8::String> origin_url,
bool is_shared_cross_origin) {
v8::Isolate* isolate = v8::Isolate::GetCurrent();
v8::ScriptOrigin origin(isolate, origin_url, 0, 0, is_shared_cross_origin);
v8::ScriptCompiler::Source script_source(source, origin);
return v8::ScriptCompiler::Compile(isolate->GetCurrentContext(),
&script_source)
.ToLocalChecked();
}
static inline v8::Local<v8::Script> CompileWithOrigin(
v8::Local<v8::String> source, const char* origin_url,
bool is_shared_cross_origin) {
return CompileWithOrigin(source, v8_str(origin_url), is_shared_cross_origin);
}
static inline v8::Local<v8::Script> CompileWithOrigin(
const char* source, const char* origin_url, bool is_shared_cross_origin) {
return CompileWithOrigin(v8_str(source), v8_str(origin_url),
is_shared_cross_origin);
}
// Helper functions that compile and run the source.
static inline v8::MaybeLocal<v8::Value> CompileRun(
v8::Local<v8::Context> context, const char* source) {
return v8::Script::Compile(context, v8_str(source))
.ToLocalChecked()
->Run(context);
}
static inline v8::Local<v8::Value> CompileRunChecked(v8::Isolate* isolate,
const char* source) {
v8::Local<v8::String> source_string =
[api] Create v8::String::NewFromLiteral that returns Local<String> String::NewFromLiteral is a templated function that takes a char[N] argument that can be used as an alternative to String::NewFromUtf8 and returns a Local<String> rather than a MaybeLocal<String> reducing the number of ToLocalChecked() or other checks. Since the string length is known at compile time, it can statically assert that the length is less than String::kMaxLength, which means that it can never fail at runtime. This also converts all found uses of NewFromUtf8 taking a string literal or a variable initialized from a string literal to use the new API. In some cases the types of stored string literals are changed from const char* to const char[] to ensure the size is retained. This API does introduce a small difference compared to NewFromUtf8. For a case like "abc\0def", NewFromUtf8 (using length -1 to infer length) would treat this as a 3 character string, whereas the new API will treat it as a 7 character string. As a drive-by fix, this also fixes all redundant uses of v8::NewStringType::kNormal when passed to any of the String::New* functions. Change-Id: Id96a44bc068d9c4eaa634aea688e024675a0e5b3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2089935 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: Mathias Bynens <mathias@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#66622}
2020-03-09 10:41:45 +00:00
v8::String::NewFromUtf8(isolate, source).ToLocalChecked();
v8::Local<v8::Context> context = isolate->GetCurrentContext();
v8::Local<v8::Script> script =
v8::Script::Compile(context, source_string).ToLocalChecked();
return script->Run(context).ToLocalChecked();
}
static inline v8::Local<v8::Value> CompileRun(v8::Local<v8::String> source) {
v8::Local<v8::Value> result;
if (v8_compile(source)
->Run(v8::Isolate::GetCurrent()->GetCurrentContext())
.ToLocal(&result)) {
return result;
}
return v8::Local<v8::Value>();
}
// Helper functions that compile and run the source.
static inline v8::Local<v8::Value> CompileRun(const char* source) {
return CompileRun(v8_str(source));
}
static inline v8::Local<v8::Value> CompileRun(
v8::Local<v8::Context> context, v8::ScriptCompiler::Source* script_source,
v8::ScriptCompiler::CompileOptions options) {
v8::Local<v8::Value> result;
if (v8::ScriptCompiler::Compile(context, script_source, options)
.ToLocalChecked()
->Run(context)
.ToLocal(&result)) {
return result;
}
return v8::Local<v8::Value>();
}
// Helper functions that compile and run the source with given origin.
static inline v8::Local<v8::Value> CompileRunWithOrigin(const char* source,
const char* origin_url,
int line_number,
int column_number) {
v8::Isolate* isolate = v8::Isolate::GetCurrent();
v8::Local<v8::Context> context = isolate->GetCurrentContext();
v8::ScriptOrigin origin(isolate, v8_str(origin_url), line_number,
column_number);
v8::ScriptCompiler::Source script_source(v8_str(source), origin);
return CompileRun(context, &script_source,
v8::ScriptCompiler::CompileOptions());
}
static inline v8::Local<v8::Value> CompileRunWithOrigin(
v8::Local<v8::String> source, const char* origin_url) {
v8::Isolate* isolate = v8::Isolate::GetCurrent();
v8::Local<v8::Context> context = isolate->GetCurrentContext();
v8::ScriptCompiler::Source script_source(
source, v8::ScriptOrigin(isolate, v8_str(origin_url)));
return CompileRun(context, &script_source,
v8::ScriptCompiler::CompileOptions());
}
static inline v8::Local<v8::Value> CompileRunWithOrigin(
const char* source, const char* origin_url) {
return CompileRunWithOrigin(v8_str(source), origin_url);
}
// Run a ScriptStreamingTask in a separate thread.
class StreamerThread : public v8::base::Thread {
public:
static void StartThreadForTaskAndJoin(
v8::ScriptCompiler::ScriptStreamingTask* task) {
StreamerThread thread(task);
CHECK(thread.Start());
thread.Join();
}
explicit StreamerThread(v8::ScriptCompiler::ScriptStreamingTask* task)
: Thread(Thread::Options()), task_(task) {}
void Run() override { task_->Run(); }
private:
v8::ScriptCompiler::ScriptStreamingTask* task_;
};
// Takes a JSFunction and runs it through the test version of the optimizing
// pipeline, allocating the temporary compilation artifacts in a given Zone.
// For possible {flags} values, look at OptimizedCompilationInfo::Flag. If
// {out_broker} is not nullptr, returns the JSHeapBroker via that (transferring
// ownership to the caller).
i::Handle<i::JSFunction> Optimize(
i::Handle<i::JSFunction> function, i::Zone* zone, i::Isolate* isolate,
uint32_t flags,
std::unique_ptr<i::compiler::JSHeapBroker>* out_broker = nullptr);
static inline void ExpectString(const char* code, const char* expected) {
v8::Local<v8::Value> result = CompileRun(code);
CHECK(result->IsString());
v8::String::Utf8Value utf8(v8::Isolate::GetCurrent(), result);
CHECK_EQ(0, strcmp(expected, *utf8));
}
static inline void ExpectInt32(const char* code, int expected) {
v8::Local<v8::Value> result = CompileRun(code);
CHECK(result->IsInt32());
CHECK_EQ(expected,
result->Int32Value(v8::Isolate::GetCurrent()->GetCurrentContext())
.FromJust());
}
static inline void ExpectBoolean(const char* code, bool expected) {
v8::Local<v8::Value> result = CompileRun(code);
CHECK(result->IsBoolean());
CHECK_EQ(expected, result->BooleanValue(v8::Isolate::GetCurrent()));
}
static inline void ExpectTrue(const char* code) {
ExpectBoolean(code, true);
}
static inline void ExpectFalse(const char* code) {
ExpectBoolean(code, false);
}
static inline void ExpectObject(const char* code,
v8::Local<v8::Value> expected) {
v8::Local<v8::Value> result = CompileRun(code);
CHECK(result->SameValue(expected));
}
static inline void ExpectUndefined(const char* code) {
v8::Local<v8::Value> result = CompileRun(code);
CHECK(result->IsUndefined());
}
static inline void ExpectNull(const char* code) {
v8::Local<v8::Value> result = CompileRun(code);
CHECK(result->IsNull());
}
static inline void CheckDoubleEquals(double expected, double actual) {
const double kEpsilon = 1e-10;
CHECK_LE(expected, actual + kEpsilon);
CHECK_GE(expected, actual - kEpsilon);
}
static v8::debug::DebugDelegate dummy_delegate;
static inline void EnableDebugger(v8::Isolate* isolate) {
v8::debug::SetDebugDelegate(isolate, &dummy_delegate);
}
static inline void DisableDebugger(v8::Isolate* isolate) {
v8::debug::SetDebugDelegate(isolate, nullptr);
}
static inline void EmptyMessageQueues(v8::Isolate* isolate) {
while (v8::platform::PumpMessageLoop(CcTest::default_platform(), isolate)) {
}
}
class InitializedHandleScopeImpl;
class V8_NODISCARD InitializedHandleScope {
public:
explicit InitializedHandleScope(i::Isolate* isolate = nullptr);
~InitializedHandleScope();
// Prefixing the below with main_ reduces a lot of naming clashes.
i::Isolate* main_isolate() { return main_isolate_; }
private:
i::Isolate* main_isolate_;
std::unique_ptr<InitializedHandleScopeImpl> initialized_handle_scope_impl_;
};
class V8_NODISCARD HandleAndZoneScope : public InitializedHandleScope {
public:
explicit HandleAndZoneScope(bool support_zone_compression = false);
~HandleAndZoneScope();
// Prefixing the below with main_ reduces a lot of naming clashes.
i::Zone* main_zone() { return main_zone_.get(); }
private:
v8::internal::AccountingAllocator allocator_;
std::unique_ptr<i::Zone> main_zone_;
};
class StaticOneByteResource : public v8::String::ExternalOneByteStringResource {
public:
explicit StaticOneByteResource(const char* data) : data_(data) {}
~StaticOneByteResource() override = default;
const char* data() const override { return data_; }
size_t length() const override { return strlen(data_); }
private:
const char* data_;
};
// ManualGCScope allows for disabling GC heuristics. This is useful for tests
// that want to check specific corner cases around GC.
//
// The scope will finalize any ongoing GC on the provided Isolate. If no Isolate
// is manually provided, it is assumed that a CcTest setup (e.g.
// CcTest::InitializeVM()) is used.
class V8_NODISCARD ManualGCScope {
public:
explicit ManualGCScope(
i::Isolate* isolate = reinterpret_cast<i::Isolate*>(CcTest::isolate_));
~ManualGCScope();
private:
const bool flag_concurrent_marking_;
const bool flag_concurrent_sweeping_;
const bool flag_stress_concurrent_allocation_;
const bool flag_stress_incremental_marking_;
const bool flag_parallel_marking_;
const bool flag_detect_ineffective_gcs_near_heap_limit_;
};
// This is a base class that can be overridden to implement a test platform. It
// delegates all operations to the default platform.
class TestPlatform : public v8::Platform {
public:
~TestPlatform() override = default;
// v8::Platform implementation.
v8::PageAllocator* GetPageAllocator() override;
void OnCriticalMemoryPressure() override;
int NumberOfWorkerThreads() override;
std::shared_ptr<v8::TaskRunner> GetForegroundTaskRunner(
v8::Isolate* isolate) override;
void CallOnWorkerThread(std::unique_ptr<v8::Task> task) override;
void CallDelayedOnWorkerThread(std::unique_ptr<v8::Task> task,
double delay_in_seconds) override;
std::unique_ptr<v8::JobHandle> PostJob(
v8::TaskPriority priority,
std::unique_ptr<v8::JobTask> job_task) override;
std::unique_ptr<v8::JobHandle> CreateJob(
v8::TaskPriority priority,
std::unique_ptr<v8::JobTask> job_task) override;
double MonotonicallyIncreasingTime() override;
double CurrentClockTimeMillis() override;
bool IdleTasksEnabled(v8::Isolate* isolate) override;
v8::TracingController* GetTracingController() override;
protected:
TestPlatform() = default;
};
Reland "[arm64] Protect return addresses stored on stack" This is a reland of 137bfe47c9af56dcf8466e2736579616e51b86df Original change's description: > [arm64] Protect return addresses stored on stack > > This change uses the Arm v8.3 pointer authentication instructions in > order to protect return addresses stored on the stack. The generated > code signs the return address before storing on the stack and > authenticates it after loading it. This also changes the stack frame > iterator in order to authenticate stored return addresses and re-sign > them when needed, as well as the deoptimizer in order to sign saved > return addresses when creating new frames. This offers a level of > protection against ROP attacks. > > This functionality is enabled with the v8_control_flow_integrity flag > that this CL introduces. > > The code size effect of this change is small for Octane (up to 2% in > some cases but mostly much lower) and negligible for larger benchmarks, > however code size measurements are rather noisy. The performance impact > on current cores (where the instructions are NOPs) is single digit, > around 1-2% for ARES-6 and Octane, and tends to be smaller for big > cores than for little cores. > > Bug: v8:10026 > Change-Id: I0081f3938c56e2f24d8227e4640032749f4f8368 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1373782 > Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66239} Bug: v8:10026 Change-Id: Id1adfa2e6c713f6977d69aa467986e48fe67b3c2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051958 Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#66254}
2020-02-12 11:45:31 +00:00
#if defined(USE_SIMULATOR)
class SimulatorHelper {
public:
inline bool Init(v8::Isolate* isolate) {
simulator_ = reinterpret_cast<v8::internal::Isolate*>(isolate)
->thread_local_top()
->simulator_;
// Check if there is active simulator.
return simulator_ != nullptr;
}
inline void FillRegisters(v8::RegisterState* state) {
#if V8_TARGET_ARCH_ARM
state->pc = reinterpret_cast<void*>(simulator_->get_pc());
state->sp = reinterpret_cast<void*>(
simulator_->get_register(v8::internal::Simulator::sp));
state->fp = reinterpret_cast<void*>(
simulator_->get_register(v8::internal::Simulator::r11));
state->lr = reinterpret_cast<void*>(
simulator_->get_register(v8::internal::Simulator::lr));
#elif V8_TARGET_ARCH_ARM64
if (simulator_->sp() == 0 || simulator_->fp() == 0) {
// It's possible that the simulator is interrupted while it is updating
// the sp or fp register. ARM64 simulator does this in two steps:
// first setting it to zero and then setting it to a new value.
// Bailout if sp/fp doesn't contain the new value.
return;
}
state->pc = reinterpret_cast<void*>(simulator_->pc());
state->sp = reinterpret_cast<void*>(simulator_->sp());
state->fp = reinterpret_cast<void*>(simulator_->fp());
state->lr = reinterpret_cast<void*>(simulator_->lr());
#elif V8_TARGET_ARCH_MIPS || V8_TARGET_ARCH_MIPS64
state->pc = reinterpret_cast<void*>(simulator_->get_pc());
state->sp = reinterpret_cast<void*>(
simulator_->get_register(v8::internal::Simulator::sp));
state->fp = reinterpret_cast<void*>(
simulator_->get_register(v8::internal::Simulator::fp));
#elif V8_TARGET_ARCH_PPC || V8_TARGET_ARCH_PPC64
state->pc = reinterpret_cast<void*>(simulator_->get_pc());
state->sp = reinterpret_cast<void*>(
simulator_->get_register(v8::internal::Simulator::sp));
state->fp = reinterpret_cast<void*>(
simulator_->get_register(v8::internal::Simulator::fp));
state->lr = reinterpret_cast<void*>(simulator_->get_lr());
#elif V8_TARGET_ARCH_S390 || V8_TARGET_ARCH_S390X
state->pc = reinterpret_cast<void*>(simulator_->get_pc());
state->sp = reinterpret_cast<void*>(
simulator_->get_register(v8::internal::Simulator::sp));
state->fp = reinterpret_cast<void*>(
simulator_->get_register(v8::internal::Simulator::fp));
state->lr = reinterpret_cast<void*>(
simulator_->get_register(v8::internal::Simulator::ra));
#endif
}
private:
v8::internal::Simulator* simulator_;
};
#endif // USE_SIMULATOR
// The following should correspond to Chromium's kV8DOMWrapperTypeIndex and
// kV8DOMWrapperObjectIndex.
static const int kV8WrapperTypeIndex = 0;
static const int kV8WrapperObjectIndex = 1;
enum class ApiCheckerResult : uint8_t {
kNotCalled = 0,
kSlowCalled = 1 << 0,
kFastCalled = 1 << 1,
};
using ApiCheckerResultFlags = v8::base::Flags<ApiCheckerResult>;
DEFINE_OPERATORS_FOR_FLAGS(ApiCheckerResultFlags)
bool IsValidUnwrapObject(v8::Object* object);
Reland "[fastcall] Add support for leaf interface type checks" This is a reland of 6124a534b2de3f640a67fb36ee6ae2fdc4535542 It fixes a UAF issue in the d8 test by moving the test API object constructor to PerIsolateData. It also fixes a crash in Chromium caused by current usage of v8::ApiObject, which should be migrated to v8::Value*. Original change's description: > [fastcall] Add support for leaf interface type checks > > This CL adds an IsTemplateForApiObject method to FunctionTemplate > allowing the embedder to check whether a given API object was > instantiated by this template without including parent templates > in the search. It also replaces the v8::ApiObject in the fast API > with a raw v8::Value pointer to allow use of standard C++ casts. > > Bug: chromium:1052746 > Change-Id: I0812ec8b4daaa5f5005aabf10b63e1e84e0b8f03 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595310 > Commit-Queue: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> > Cr-Commit-Position: refs/heads/master@{#73999} Bug: chromium:1052746, chromium:1199900 Change-Id: I4b7f0c9e9152919dde4a1d0c48fbf5ac8c5b13d8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2835711 Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#74064}
2021-04-20 08:48:41 +00:00
template <typename T>
T* GetInternalField(v8::Object* wrapper) {
Reland "[fastcall] Add support for leaf interface type checks" This is a reland of 6124a534b2de3f640a67fb36ee6ae2fdc4535542 It fixes a UAF issue in the d8 test by moving the test API object constructor to PerIsolateData. It also fixes a crash in Chromium caused by current usage of v8::ApiObject, which should be migrated to v8::Value*. Original change's description: > [fastcall] Add support for leaf interface type checks > > This CL adds an IsTemplateForApiObject method to FunctionTemplate > allowing the embedder to check whether a given API object was > instantiated by this template without including parent templates > in the search. It also replaces the v8::ApiObject in the fast API > with a raw v8::Value pointer to allow use of standard C++ casts. > > Bug: chromium:1052746 > Change-Id: I0812ec8b4daaa5f5005aabf10b63e1e84e0b8f03 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595310 > Commit-Queue: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> > Cr-Commit-Position: refs/heads/master@{#73999} Bug: chromium:1052746, chromium:1199900 Change-Id: I4b7f0c9e9152919dde4a1d0c48fbf5ac8c5b13d8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2835711 Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#74064}
2021-04-20 08:48:41 +00:00
assert(kV8WrapperObjectIndex < wrapper->InternalFieldCount());
return reinterpret_cast<T*>(
Reland "[fastcall] Add support for leaf interface type checks" This is a reland of 6124a534b2de3f640a67fb36ee6ae2fdc4535542 It fixes a UAF issue in the d8 test by moving the test API object constructor to PerIsolateData. It also fixes a crash in Chromium caused by current usage of v8::ApiObject, which should be migrated to v8::Value*. Original change's description: > [fastcall] Add support for leaf interface type checks > > This CL adds an IsTemplateForApiObject method to FunctionTemplate > allowing the embedder to check whether a given API object was > instantiated by this template without including parent templates > in the search. It also replaces the v8::ApiObject in the fast API > with a raw v8::Value pointer to allow use of standard C++ casts. > > Bug: chromium:1052746 > Change-Id: I0812ec8b4daaa5f5005aabf10b63e1e84e0b8f03 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595310 > Commit-Queue: Maya Lekova <mslekova@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> > Cr-Commit-Position: refs/heads/master@{#73999} Bug: chromium:1052746, chromium:1199900 Change-Id: I4b7f0c9e9152919dde4a1d0c48fbf5ac8c5b13d8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2835711 Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#74064}
2021-04-20 08:48:41 +00:00
wrapper->GetAlignedPointerFromInternalField(kV8WrapperObjectIndex));
}
#endif // ifndef CCTEST_H_