diff --git a/BUILD.gn b/BUILD.gn index 4b8965626b..43667839c5 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -307,10 +307,6 @@ declare_args() { # Sets -DV8_ENABLE_SANDBOX. v8_enable_sandbox = "" - # Enable sandboxing for all external pointers. Requires v8_enable_sandbox. - # Sets -DV8_SANDBOXED_EXTERNAL_POINTERS. - v8_enable_sandboxed_external_pointers = false - # Enable all available sandbox features. Implies v8_enable_sandbox. v8_enable_sandbox_future = false @@ -534,7 +530,6 @@ if (v8_enable_sandbox == "") { # Enable all available sandbox features if sandbox future is enabled. if (v8_enable_sandbox_future) { - v8_enable_sandboxed_external_pointers = true v8_enable_sandbox = true } @@ -569,9 +564,6 @@ assert(!v8_enable_sandbox || v8_enable_pointer_compression_shared_cage, assert(!v8_enable_sandbox || v8_enable_external_code_space, "The sandbox requires the external code space") -assert(!v8_enable_sandboxed_external_pointers || v8_enable_sandbox, - "Sandboxed external pointers require the sandbox") - assert(!v8_expose_memory_corruption_api || v8_enable_sandbox, "The Memory Corruption API requires the sandbox") @@ -749,7 +741,6 @@ external_v8_defines = [ "V8_31BIT_SMIS_ON_64BIT_ARCH", "V8_COMPRESS_ZONES", "V8_ENABLE_SANDBOX", - "V8_SANDBOXED_EXTERNAL_POINTERS", "V8_DEPRECATION_WARNINGS", "V8_IMMINENT_DEPRECATION_WARNINGS", "V8_NO_ARGUMENTS_ADAPTOR", @@ -780,9 +771,6 @@ if (v8_enable_zone_compression) { if (v8_enable_sandbox) { enabled_external_v8_defines += [ "V8_ENABLE_SANDBOX" ] } -if (v8_enable_sandboxed_external_pointers) { - enabled_external_v8_defines += [ "V8_SANDBOXED_EXTERNAL_POINTERS" ] -} if (v8_deprecation_warnings) { enabled_external_v8_defines += [ "V8_DEPRECATION_WARNINGS" ] } diff --git a/include/v8-initialization.h b/include/v8-initialization.h index 7bbec662a7..d3e35d6ec5 100644 --- a/include/v8-initialization.h +++ b/include/v8-initialization.h @@ -100,9 +100,6 @@ class V8_EXPORT V8 { const int kBuildConfiguration = (internal::PointerCompressionIsEnabled() ? kPointerCompression : 0) | (internal::SmiValuesAre31Bits() ? k31BitSmis : 0) | - (internal::SandboxedExternalPointersAreEnabled() - ? kSandboxedExternalPointers - : 0) | (internal::SandboxIsEnabled() ? kSandbox : 0); return Initialize(kBuildConfiguration); } @@ -273,8 +270,7 @@ class V8_EXPORT V8 { enum BuildConfigurationFeatures { kPointerCompression = 1 << 0, k31BitSmis = 1 << 1, - kSandboxedExternalPointers = 1 << 2, - kSandbox = 1 << 3, + kSandbox = 1 << 2, }; /** diff --git a/include/v8-internal.h b/include/v8-internal.h index 818c720cb4..ed6aff1426 100644 --- a/include/v8-internal.h +++ b/include/v8-internal.h @@ -166,14 +166,6 @@ constexpr bool SandboxIsEnabled() { #endif } -constexpr bool SandboxedExternalPointersAreEnabled() { -#ifdef V8_SANDBOXED_EXTERNAL_POINTERS - return true; -#else - return false; -#endif -} - // SandboxedPointers are guaranteed to point into the sandbox. This is achieved // for example by storing them as offset rather than as raw pointers. using SandboxedPointer_t = Address; @@ -272,7 +264,7 @@ using ExternalPointerHandle = uint32_t; // ExternalPointers point to objects located outside the sandbox. When // sandboxed external pointers are enabled, these are stored on heap as // ExternalPointerHandles, otherwise they are simply raw pointers. -#ifdef V8_SANDBOXED_EXTERNAL_POINTERS +#ifdef V8_ENABLE_SANDBOX using ExternalPointer_t = ExternalPointerHandle; #else using ExternalPointer_t = Address; @@ -399,9 +391,8 @@ constexpr uint64_t kAllExternalPointerTypeTags[] = { // When the sandbox is enabled, external pointers marked as "sandboxed" above // use the external pointer table (i.e. are sandboxed). This allows a gradual -// rollout of external pointer sandboxing. If V8_SANDBOXED_EXTERNAL_POINTERS is -// defined, all external pointers are sandboxed. If the sandbox is off, no -// external pointers are sandboxed. +// rollout of external pointer sandboxing. If the sandbox is off, no external +// pointers are sandboxed. // // Sandboxed external pointer tags are available when compressing pointers even // when the sandbox is off. Some tags (e.g. kWaiterQueueNodeTag) are used @@ -409,9 +400,7 @@ constexpr uint64_t kAllExternalPointerTypeTags[] = { // alignment requirements. #define sandboxed(X) (X << kExternalPointerTagShift) | kExternalPointerMarkBit #define unsandboxed(X) kUnsandboxedExternalPointerTag -#if defined(V8_SANDBOXED_EXTERNAL_POINTERS) -#define EXTERNAL_POINTER_TAG_ENUM(Name, State, Bits) Name = sandboxed(Bits), -#elif defined(V8_COMPRESS_POINTERS) +#if defined(V8_COMPRESS_POINTERS) #define EXTERNAL_POINTER_TAG_ENUM(Name, State, Bits) Name = State(Bits), #else #define EXTERNAL_POINTER_TAG_ENUM(Name, State, Bits) Name = unsandboxed(Bits), diff --git a/src/api/api.cc b/src/api/api.cc index b172a1d07e..96e8b69e29 100644 --- a/src/api/api.cc +++ b/src/api/api.cc @@ -6162,17 +6162,6 @@ bool v8::V8::Initialize(const int build_config) { kEmbedderSmiValueSize, internal::kSmiValueSize); } - const bool kEmbedderSandboxedExternalPointers = - (build_config & kSandboxedExternalPointers) != 0; - if (kEmbedderSandboxedExternalPointers != - V8_SANDBOXED_EXTERNAL_POINTERS_BOOL) { - FATAL( - "Embedder-vs-V8 build configuration mismatch. On embedder side " - "sandboxed external pointers is %s while on V8 side it's %s.", - kEmbedderSandboxedExternalPointers ? "ENABLED" : "DISABLED", - V8_SANDBOXED_EXTERNAL_POINTERS_BOOL ? "ENABLED" : "DISABLED"); - } - const bool kEmbedderSandbox = (build_config & kSandbox) != 0; if (kEmbedderSandbox != V8_ENABLE_SANDBOX_BOOL) { FATAL( diff --git a/src/codegen/tnode.h b/src/codegen/tnode.h index ecd2974b95..1094e7faaf 100644 --- a/src/codegen/tnode.h +++ b/src/codegen/tnode.h @@ -88,7 +88,7 @@ struct ExternalPointerHandleT : Uint32T { static constexpr MachineType kMachineType = MachineType::Uint32(); }; -#ifdef V8_SANDBOXED_EXTERNAL_POINTERS +#ifdef V8_ENABLE_SANDBOX struct ExternalPointerT : Uint32T { static constexpr MachineType kMachineType = MachineType::Uint32(); }; diff --git a/src/common/globals.h b/src/common/globals.h index bd3fd56e87..467a5197ec 100644 --- a/src/common/globals.h +++ b/src/common/globals.h @@ -124,12 +124,6 @@ namespace internal { #define V8_CAN_CREATE_SHARED_HEAP_BOOL false #endif -#ifdef V8_SANDBOXED_EXTERNAL_POINTERS -#define V8_SANDBOXED_EXTERNAL_POINTERS_BOOL true -#else -#define V8_SANDBOXED_EXTERNAL_POINTERS_BOOL false -#endif - #ifdef V8_ENABLE_SANDBOX #define V8_ENABLE_SANDBOX_BOOL true #else @@ -511,7 +505,7 @@ static_assert(kPointerSize == (1 << kPointerSizeLog2)); // This type defines raw storage type for external (or off-V8 heap) pointers // stored on V8 heap. constexpr int kExternalPointerSlotSize = sizeof(ExternalPointer_t); -#ifdef V8_SANDBOXED_EXTERNAL_POINTERS +#ifdef V8_ENABLE_SANDBOX static_assert(kExternalPointerSlotSize == kTaggedSize); #else static_assert(kExternalPointerSlotSize == kSystemPointerSize); diff --git a/src/objects/slots-inl.h b/src/objects/slots-inl.h index 021293b402..989a553f81 100644 --- a/src/objects/slots-inl.h +++ b/src/objects/slots-inl.h @@ -221,7 +221,7 @@ void ExternalPointerSlot::store(Isolate* isolate, Address value, ExternalPointerSlot::RawContent ExternalPointerSlot::GetAndClearContentForSerialization( const DisallowGarbageCollection& no_gc) { -#ifdef V8_SANDBOXED_EXTERNAL_POINTERS +#ifdef V8_ENABLE_SANDBOX ExternalPointerHandle content = Relaxed_LoadHandle(); Relaxed_StoreHandle(kNullExternalPointerHandle); #else @@ -234,7 +234,7 @@ ExternalPointerSlot::GetAndClearContentForSerialization( void ExternalPointerSlot::RestoreContentAfterSerialization( ExternalPointerSlot::RawContent content, const DisallowGarbageCollection& no_gc) { -#ifdef V8_SANDBOXED_EXTERNAL_POINTERS +#ifdef V8_ENABLE_SANDBOX return Relaxed_StoreHandle(content); #else return WriteMaybeUnalignedValue
(address(), content); diff --git a/src/snapshot/serializer.cc b/src/snapshot/serializer.cc index af814ed415..4410790f19 100644 --- a/src/snapshot/serializer.cc +++ b/src/snapshot/serializer.cc @@ -1238,7 +1238,7 @@ void Serializer::ObjectSerializer::OutputRawData(Address up_to) { // snapshot deterministic. CHECK_EQ(CodeDataContainer::kCodeCageBaseUpper32BitsOffset + kTaggedSize, CodeDataContainer::kCodeEntryPointOffset); - static byte field_value[kTaggedSize + kExternalPointerSlotSize] = {0}; + static byte field_value[kTaggedSize + kSystemPointerSize] = {0}; OutputRawWithCustomField( sink_, object_start, base, bytes_to_output, CodeDataContainer::kCodeCageBaseUpper32BitsOffset, diff --git a/src/torque/torque-parser.cc b/src/torque/torque-parser.cc index 92481b2395..596cc0740d 100644 --- a/src/torque/torque-parser.cc +++ b/src/torque/torque-parser.cc @@ -68,8 +68,6 @@ class BuildFlags : public ContextualClass { build_flags_["V8_ENABLE_WEBASSEMBLY"] = false; #endif build_flags_["V8_ENABLE_SANDBOX"] = V8_ENABLE_SANDBOX_BOOL; - build_flags_["V8_SANDBOXED_EXTERNAL_POINTERS"] = - V8_SANDBOXED_EXTERNAL_POINTERS_BOOL; build_flags_["DEBUG"] = DEBUG_BOOL; } static bool GetFlag(const std::string& name, const char* production) { diff --git a/src/wasm/wasm-objects.tq b/src/wasm/wasm-objects.tq index 9807983b1d..55a7e7458d 100644 --- a/src/wasm/wasm-objects.tq +++ b/src/wasm/wasm-objects.tq @@ -14,9 +14,9 @@ extern class WasmInstanceObject extends JSObject; // Represents the context of a function that is defined through the JS or C // APIs. Corresponds to the WasmInstanceObject passed to a Wasm function // reference. -// TODO(manoskouk): If V8_SANDBOXED_EXTERNAL_POINTERS, we cannot encode the -// isolate_root as a sandboxed pointer, because that would require having access -// to the isolate root in the first place. +// TODO(manoskouk): If V8_ENABLE_SANDBOX, we cannot encode the isolate_root as +// a sandboxed pointer, because that would require having access to the isolate +// root in the first place. extern class WasmApiFunctionRef extends HeapObject { isolate_root: RawPtr; native_context: NativeContext; diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc index 0fafc70114..7c1337490a 100644 --- a/test/cctest/test-api.cc +++ b/test/cctest/test-api.cc @@ -687,9 +687,8 @@ TEST(MakingExternalStringConditions) { CHECK(local_string->CanMakeExternal()); // Tiny strings are not in-place externalizable when pointer compression is - // enabled, but they are if sandboxed external pointers are enabled. - CHECK_EQ(V8_SANDBOXED_EXTERNAL_POINTERS_BOOL || - i::kTaggedSize == i::kSystemPointerSize, + // enabled, but they are if the sandbox is enabled. + CHECK_EQ(V8_ENABLE_SANDBOX_BOOL || i::kTaggedSize == i::kSystemPointerSize, tiny_local_string->CanMakeExternal()); } diff --git a/test/cctest/test-strings.cc b/test/cctest/test-strings.cc index 4cc8ca0791..bfabd3ae38 100644 --- a/test/cctest/test-strings.cc +++ b/test/cctest/test-strings.cc @@ -2066,11 +2066,11 @@ TEST(CheckCachedDataInternalExternalUncachedString) { // that we indeed cached it. Handle external_string = Handle::cast(string); - // If sandboxed external pointers are enabled, string objects will always be - // cacheable because they are smaller. - CHECK(V8_SANDBOXED_EXTERNAL_POINTERS_BOOL || external_string->is_uncached()); + // If the sandbox is enabled, string objects will always be cacheable because + // they are smaller. + CHECK(V8_ENABLE_SANDBOX_BOOL || external_string->is_uncached()); CHECK(external_string->resource()->IsCacheable()); - if (!V8_SANDBOXED_EXTERNAL_POINTERS_BOOL) { + if (!V8_ENABLE_SANDBOX_BOOL) { CHECK_NOT_NULL(external_string->resource()->cached_data()); CHECK_EQ(external_string->resource()->cached_data(), external_string->resource()->data()); @@ -2109,11 +2109,11 @@ TEST(CheckCachedDataInternalExternalUncachedStringTwoByte) { // that we indeed cached it. Handle external_string = Handle::cast(string); - // If sandboxed external pointers are enabled, string objects will always be - // cacheable because they are smaller. - CHECK(V8_SANDBOXED_EXTERNAL_POINTERS_BOOL || external_string->is_uncached()); + // If the sandbox is enabled, string objects will always be cacheable because + // they are smaller. + CHECK(V8_ENABLE_SANDBOX_BOOL || external_string->is_uncached()); CHECK(external_string->resource()->IsCacheable()); - if (!V8_SANDBOXED_EXTERNAL_POINTERS_BOOL) { + if (!V8_ENABLE_SANDBOX_BOOL) { CHECK_NOT_NULL(external_string->resource()->cached_data()); CHECK_EQ(external_string->resource()->cached_data(), external_string->resource()->data()); diff --git a/tools/v8heapconst.py b/tools/v8heapconst.py index 1812c48885..34bcad23fe 100644 --- a/tools/v8heapconst.py +++ b/tools/v8heapconst.py @@ -515,67 +515,67 @@ KNOWN_OBJECTS = { ("read_only_space", 0x04b49): "NativeScopeInfo", ("read_only_space", 0x04b61): "HashSeed", ("old_space", 0x04235): "ArgumentsIteratorAccessor", - ("old_space", 0x04255): "ArrayLengthAccessor", - ("old_space", 0x04275): "BoundFunctionLengthAccessor", - ("old_space", 0x04295): "BoundFunctionNameAccessor", - ("old_space", 0x042b5): "ErrorStackAccessor", - ("old_space", 0x042d5): "FunctionArgumentsAccessor", - ("old_space", 0x042f5): "FunctionCallerAccessor", - ("old_space", 0x04315): "FunctionNameAccessor", - ("old_space", 0x04335): "FunctionLengthAccessor", - ("old_space", 0x04355): "FunctionPrototypeAccessor", - ("old_space", 0x04375): "SharedArrayLengthAccessor", - ("old_space", 0x04395): "StringLengthAccessor", - ("old_space", 0x043b5): "ValueUnavailableAccessor", - ("old_space", 0x043d5): "WrappedFunctionLengthAccessor", - ("old_space", 0x043f5): "WrappedFunctionNameAccessor", - ("old_space", 0x04415): "InvalidPrototypeValidityCell", - ("old_space", 0x0441d): "EmptyScript", - ("old_space", 0x04461): "ManyClosuresCell", - ("old_space", 0x0446d): "ArrayConstructorProtector", - ("old_space", 0x04481): "NoElementsProtector", - ("old_space", 0x04495): "MegaDOMProtector", - ("old_space", 0x044a9): "IsConcatSpreadableProtector", - ("old_space", 0x044bd): "ArraySpeciesProtector", - ("old_space", 0x044d1): "TypedArraySpeciesProtector", - ("old_space", 0x044e5): "PromiseSpeciesProtector", - ("old_space", 0x044f9): "RegExpSpeciesProtector", - ("old_space", 0x0450d): "StringLengthProtector", - ("old_space", 0x04521): "ArrayIteratorProtector", - ("old_space", 0x04535): "ArrayBufferDetachingProtector", - ("old_space", 0x04549): "PromiseHookProtector", - ("old_space", 0x0455d): "PromiseResolveProtector", - ("old_space", 0x04571): "MapIteratorProtector", - ("old_space", 0x04585): "PromiseThenProtector", - ("old_space", 0x04599): "SetIteratorProtector", - ("old_space", 0x045ad): "StringIteratorProtector", - ("old_space", 0x045c1): "StringSplitCache", - ("old_space", 0x049c9): "RegExpMultipleCache", - ("old_space", 0x04dd1): "BuiltinsConstantsTable", - ("old_space", 0x05225): "AsyncFunctionAwaitRejectSharedFun", - ("old_space", 0x05249): "AsyncFunctionAwaitResolveSharedFun", - ("old_space", 0x0526d): "AsyncGeneratorAwaitRejectSharedFun", - ("old_space", 0x05291): "AsyncGeneratorAwaitResolveSharedFun", - ("old_space", 0x052b5): "AsyncGeneratorYieldResolveSharedFun", - ("old_space", 0x052d9): "AsyncGeneratorReturnResolveSharedFun", - ("old_space", 0x052fd): "AsyncGeneratorReturnClosedRejectSharedFun", - ("old_space", 0x05321): "AsyncGeneratorReturnClosedResolveSharedFun", - ("old_space", 0x05345): "AsyncIteratorValueUnwrapSharedFun", - ("old_space", 0x05369): "PromiseAllResolveElementSharedFun", - ("old_space", 0x0538d): "PromiseAllSettledResolveElementSharedFun", - ("old_space", 0x053b1): "PromiseAllSettledRejectElementSharedFun", - ("old_space", 0x053d5): "PromiseAnyRejectElementSharedFun", - ("old_space", 0x053f9): "PromiseCapabilityDefaultRejectSharedFun", - ("old_space", 0x0541d): "PromiseCapabilityDefaultResolveSharedFun", - ("old_space", 0x05441): "PromiseCatchFinallySharedFun", - ("old_space", 0x05465): "PromiseGetCapabilitiesExecutorSharedFun", - ("old_space", 0x05489): "PromiseThenFinallySharedFun", - ("old_space", 0x054ad): "PromiseThrowerFinallySharedFun", - ("old_space", 0x054d1): "PromiseValueThunkFinallySharedFun", - ("old_space", 0x054f5): "ProxyRevokeSharedFun", - ("old_space", 0x05519): "ShadowRealmImportValueFulfilledSFI", - ("old_space", 0x0553d): "SourceTextModuleExecuteAsyncModuleFulfilledSFI", - ("old_space", 0x05561): "SourceTextModuleExecuteAsyncModuleRejectedSFI", + ("old_space", 0x0424d): "ArrayLengthAccessor", + ("old_space", 0x04265): "BoundFunctionLengthAccessor", + ("old_space", 0x0427d): "BoundFunctionNameAccessor", + ("old_space", 0x04295): "ErrorStackAccessor", + ("old_space", 0x042ad): "FunctionArgumentsAccessor", + ("old_space", 0x042c5): "FunctionCallerAccessor", + ("old_space", 0x042dd): "FunctionNameAccessor", + ("old_space", 0x042f5): "FunctionLengthAccessor", + ("old_space", 0x0430d): "FunctionPrototypeAccessor", + ("old_space", 0x04325): "SharedArrayLengthAccessor", + ("old_space", 0x0433d): "StringLengthAccessor", + ("old_space", 0x04355): "ValueUnavailableAccessor", + ("old_space", 0x0436d): "WrappedFunctionLengthAccessor", + ("old_space", 0x04385): "WrappedFunctionNameAccessor", + ("old_space", 0x0439d): "InvalidPrototypeValidityCell", + ("old_space", 0x043a5): "EmptyScript", + ("old_space", 0x043e9): "ManyClosuresCell", + ("old_space", 0x043f5): "ArrayConstructorProtector", + ("old_space", 0x04409): "NoElementsProtector", + ("old_space", 0x0441d): "MegaDOMProtector", + ("old_space", 0x04431): "IsConcatSpreadableProtector", + ("old_space", 0x04445): "ArraySpeciesProtector", + ("old_space", 0x04459): "TypedArraySpeciesProtector", + ("old_space", 0x0446d): "PromiseSpeciesProtector", + ("old_space", 0x04481): "RegExpSpeciesProtector", + ("old_space", 0x04495): "StringLengthProtector", + ("old_space", 0x044a9): "ArrayIteratorProtector", + ("old_space", 0x044bd): "ArrayBufferDetachingProtector", + ("old_space", 0x044d1): "PromiseHookProtector", + ("old_space", 0x044e5): "PromiseResolveProtector", + ("old_space", 0x044f9): "MapIteratorProtector", + ("old_space", 0x0450d): "PromiseThenProtector", + ("old_space", 0x04521): "SetIteratorProtector", + ("old_space", 0x04535): "StringIteratorProtector", + ("old_space", 0x04549): "StringSplitCache", + ("old_space", 0x04951): "RegExpMultipleCache", + ("old_space", 0x04d59): "BuiltinsConstantsTable", + ("old_space", 0x051ad): "AsyncFunctionAwaitRejectSharedFun", + ("old_space", 0x051d1): "AsyncFunctionAwaitResolveSharedFun", + ("old_space", 0x051f5): "AsyncGeneratorAwaitRejectSharedFun", + ("old_space", 0x05219): "AsyncGeneratorAwaitResolveSharedFun", + ("old_space", 0x0523d): "AsyncGeneratorYieldResolveSharedFun", + ("old_space", 0x05261): "AsyncGeneratorReturnResolveSharedFun", + ("old_space", 0x05285): "AsyncGeneratorReturnClosedRejectSharedFun", + ("old_space", 0x052a9): "AsyncGeneratorReturnClosedResolveSharedFun", + ("old_space", 0x052cd): "AsyncIteratorValueUnwrapSharedFun", + ("old_space", 0x052f1): "PromiseAllResolveElementSharedFun", + ("old_space", 0x05315): "PromiseAllSettledResolveElementSharedFun", + ("old_space", 0x05339): "PromiseAllSettledRejectElementSharedFun", + ("old_space", 0x0535d): "PromiseAnyRejectElementSharedFun", + ("old_space", 0x05381): "PromiseCapabilityDefaultRejectSharedFun", + ("old_space", 0x053a5): "PromiseCapabilityDefaultResolveSharedFun", + ("old_space", 0x053c9): "PromiseCatchFinallySharedFun", + ("old_space", 0x053ed): "PromiseGetCapabilitiesExecutorSharedFun", + ("old_space", 0x05411): "PromiseThenFinallySharedFun", + ("old_space", 0x05435): "PromiseThrowerFinallySharedFun", + ("old_space", 0x05459): "PromiseValueThunkFinallySharedFun", + ("old_space", 0x0547d): "ProxyRevokeSharedFun", + ("old_space", 0x054a1): "ShadowRealmImportValueFulfilledSFI", + ("old_space", 0x054c5): "SourceTextModuleExecuteAsyncModuleFulfilledSFI", + ("old_space", 0x054e9): "SourceTextModuleExecuteAsyncModuleRejectedSFI", } # Lower 32 bits of first page addresses for various heap spaces.