Reland "[sandbox] Fold V8_SANDBOXED_EXTERNAL_POINTERS into V8_ENABLE_SANDBOX"
This is a reland of commit 49c5967830
The non-deterministic snapshot issue has been fixed by using the correct
field size for CodeDataContainers in serializer.cc.
Original change's description:
> [sandbox] Fold V8_SANDBOXED_EXTERNAL_POINTERS into V8_ENABLE_SANDBOX
>
> Now that all external pointers have been sandboxed,
> V8_SANDBOXED_EXTERNAL_POINTERS is no longer needed. This change also
> shrinks external pointer slots to 32 bits when the sandbox is enabled.
>
> Bug: v8:10391
> Change-Id: Iccbef27ac107b988cb23fe9ef66da6fe0bae087a
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869269
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83083}
Bug: v8:10391
Change-Id: I29870404406902d99ba6016c570cc0c4d05c6c85
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3887899
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83130}
This commit is contained in:
parent
c1e067e993
commit
0e2dbaac6b
12
BUILD.gn
12
BUILD.gn
@ -307,10 +307,6 @@ declare_args() {
|
||||
# Sets -DV8_ENABLE_SANDBOX.
|
||||
v8_enable_sandbox = ""
|
||||
|
||||
# Enable sandboxing for all external pointers. Requires v8_enable_sandbox.
|
||||
# Sets -DV8_SANDBOXED_EXTERNAL_POINTERS.
|
||||
v8_enable_sandboxed_external_pointers = false
|
||||
|
||||
# Enable all available sandbox features. Implies v8_enable_sandbox.
|
||||
v8_enable_sandbox_future = false
|
||||
|
||||
@ -534,7 +530,6 @@ if (v8_enable_sandbox == "") {
|
||||
|
||||
# Enable all available sandbox features if sandbox future is enabled.
|
||||
if (v8_enable_sandbox_future) {
|
||||
v8_enable_sandboxed_external_pointers = true
|
||||
v8_enable_sandbox = true
|
||||
}
|
||||
|
||||
@ -569,9 +564,6 @@ assert(!v8_enable_sandbox || v8_enable_pointer_compression_shared_cage,
|
||||
assert(!v8_enable_sandbox || v8_enable_external_code_space,
|
||||
"The sandbox requires the external code space")
|
||||
|
||||
assert(!v8_enable_sandboxed_external_pointers || v8_enable_sandbox,
|
||||
"Sandboxed external pointers require the sandbox")
|
||||
|
||||
assert(!v8_expose_memory_corruption_api || v8_enable_sandbox,
|
||||
"The Memory Corruption API requires the sandbox")
|
||||
|
||||
@ -749,7 +741,6 @@ external_v8_defines = [
|
||||
"V8_31BIT_SMIS_ON_64BIT_ARCH",
|
||||
"V8_COMPRESS_ZONES",
|
||||
"V8_ENABLE_SANDBOX",
|
||||
"V8_SANDBOXED_EXTERNAL_POINTERS",
|
||||
"V8_DEPRECATION_WARNINGS",
|
||||
"V8_IMMINENT_DEPRECATION_WARNINGS",
|
||||
"V8_NO_ARGUMENTS_ADAPTOR",
|
||||
@ -780,9 +771,6 @@ if (v8_enable_zone_compression) {
|
||||
if (v8_enable_sandbox) {
|
||||
enabled_external_v8_defines += [ "V8_ENABLE_SANDBOX" ]
|
||||
}
|
||||
if (v8_enable_sandboxed_external_pointers) {
|
||||
enabled_external_v8_defines += [ "V8_SANDBOXED_EXTERNAL_POINTERS" ]
|
||||
}
|
||||
if (v8_deprecation_warnings) {
|
||||
enabled_external_v8_defines += [ "V8_DEPRECATION_WARNINGS" ]
|
||||
}
|
||||
|
@ -100,9 +100,6 @@ class V8_EXPORT V8 {
|
||||
const int kBuildConfiguration =
|
||||
(internal::PointerCompressionIsEnabled() ? kPointerCompression : 0) |
|
||||
(internal::SmiValuesAre31Bits() ? k31BitSmis : 0) |
|
||||
(internal::SandboxedExternalPointersAreEnabled()
|
||||
? kSandboxedExternalPointers
|
||||
: 0) |
|
||||
(internal::SandboxIsEnabled() ? kSandbox : 0);
|
||||
return Initialize(kBuildConfiguration);
|
||||
}
|
||||
@ -273,8 +270,7 @@ class V8_EXPORT V8 {
|
||||
enum BuildConfigurationFeatures {
|
||||
kPointerCompression = 1 << 0,
|
||||
k31BitSmis = 1 << 1,
|
||||
kSandboxedExternalPointers = 1 << 2,
|
||||
kSandbox = 1 << 3,
|
||||
kSandbox = 1 << 2,
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -166,14 +166,6 @@ constexpr bool SandboxIsEnabled() {
|
||||
#endif
|
||||
}
|
||||
|
||||
constexpr bool SandboxedExternalPointersAreEnabled() {
|
||||
#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
|
||||
return true;
|
||||
#else
|
||||
return false;
|
||||
#endif
|
||||
}
|
||||
|
||||
// SandboxedPointers are guaranteed to point into the sandbox. This is achieved
|
||||
// for example by storing them as offset rather than as raw pointers.
|
||||
using SandboxedPointer_t = Address;
|
||||
@ -272,7 +264,7 @@ using ExternalPointerHandle = uint32_t;
|
||||
// ExternalPointers point to objects located outside the sandbox. When
|
||||
// sandboxed external pointers are enabled, these are stored on heap as
|
||||
// ExternalPointerHandles, otherwise they are simply raw pointers.
|
||||
#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
|
||||
#ifdef V8_ENABLE_SANDBOX
|
||||
using ExternalPointer_t = ExternalPointerHandle;
|
||||
#else
|
||||
using ExternalPointer_t = Address;
|
||||
@ -399,9 +391,8 @@ constexpr uint64_t kAllExternalPointerTypeTags[] = {
|
||||
|
||||
// When the sandbox is enabled, external pointers marked as "sandboxed" above
|
||||
// use the external pointer table (i.e. are sandboxed). This allows a gradual
|
||||
// rollout of external pointer sandboxing. If V8_SANDBOXED_EXTERNAL_POINTERS is
|
||||
// defined, all external pointers are sandboxed. If the sandbox is off, no
|
||||
// external pointers are sandboxed.
|
||||
// rollout of external pointer sandboxing. If the sandbox is off, no external
|
||||
// pointers are sandboxed.
|
||||
//
|
||||
// Sandboxed external pointer tags are available when compressing pointers even
|
||||
// when the sandbox is off. Some tags (e.g. kWaiterQueueNodeTag) are used
|
||||
@ -409,9 +400,7 @@ constexpr uint64_t kAllExternalPointerTypeTags[] = {
|
||||
// alignment requirements.
|
||||
#define sandboxed(X) (X << kExternalPointerTagShift) | kExternalPointerMarkBit
|
||||
#define unsandboxed(X) kUnsandboxedExternalPointerTag
|
||||
#if defined(V8_SANDBOXED_EXTERNAL_POINTERS)
|
||||
#define EXTERNAL_POINTER_TAG_ENUM(Name, State, Bits) Name = sandboxed(Bits),
|
||||
#elif defined(V8_COMPRESS_POINTERS)
|
||||
#if defined(V8_COMPRESS_POINTERS)
|
||||
#define EXTERNAL_POINTER_TAG_ENUM(Name, State, Bits) Name = State(Bits),
|
||||
#else
|
||||
#define EXTERNAL_POINTER_TAG_ENUM(Name, State, Bits) Name = unsandboxed(Bits),
|
||||
|
@ -6162,17 +6162,6 @@ bool v8::V8::Initialize(const int build_config) {
|
||||
kEmbedderSmiValueSize, internal::kSmiValueSize);
|
||||
}
|
||||
|
||||
const bool kEmbedderSandboxedExternalPointers =
|
||||
(build_config & kSandboxedExternalPointers) != 0;
|
||||
if (kEmbedderSandboxedExternalPointers !=
|
||||
V8_SANDBOXED_EXTERNAL_POINTERS_BOOL) {
|
||||
FATAL(
|
||||
"Embedder-vs-V8 build configuration mismatch. On embedder side "
|
||||
"sandboxed external pointers is %s while on V8 side it's %s.",
|
||||
kEmbedderSandboxedExternalPointers ? "ENABLED" : "DISABLED",
|
||||
V8_SANDBOXED_EXTERNAL_POINTERS_BOOL ? "ENABLED" : "DISABLED");
|
||||
}
|
||||
|
||||
const bool kEmbedderSandbox = (build_config & kSandbox) != 0;
|
||||
if (kEmbedderSandbox != V8_ENABLE_SANDBOX_BOOL) {
|
||||
FATAL(
|
||||
|
@ -88,7 +88,7 @@ struct ExternalPointerHandleT : Uint32T {
|
||||
static constexpr MachineType kMachineType = MachineType::Uint32();
|
||||
};
|
||||
|
||||
#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
|
||||
#ifdef V8_ENABLE_SANDBOX
|
||||
struct ExternalPointerT : Uint32T {
|
||||
static constexpr MachineType kMachineType = MachineType::Uint32();
|
||||
};
|
||||
|
@ -124,12 +124,6 @@ namespace internal {
|
||||
#define V8_CAN_CREATE_SHARED_HEAP_BOOL false
|
||||
#endif
|
||||
|
||||
#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
|
||||
#define V8_SANDBOXED_EXTERNAL_POINTERS_BOOL true
|
||||
#else
|
||||
#define V8_SANDBOXED_EXTERNAL_POINTERS_BOOL false
|
||||
#endif
|
||||
|
||||
#ifdef V8_ENABLE_SANDBOX
|
||||
#define V8_ENABLE_SANDBOX_BOOL true
|
||||
#else
|
||||
@ -511,7 +505,7 @@ static_assert(kPointerSize == (1 << kPointerSizeLog2));
|
||||
// This type defines raw storage type for external (or off-V8 heap) pointers
|
||||
// stored on V8 heap.
|
||||
constexpr int kExternalPointerSlotSize = sizeof(ExternalPointer_t);
|
||||
#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
|
||||
#ifdef V8_ENABLE_SANDBOX
|
||||
static_assert(kExternalPointerSlotSize == kTaggedSize);
|
||||
#else
|
||||
static_assert(kExternalPointerSlotSize == kSystemPointerSize);
|
||||
|
@ -221,7 +221,7 @@ void ExternalPointerSlot::store(Isolate* isolate, Address value,
|
||||
ExternalPointerSlot::RawContent
|
||||
ExternalPointerSlot::GetAndClearContentForSerialization(
|
||||
const DisallowGarbageCollection& no_gc) {
|
||||
#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
|
||||
#ifdef V8_ENABLE_SANDBOX
|
||||
ExternalPointerHandle content = Relaxed_LoadHandle();
|
||||
Relaxed_StoreHandle(kNullExternalPointerHandle);
|
||||
#else
|
||||
@ -234,7 +234,7 @@ ExternalPointerSlot::GetAndClearContentForSerialization(
|
||||
void ExternalPointerSlot::RestoreContentAfterSerialization(
|
||||
ExternalPointerSlot::RawContent content,
|
||||
const DisallowGarbageCollection& no_gc) {
|
||||
#ifdef V8_SANDBOXED_EXTERNAL_POINTERS
|
||||
#ifdef V8_ENABLE_SANDBOX
|
||||
return Relaxed_StoreHandle(content);
|
||||
#else
|
||||
return WriteMaybeUnalignedValue<Address>(address(), content);
|
||||
|
@ -1238,7 +1238,7 @@ void Serializer::ObjectSerializer::OutputRawData(Address up_to) {
|
||||
// snapshot deterministic.
|
||||
CHECK_EQ(CodeDataContainer::kCodeCageBaseUpper32BitsOffset + kTaggedSize,
|
||||
CodeDataContainer::kCodeEntryPointOffset);
|
||||
static byte field_value[kTaggedSize + kExternalPointerSlotSize] = {0};
|
||||
static byte field_value[kTaggedSize + kSystemPointerSize] = {0};
|
||||
OutputRawWithCustomField(
|
||||
sink_, object_start, base, bytes_to_output,
|
||||
CodeDataContainer::kCodeCageBaseUpper32BitsOffset,
|
||||
|
@ -68,8 +68,6 @@ class BuildFlags : public ContextualClass<BuildFlags> {
|
||||
build_flags_["V8_ENABLE_WEBASSEMBLY"] = false;
|
||||
#endif
|
||||
build_flags_["V8_ENABLE_SANDBOX"] = V8_ENABLE_SANDBOX_BOOL;
|
||||
build_flags_["V8_SANDBOXED_EXTERNAL_POINTERS"] =
|
||||
V8_SANDBOXED_EXTERNAL_POINTERS_BOOL;
|
||||
build_flags_["DEBUG"] = DEBUG_BOOL;
|
||||
}
|
||||
static bool GetFlag(const std::string& name, const char* production) {
|
||||
|
@ -14,9 +14,9 @@ extern class WasmInstanceObject extends JSObject;
|
||||
// Represents the context of a function that is defined through the JS or C
|
||||
// APIs. Corresponds to the WasmInstanceObject passed to a Wasm function
|
||||
// reference.
|
||||
// TODO(manoskouk): If V8_SANDBOXED_EXTERNAL_POINTERS, we cannot encode the
|
||||
// isolate_root as a sandboxed pointer, because that would require having access
|
||||
// to the isolate root in the first place.
|
||||
// TODO(manoskouk): If V8_ENABLE_SANDBOX, we cannot encode the isolate_root as
|
||||
// a sandboxed pointer, because that would require having access to the isolate
|
||||
// root in the first place.
|
||||
extern class WasmApiFunctionRef extends HeapObject {
|
||||
isolate_root: RawPtr;
|
||||
native_context: NativeContext;
|
||||
|
@ -687,9 +687,8 @@ TEST(MakingExternalStringConditions) {
|
||||
CHECK(local_string->CanMakeExternal());
|
||||
|
||||
// Tiny strings are not in-place externalizable when pointer compression is
|
||||
// enabled, but they are if sandboxed external pointers are enabled.
|
||||
CHECK_EQ(V8_SANDBOXED_EXTERNAL_POINTERS_BOOL ||
|
||||
i::kTaggedSize == i::kSystemPointerSize,
|
||||
// enabled, but they are if the sandbox is enabled.
|
||||
CHECK_EQ(V8_ENABLE_SANDBOX_BOOL || i::kTaggedSize == i::kSystemPointerSize,
|
||||
tiny_local_string->CanMakeExternal());
|
||||
}
|
||||
|
||||
|
@ -2066,11 +2066,11 @@ TEST(CheckCachedDataInternalExternalUncachedString) {
|
||||
// that we indeed cached it.
|
||||
Handle<ExternalOneByteString> external_string =
|
||||
Handle<ExternalOneByteString>::cast(string);
|
||||
// If sandboxed external pointers are enabled, string objects will always be
|
||||
// cacheable because they are smaller.
|
||||
CHECK(V8_SANDBOXED_EXTERNAL_POINTERS_BOOL || external_string->is_uncached());
|
||||
// If the sandbox is enabled, string objects will always be cacheable because
|
||||
// they are smaller.
|
||||
CHECK(V8_ENABLE_SANDBOX_BOOL || external_string->is_uncached());
|
||||
CHECK(external_string->resource()->IsCacheable());
|
||||
if (!V8_SANDBOXED_EXTERNAL_POINTERS_BOOL) {
|
||||
if (!V8_ENABLE_SANDBOX_BOOL) {
|
||||
CHECK_NOT_NULL(external_string->resource()->cached_data());
|
||||
CHECK_EQ(external_string->resource()->cached_data(),
|
||||
external_string->resource()->data());
|
||||
@ -2109,11 +2109,11 @@ TEST(CheckCachedDataInternalExternalUncachedStringTwoByte) {
|
||||
// that we indeed cached it.
|
||||
Handle<ExternalTwoByteString> external_string =
|
||||
Handle<ExternalTwoByteString>::cast(string);
|
||||
// If sandboxed external pointers are enabled, string objects will always be
|
||||
// cacheable because they are smaller.
|
||||
CHECK(V8_SANDBOXED_EXTERNAL_POINTERS_BOOL || external_string->is_uncached());
|
||||
// If the sandbox is enabled, string objects will always be cacheable because
|
||||
// they are smaller.
|
||||
CHECK(V8_ENABLE_SANDBOX_BOOL || external_string->is_uncached());
|
||||
CHECK(external_string->resource()->IsCacheable());
|
||||
if (!V8_SANDBOXED_EXTERNAL_POINTERS_BOOL) {
|
||||
if (!V8_ENABLE_SANDBOX_BOOL) {
|
||||
CHECK_NOT_NULL(external_string->resource()->cached_data());
|
||||
CHECK_EQ(external_string->resource()->cached_data(),
|
||||
external_string->resource()->data());
|
||||
|
@ -515,67 +515,67 @@ KNOWN_OBJECTS = {
|
||||
("read_only_space", 0x04b49): "NativeScopeInfo",
|
||||
("read_only_space", 0x04b61): "HashSeed",
|
||||
("old_space", 0x04235): "ArgumentsIteratorAccessor",
|
||||
("old_space", 0x04255): "ArrayLengthAccessor",
|
||||
("old_space", 0x04275): "BoundFunctionLengthAccessor",
|
||||
("old_space", 0x04295): "BoundFunctionNameAccessor",
|
||||
("old_space", 0x042b5): "ErrorStackAccessor",
|
||||
("old_space", 0x042d5): "FunctionArgumentsAccessor",
|
||||
("old_space", 0x042f5): "FunctionCallerAccessor",
|
||||
("old_space", 0x04315): "FunctionNameAccessor",
|
||||
("old_space", 0x04335): "FunctionLengthAccessor",
|
||||
("old_space", 0x04355): "FunctionPrototypeAccessor",
|
||||
("old_space", 0x04375): "SharedArrayLengthAccessor",
|
||||
("old_space", 0x04395): "StringLengthAccessor",
|
||||
("old_space", 0x043b5): "ValueUnavailableAccessor",
|
||||
("old_space", 0x043d5): "WrappedFunctionLengthAccessor",
|
||||
("old_space", 0x043f5): "WrappedFunctionNameAccessor",
|
||||
("old_space", 0x04415): "InvalidPrototypeValidityCell",
|
||||
("old_space", 0x0441d): "EmptyScript",
|
||||
("old_space", 0x04461): "ManyClosuresCell",
|
||||
("old_space", 0x0446d): "ArrayConstructorProtector",
|
||||
("old_space", 0x04481): "NoElementsProtector",
|
||||
("old_space", 0x04495): "MegaDOMProtector",
|
||||
("old_space", 0x044a9): "IsConcatSpreadableProtector",
|
||||
("old_space", 0x044bd): "ArraySpeciesProtector",
|
||||
("old_space", 0x044d1): "TypedArraySpeciesProtector",
|
||||
("old_space", 0x044e5): "PromiseSpeciesProtector",
|
||||
("old_space", 0x044f9): "RegExpSpeciesProtector",
|
||||
("old_space", 0x0450d): "StringLengthProtector",
|
||||
("old_space", 0x04521): "ArrayIteratorProtector",
|
||||
("old_space", 0x04535): "ArrayBufferDetachingProtector",
|
||||
("old_space", 0x04549): "PromiseHookProtector",
|
||||
("old_space", 0x0455d): "PromiseResolveProtector",
|
||||
("old_space", 0x04571): "MapIteratorProtector",
|
||||
("old_space", 0x04585): "PromiseThenProtector",
|
||||
("old_space", 0x04599): "SetIteratorProtector",
|
||||
("old_space", 0x045ad): "StringIteratorProtector",
|
||||
("old_space", 0x045c1): "StringSplitCache",
|
||||
("old_space", 0x049c9): "RegExpMultipleCache",
|
||||
("old_space", 0x04dd1): "BuiltinsConstantsTable",
|
||||
("old_space", 0x05225): "AsyncFunctionAwaitRejectSharedFun",
|
||||
("old_space", 0x05249): "AsyncFunctionAwaitResolveSharedFun",
|
||||
("old_space", 0x0526d): "AsyncGeneratorAwaitRejectSharedFun",
|
||||
("old_space", 0x05291): "AsyncGeneratorAwaitResolveSharedFun",
|
||||
("old_space", 0x052b5): "AsyncGeneratorYieldResolveSharedFun",
|
||||
("old_space", 0x052d9): "AsyncGeneratorReturnResolveSharedFun",
|
||||
("old_space", 0x052fd): "AsyncGeneratorReturnClosedRejectSharedFun",
|
||||
("old_space", 0x05321): "AsyncGeneratorReturnClosedResolveSharedFun",
|
||||
("old_space", 0x05345): "AsyncIteratorValueUnwrapSharedFun",
|
||||
("old_space", 0x05369): "PromiseAllResolveElementSharedFun",
|
||||
("old_space", 0x0538d): "PromiseAllSettledResolveElementSharedFun",
|
||||
("old_space", 0x053b1): "PromiseAllSettledRejectElementSharedFun",
|
||||
("old_space", 0x053d5): "PromiseAnyRejectElementSharedFun",
|
||||
("old_space", 0x053f9): "PromiseCapabilityDefaultRejectSharedFun",
|
||||
("old_space", 0x0541d): "PromiseCapabilityDefaultResolveSharedFun",
|
||||
("old_space", 0x05441): "PromiseCatchFinallySharedFun",
|
||||
("old_space", 0x05465): "PromiseGetCapabilitiesExecutorSharedFun",
|
||||
("old_space", 0x05489): "PromiseThenFinallySharedFun",
|
||||
("old_space", 0x054ad): "PromiseThrowerFinallySharedFun",
|
||||
("old_space", 0x054d1): "PromiseValueThunkFinallySharedFun",
|
||||
("old_space", 0x054f5): "ProxyRevokeSharedFun",
|
||||
("old_space", 0x05519): "ShadowRealmImportValueFulfilledSFI",
|
||||
("old_space", 0x0553d): "SourceTextModuleExecuteAsyncModuleFulfilledSFI",
|
||||
("old_space", 0x05561): "SourceTextModuleExecuteAsyncModuleRejectedSFI",
|
||||
("old_space", 0x0424d): "ArrayLengthAccessor",
|
||||
("old_space", 0x04265): "BoundFunctionLengthAccessor",
|
||||
("old_space", 0x0427d): "BoundFunctionNameAccessor",
|
||||
("old_space", 0x04295): "ErrorStackAccessor",
|
||||
("old_space", 0x042ad): "FunctionArgumentsAccessor",
|
||||
("old_space", 0x042c5): "FunctionCallerAccessor",
|
||||
("old_space", 0x042dd): "FunctionNameAccessor",
|
||||
("old_space", 0x042f5): "FunctionLengthAccessor",
|
||||
("old_space", 0x0430d): "FunctionPrototypeAccessor",
|
||||
("old_space", 0x04325): "SharedArrayLengthAccessor",
|
||||
("old_space", 0x0433d): "StringLengthAccessor",
|
||||
("old_space", 0x04355): "ValueUnavailableAccessor",
|
||||
("old_space", 0x0436d): "WrappedFunctionLengthAccessor",
|
||||
("old_space", 0x04385): "WrappedFunctionNameAccessor",
|
||||
("old_space", 0x0439d): "InvalidPrototypeValidityCell",
|
||||
("old_space", 0x043a5): "EmptyScript",
|
||||
("old_space", 0x043e9): "ManyClosuresCell",
|
||||
("old_space", 0x043f5): "ArrayConstructorProtector",
|
||||
("old_space", 0x04409): "NoElementsProtector",
|
||||
("old_space", 0x0441d): "MegaDOMProtector",
|
||||
("old_space", 0x04431): "IsConcatSpreadableProtector",
|
||||
("old_space", 0x04445): "ArraySpeciesProtector",
|
||||
("old_space", 0x04459): "TypedArraySpeciesProtector",
|
||||
("old_space", 0x0446d): "PromiseSpeciesProtector",
|
||||
("old_space", 0x04481): "RegExpSpeciesProtector",
|
||||
("old_space", 0x04495): "StringLengthProtector",
|
||||
("old_space", 0x044a9): "ArrayIteratorProtector",
|
||||
("old_space", 0x044bd): "ArrayBufferDetachingProtector",
|
||||
("old_space", 0x044d1): "PromiseHookProtector",
|
||||
("old_space", 0x044e5): "PromiseResolveProtector",
|
||||
("old_space", 0x044f9): "MapIteratorProtector",
|
||||
("old_space", 0x0450d): "PromiseThenProtector",
|
||||
("old_space", 0x04521): "SetIteratorProtector",
|
||||
("old_space", 0x04535): "StringIteratorProtector",
|
||||
("old_space", 0x04549): "StringSplitCache",
|
||||
("old_space", 0x04951): "RegExpMultipleCache",
|
||||
("old_space", 0x04d59): "BuiltinsConstantsTable",
|
||||
("old_space", 0x051ad): "AsyncFunctionAwaitRejectSharedFun",
|
||||
("old_space", 0x051d1): "AsyncFunctionAwaitResolveSharedFun",
|
||||
("old_space", 0x051f5): "AsyncGeneratorAwaitRejectSharedFun",
|
||||
("old_space", 0x05219): "AsyncGeneratorAwaitResolveSharedFun",
|
||||
("old_space", 0x0523d): "AsyncGeneratorYieldResolveSharedFun",
|
||||
("old_space", 0x05261): "AsyncGeneratorReturnResolveSharedFun",
|
||||
("old_space", 0x05285): "AsyncGeneratorReturnClosedRejectSharedFun",
|
||||
("old_space", 0x052a9): "AsyncGeneratorReturnClosedResolveSharedFun",
|
||||
("old_space", 0x052cd): "AsyncIteratorValueUnwrapSharedFun",
|
||||
("old_space", 0x052f1): "PromiseAllResolveElementSharedFun",
|
||||
("old_space", 0x05315): "PromiseAllSettledResolveElementSharedFun",
|
||||
("old_space", 0x05339): "PromiseAllSettledRejectElementSharedFun",
|
||||
("old_space", 0x0535d): "PromiseAnyRejectElementSharedFun",
|
||||
("old_space", 0x05381): "PromiseCapabilityDefaultRejectSharedFun",
|
||||
("old_space", 0x053a5): "PromiseCapabilityDefaultResolveSharedFun",
|
||||
("old_space", 0x053c9): "PromiseCatchFinallySharedFun",
|
||||
("old_space", 0x053ed): "PromiseGetCapabilitiesExecutorSharedFun",
|
||||
("old_space", 0x05411): "PromiseThenFinallySharedFun",
|
||||
("old_space", 0x05435): "PromiseThrowerFinallySharedFun",
|
||||
("old_space", 0x05459): "PromiseValueThunkFinallySharedFun",
|
||||
("old_space", 0x0547d): "ProxyRevokeSharedFun",
|
||||
("old_space", 0x054a1): "ShadowRealmImportValueFulfilledSFI",
|
||||
("old_space", 0x054c5): "SourceTextModuleExecuteAsyncModuleFulfilledSFI",
|
||||
("old_space", 0x054e9): "SourceTextModuleExecuteAsyncModuleRejectedSFI",
|
||||
}
|
||||
|
||||
# Lower 32 bits of first page addresses for various heap spaces.
|
||||
|
Loading…
Reference in New Issue
Block a user