AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[protectors] Migrate another batch of protectors

Browse Source 
Bug: v8:9463
Change-Id: Ie0e04e102b56ffdfb636e94ef293bb0d46e5f4a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1808485
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63933}
This commit is contained in:
Joshua Litt 2019-09-18 05:40:05 -07:00 committed by Commit Bot
parent 33ff3b05a3
commit 2c17e49a7f
14 changed files with 169 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/builtins/builtins-array.cc
View File

@ -1189,7 +1189,8 @@ bool IterateElements(Isolate* isolate, Handle<JSReceiver> receiver,
static Maybe<bool> IsConcatSpreadable(Isolate* isolate, Handle<Object> obj) {
HandleScope handle_scope(isolate);
if (!obj->IsJSReceiver()) return Just(false);
if (!isolate->IsIsConcatSpreadableLookupChainIntact(JSReceiver::cast(*obj))) {
if (!Protectors::IsIsConcatSpreadableLookupChainIntact(isolate) ||
JSReceiver::cast(*obj).HasProxyInPrototype(isolate)) {
// Slow path if @@isConcatSpreadable has been used.
Handle<Symbol> key(isolate->factory()->is_concat_spreadable_symbol());
Handle<Object> value;
@ -1258,7 +1259,7 @@ Object Slow_ArrayConcat(BuiltinArguments* args, Handle<Object> species,
// dictionary.
bool fast_case = is_array_species &&
(estimate_nof * 2) >= estimate_result_length &&
isolate->IsIsConcatSpreadableLookupChainIntact();
Protectors::IsIsConcatSpreadableLookupChainIntact(isolate);
if (fast_case && kind == PACKED_DOUBLE_ELEMENTS) {
Handle<FixedArrayBase> storage =
@ -1406,7 +1407,7 @@ bool IsSimpleArray(Isolate* isolate, Handle<JSArray> obj) {
MaybeHandle<JSArray> Fast_ArrayConcat(Isolate* isolate,
BuiltinArguments* args) {
if (!isolate->IsIsConcatSpreadableLookupChainIntact()) {
if (!Protectors::IsIsConcatSpreadableLookupChainIntact(isolate)) {
return MaybeHandle<JSArray>();
}
// We shouldn't overflow when adding another len.

4
src/codegen/code-stub-assembler.cc
View File

@ -6193,8 +6193,8 @@ TNode<BoolT> CodeStubAssembler::IsArrayIteratorProtectorCellInvalid() {
TNode<BoolT> CodeStubAssembler::IsPromiseResolveProtectorCellInvalid() {
TNode<Smi> invalid = SmiConstant(Isolate::kProtectorInvalid);
TNode<Cell> cell = PromiseResolveProtectorConstant();
TNode<Object> cell_value = LoadObjectField(cell, Cell::kValueOffset);
TNode<PropertyCell> cell = PromiseResolveProtectorConstant();
TNode<Object> cell_value = LoadObjectField(cell, PropertyCell::kValueOffset);
return TaggedEqual(cell_value, invalid);
}

4
src/compiler/js-heap-broker.cc
View File

@ -2544,7 +2544,9 @@ void JSHeapBroker::InitializeAndStartSerializing(
GetOrCreateData(f->promise_then_protector())
->AsPropertyCell()
->Serialize(this);
GetOrCreateData(f->string_length_protector())->AsCell()->Serialize(this);
GetOrCreateData(f->string_length_protector())
->AsPropertyCell()
->Serialize(this);
// - CEntry stub
GetOrCreateData(
CodeFactory::CEntry(isolate(), 1, kDontSaveFPRegs, kArgvOnStack, true));

4
src/compiler/js-typed-lowering.cc
View File

@ -567,8 +567,8 @@ Reduction JSTypedLowering::ReduceJSAdd(Node* node) {
Node* length =
graph()->NewNode(simplified()->NumberAdd(), left_length, right_length);
CellRef string_length_protector(broker(),
factory()->string_length_protector());
PropertyCellRef string_length_protector(
broker(), factory()->string_length_protector());
if (string_length_protector.value().AsSmi() == Isolate::kProtectorValid) {
// We can just deoptimize if the {length} is out-of-bounds. Besides
// generating a shorter code sequence than the version below, this

11
src/execution/isolate-inl.h
View File

@ -113,17 +113,6 @@ Isolate::ExceptionScope::~ExceptionScope() {
NATIVE_CONTEXT_FIELDS(NATIVE_CONTEXT_FIELD_ACCESSOR)
#undef NATIVE_CONTEXT_FIELD_ACCESSOR
bool Isolate::IsStringLengthOverflowIntact() {
Cell string_length_cell = Cell::cast(root(RootIndex::kStringLengthProtector));
return string_length_cell.value() == Smi::FromInt(kProtectorValid);
}
bool Isolate::IsArrayBufferDetachingIntact() {
PropertyCell buffer_detaching =
PropertyCell::cast(root(RootIndex::kArrayBufferDetachingProtector));
return buffer_detaching.value() == Smi::FromInt(kProtectorValid);
}
} // namespace internal
} // namespace v8

82
src/execution/isolate.cc
View File

@ -3881,38 +3881,6 @@ bool Isolate::IsNoElementsProtectorIntact() {
return Isolate::IsNoElementsProtectorIntact(context());
}
bool Isolate::IsIsConcatSpreadableLookupChainIntact() {
Cell is_concat_spreadable_cell = heap()->is_concat_spreadable_protector();
bool is_is_concat_spreadable_set =
Smi::ToInt(is_concat_spreadable_cell.value()) == kProtectorInvalid;
#ifdef DEBUG
Map root_array_map =
raw_native_context().GetInitialJSArrayMap(GetInitialFastElementsKind());
if (root_array_map.is_null()) {
// Ignore the value of is_concat_spreadable during bootstrap.
return !is_is_concat_spreadable_set;
}
Handle<Object> array_prototype(array_function()->prototype(), this);
Handle<Symbol> key = factory()->is_concat_spreadable_symbol();
Handle<Object> value;
LookupIterator it(this, array_prototype, key);
if (it.IsFound() && !JSReceiver::GetDataProperty(&it)->IsUndefined(this)) {
// TODO(cbruni): Currently we do not revert if we unset the
// @@isConcatSpreadable property on Array.prototype or Object.prototype
// hence the reverse implication doesn't hold.
DCHECK(is_is_concat_spreadable_set);
return false;
}
#endif // DEBUG
return !is_is_concat_spreadable_set;
}
bool Isolate::IsIsConcatSpreadableLookupChainIntact(JSReceiver receiver) {
if (!IsIsConcatSpreadableLookupChainIntact()) return false;
return !receiver.HasProxyInPrototype(this);
}
bool Isolate::IsPromiseHookProtectorIntact() {
PropertyCell promise_hook_cell = heap()->promise_hook_protector();
bool is_promise_hook_protector_intact =
@ -3924,13 +3892,6 @@ bool Isolate::IsPromiseHookProtectorIntact() {
return is_promise_hook_protector_intact;
}
bool Isolate::IsPromiseResolveLookupChainIntact() {
Cell promise_resolve_cell = heap()->promise_resolve_protector();
bool is_promise_resolve_protector_intact =
Smi::ToInt(promise_resolve_cell.value()) == kProtectorValid;
return is_promise_resolve_protector_intact;
}
void Isolate::UpdateNoElementsProtectorOnSetElement(Handle<JSObject> object) {
DisallowHeapAllocation no_gc;
if (!object->map().is_prototype_map()) return;
@ -3956,38 +3917,6 @@ void Isolate::TraceProtectorInvalidation(const char* protector_name) {
protector_name);
}
void Isolate::InvalidateIsConcatSpreadableProtector() {
DCHECK(factory()->is_concat_spreadable_protector()->value().IsSmi());
DCHECK(IsIsConcatSpreadableLookupChainIntact());
if (FLAG_trace_protector_invalidation) {
TraceProtectorInvalidation("is_concat_spreadable_protector");
}
factory()->is_concat_spreadable_protector()->set_value(
Smi::FromInt(kProtectorInvalid));
DCHECK(!IsIsConcatSpreadableLookupChainIntact());
}
void Isolate::InvalidateStringLengthOverflowProtector() {
DCHECK(factory()->string_length_protector()->value().IsSmi());
DCHECK(IsStringLengthOverflowIntact());
if (FLAG_trace_protector_invalidation) {
TraceProtectorInvalidation("string_length_protector");
}
factory()->string_length_protector()->set_value(
Smi::FromInt(kProtectorInvalid));
DCHECK(!IsStringLengthOverflowIntact());
}
void Isolate::InvalidateArrayBufferDetachingProtector() {
DCHECK(factory()->array_buffer_detaching_protector()->value().IsSmi());
DCHECK(IsArrayBufferDetachingIntact());
PropertyCell::SetValueWithInvalidation(
this, "array_buffer_detaching_protector",
factory()->array_buffer_detaching_protector(),
handle(Smi::FromInt(kProtectorInvalid), this));
DCHECK(!IsArrayBufferDetachingIntact());
}
void Isolate::InvalidatePromiseHookProtector() {
DCHECK(factory()->promise_hook_protector()->value().IsSmi());
DCHECK(IsPromiseHookProtectorIntact());
@ -3997,17 +3926,6 @@ void Isolate::InvalidatePromiseHookProtector() {
DCHECK(!IsPromiseHookProtectorIntact());
}
void Isolate::InvalidatePromiseResolveProtector() {
DCHECK(factory()->promise_resolve_protector()->value().IsSmi());
DCHECK(IsPromiseResolveLookupChainIntact());
if (FLAG_trace_protector_invalidation) {
TraceProtectorInvalidation("promise_resolve_protector");
}
factory()->promise_resolve_protector()->set_value(
Smi::FromInt(kProtectorInvalid));
DCHECK(!IsPromiseResolveLookupChainIntact());
}
bool Isolate::IsAnyInitialArrayPrototype(Handle<JSArray> array) {
DisallowHeapAllocation no_gc;
return IsInAnyContext(*array, Context::INITIAL_ARRAY_PROTOTYPE_INDEX);

15
src/execution/isolate.h
View File

@ -1174,21 +1174,10 @@ class Isolate final : private HiddenFactory {
bool IsArrayOrObjectOrStringPrototype(Object object);
bool IsIsConcatSpreadableLookupChainIntact();
bool IsIsConcatSpreadableLookupChainIntact(JSReceiver receiver);
inline bool IsStringLengthOverflowIntact();
// Make sure we do check for detached array buffers.
inline bool IsArrayBufferDetachingIntact();
// Disable promise optimizations if promise (debug) hooks have ever been
// active, because those can observe promises.
bool IsPromiseHookProtectorIntact();
// Make sure a lookup of "resolve" on the %Promise% intrinsic object
// yeidls the initial Promise.resolve method.
bool IsPromiseResolveLookupChainIntact();
// On intent to set an element in object, make sure that appropriate
// notifications occur if the set is on the elements of the array or
// object prototype. Also ensure that changes to prototype chain between
@ -1207,11 +1196,7 @@ class Isolate final : private HiddenFactory {
// The `protector_name` C string must be statically allocated.
void TraceProtectorInvalidation(const char* protector_name);
void InvalidateIsConcatSpreadableProtector();
void InvalidateStringLengthOverflowProtector();
void InvalidateArrayBufferDetachingProtector();
V8_EXPORT_PRIVATE void InvalidatePromiseHookProtector();
void InvalidatePromiseResolveProtector();
// Returns true if array is the initial array prototype in any native context.
bool IsAnyInitialArrayPrototype(Handle<JSArray> array);

10
src/execution/protectors.h
View File

@ -19,10 +19,14 @@ class Protectors : public AllStatic {
V(RegExpSpeciesLookupChainProtector, regexp_species_protector)
#define DECLARED_PROTECTORS_ON_ISOLATE(V) \
V(ArraySpeciesLookupChain, ArraySpeciesProtector, array_species_protector) \
V(ArrayBufferDetaching, ArrayBufferDetachingProtector, \
array_buffer_detaching_protector) \
V(ArrayConstructor, ArrayConstructorProtector, array_constructor_protector) \
V(ArrayIteratorLookupChain, ArrayIteratorProtector, \
array_iterator_protector) \
V(ArraySpeciesLookupChain, ArraySpeciesProtector, array_species_protector) \
V(IsConcatSpreadableLookupChain, IsConcatSpreadableProtector, \
is_concat_spreadable_protector) \
\
/* The MapIterator protector protects the original iteration behaviors */ \
/* of Map.prototype.keys(), Map.prototype.values(), and */ \
@ -37,6 +41,8 @@ class Protectors : public AllStatic {
/* invalidates the SetIterator protector (see below). */ \
V(MapIteratorLookupChain, MapIteratorProtector, map_iterator_protector) \
V(PromiseThenLookupChain, PromiseThenProtector, promise_then_protector) \
V(PromiseResolveLookupChain, PromiseResolveProtector, \
promise_resolve_protector) \
V(PromiseSpeciesLookupChain, PromiseSpeciesProtector, \
promise_species_protector) \
\
@ -69,6 +75,8 @@ class Protectors : public AllStatic {
/* non-configurable and non-writable. */ \
V(StringIteratorLookupChain, StringIteratorProtector, \
string_iterator_protector) \
V(StringLengthOverflowLookupChain, StringLengthProtector, \
string_length_protector) \
V(TypedArraySpeciesLookupChain, TypedArraySpeciesProtector, \
typed_array_species_protector)

5
src/heap/factory.cc
View File

@ -11,6 +11,7 @@
#include "src/builtins/constants-table-builder.h"
#include "src/codegen/compiler.h"
#include "src/execution/isolate-inl.h"
#include "src/execution/protectors-inl.h"
#include "src/heap/heap-inl.h"
#include "src/heap/incremental-marking.h"
#include "src/heap/mark-compact-inl.h"
@ -2290,8 +2291,8 @@ Handle<Object> Factory::NewInvalidStringLengthError() {
FATAL("Aborting on invalid string length");
}
// Invalidate the "string length" protector.
if (isolate()->IsStringLengthOverflowIntact()) {
isolate()->InvalidateStringLengthOverflowProtector();
if (Protectors::IsStringLengthOverflowLookupChainIntact(isolate())) {
Protectors::InvalidateStringLengthOverflowLookupChain(isolate());
}
return NewRangeError(MessageTemplate::kInvalidStringLength);
}

139
src/heap/setup-heap-internal.cc
View File

@ -839,6 +839,14 @@ void Heap::CreateInitialObjects() {
script->set_origin_options(ScriptOriginOptions(true, false));
set_empty_script(*script);
{
Handle<PropertyCell> cell = factory->NewPropertyCell(
factory->empty_string(), AllocationType::kReadOnly);
cell->set_value(roots.the_hole_value());
set_empty_property_cell(*cell);
}
// Protectors
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
@ -846,66 +854,103 @@ void Heap::CreateInitialObjects() {
set_array_constructor_protector(*cell);
}
Handle<PropertyCell> cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_no_elements_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_no_elements_protector(*cell);
}
cell = factory->NewPropertyCell(factory->empty_string(),
AllocationType::kReadOnly);
cell->set_value(roots.the_hole_value());
set_empty_property_cell(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_array_iterator_protector(*cell);
}
cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_array_iterator_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_map_iterator_protector(*cell);
}
cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_map_iterator_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_set_iterator_protector(*cell);
}
cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_set_iterator_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_is_concat_spreadable_protector(*cell);
}
Handle<Cell> is_concat_spreadable_cell = factory->NewCell(
handle(Smi::FromInt(Isolate::kProtectorValid), isolate()));
set_is_concat_spreadable_protector(*is_concat_spreadable_cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_array_species_protector(*cell);
}
cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_array_species_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_typed_array_species_protector(*cell);
}
cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_typed_array_species_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_promise_species_protector(*cell);
}
cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_promise_species_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_string_iterator_protector(*cell);
}
cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_string_iterator_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_string_length_protector(*cell);
}
Handle<Cell> string_length_overflow_cell = factory->NewCell(
handle(Smi::FromInt(Isolate::kProtectorValid), isolate()));
set_string_length_protector(*string_length_overflow_cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_array_buffer_detaching_protector(*cell);
}
cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_array_buffer_detaching_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_promise_hook_protector(*cell);
}
cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_promise_hook_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_promise_resolve_protector(*cell);
}
Handle<Cell> promise_resolve_cell = factory->NewCell(
handle(Smi::FromInt(Isolate::kProtectorValid), isolate()));
set_promise_resolve_protector(*promise_resolve_cell);
cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_promise_then_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_promise_then_protector(*cell);
}
set_serialized_objects(roots.empty_fixed_array());
set_serialized_global_proxy_sizes(roots.empty_fixed_array());

5
src/objects/js-array-buffer.cc
View File

@ -5,6 +5,7 @@
#include "src/objects/js-array-buffer.h"
#include "src/objects/js-array-buffer-inl.h"
#include "src/execution/protectors-inl.h"
#include "src/logging/counters.h"
#include "src/objects/property-descriptor.h"
@ -58,8 +59,8 @@ void JSArrayBuffer::Detach(bool force_for_wasm_memory) {
CHECK_IMPLIES(force_for_wasm_memory, backing_store->is_wasm_memory());
}
if (isolate->IsArrayBufferDetachingIntact()) {
isolate->InvalidateArrayBufferDetachingProtector();
if (Protectors::IsArrayBufferDetachingIntact(isolate)) {
Protectors::InvalidateArrayBufferDetaching(isolate);
}
DCHECK(!is_shared());

8
src/objects/lookup.cc
View File

@ -375,8 +375,8 @@ void LookupIterator::InternalUpdateProtector() {
Protectors::InvalidateTypedArraySpeciesLookupChain(isolate_);
}
} else if (*name_ == roots.is_concat_spreadable_symbol()) {
if (!isolate_->IsIsConcatSpreadableLookupChainIntact()) return;
isolate_->InvalidateIsConcatSpreadableProtector();
if (!Protectors::IsIsConcatSpreadableLookupChainIntact(isolate_)) return;
Protectors::InvalidateIsConcatSpreadableLookupChain(isolate_);
} else if (*name_ == roots.iterator_symbol()) {
if (receiver->IsJSArray(isolate_)) {
if (!Protectors::IsArrayIteratorLookupChainIntact(isolate_)) return;
@ -413,11 +413,11 @@ void LookupIterator::InternalUpdateProtector() {
Protectors::InvalidateStringIteratorLookupChain(isolate_);
}
} else if (*name_ == roots.resolve_string()) {
if (!isolate_->IsPromiseResolveLookupChainIntact()) return;
if (!Protectors::IsPromiseResolveLookupChainIntact(isolate_)) return;
// Setting the "resolve" property on any %Promise% intrinsic object
// invalidates the Promise.resolve protector.
if (isolate_->IsInAnyContext(*receiver, Context::PROMISE_FUNCTION_INDEX)) {
isolate_->InvalidatePromiseResolveProtector();
Protectors::InvalidatePromiseResolveLookupChain(isolate_);
}
} else if (*name_ == roots.then_string()) {
if (!Protectors::IsPromiseThenLookupChainIntact(isolate_)) return;

62
src/roots/roots.h
View File

@ -206,37 +206,37 @@ class Symbol;
// Mutable roots that are known to be immortal immovable, for which we can
// safely skip write barriers.
#define STRONG_MUTABLE_IMMOVABLE_ROOT_LIST(V) \
ACCESSOR_INFO_ROOT_LIST(V) \
/* Maps */ \
V(Map, external_map, ExternalMap) \
V(Map, message_object_map, JSMessageObjectMap) \
/* Canonical empty values */ \
V(Script, empty_script, EmptyScript) \
V(FeedbackCell, many_closures_cell, ManyClosuresCell) \
V(Cell, invalid_prototype_validity_cell, InvalidPrototypeValidityCell) \
/* Protectors */ \
V(PropertyCell, array_constructor_protector, ArrayConstructorProtector) \
V(PropertyCell, no_elements_protector, NoElementsProtector) \
V(Cell, is_concat_spreadable_protector, IsConcatSpreadableProtector) \
V(PropertyCell, array_species_protector, ArraySpeciesProtector) \
V(PropertyCell, typed_array_species_protector, TypedArraySpeciesProtector) \
V(PropertyCell, promise_species_protector, PromiseSpeciesProtector) \
V(Cell, string_length_protector, StringLengthProtector) \
V(PropertyCell, array_iterator_protector, ArrayIteratorProtector) \
V(PropertyCell, array_buffer_detaching_protector, \
ArrayBufferDetachingProtector) \
V(PropertyCell, promise_hook_protector, PromiseHookProtector) \
V(Cell, promise_resolve_protector, PromiseResolveProtector) \
V(PropertyCell, map_iterator_protector, MapIteratorProtector) \
V(PropertyCell, promise_then_protector, PromiseThenProtector) \
V(PropertyCell, set_iterator_protector, SetIteratorProtector) \
V(PropertyCell, string_iterator_protector, StringIteratorProtector) \
/* Caches */ \
V(FixedArray, single_character_string_cache, SingleCharacterStringCache) \
V(FixedArray, string_split_cache, StringSplitCache) \
V(FixedArray, regexp_multiple_cache, RegExpMultipleCache) \
/* Indirection lists for isolate-independent builtins */ \
#define STRONG_MUTABLE_IMMOVABLE_ROOT_LIST(V) \
ACCESSOR_INFO_ROOT_LIST(V) \
/* Maps */ \
V(Map, external_map, ExternalMap) \
V(Map, message_object_map, JSMessageObjectMap) \
/* Canonical empty values */ \
V(Script, empty_script, EmptyScript) \
V(FeedbackCell, many_closures_cell, ManyClosuresCell) \
V(Cell, invalid_prototype_validity_cell, InvalidPrototypeValidityCell) \
/* Protectors */ \
V(PropertyCell, array_constructor_protector, ArrayConstructorProtector) \
V(PropertyCell, no_elements_protector, NoElementsProtector) \
V(PropertyCell, is_concat_spreadable_protector, IsConcatSpreadableProtector) \
V(PropertyCell, array_species_protector, ArraySpeciesProtector) \
V(PropertyCell, typed_array_species_protector, TypedArraySpeciesProtector) \
V(PropertyCell, promise_species_protector, PromiseSpeciesProtector) \
V(PropertyCell, string_length_protector, StringLengthProtector) \
V(PropertyCell, array_iterator_protector, ArrayIteratorProtector) \
V(PropertyCell, array_buffer_detaching_protector, \
ArrayBufferDetachingProtector) \
V(PropertyCell, promise_hook_protector, PromiseHookProtector) \
V(PropertyCell, promise_resolve_protector, PromiseResolveProtector) \
V(PropertyCell, map_iterator_protector, MapIteratorProtector) \
V(PropertyCell, promise_then_protector, PromiseThenProtector) \
V(PropertyCell, set_iterator_protector, SetIteratorProtector) \
V(PropertyCell, string_iterator_protector, StringIteratorProtector) \
/* Caches */ \
V(FixedArray, single_character_string_cache, SingleCharacterStringCache) \
V(FixedArray, string_split_cache, StringSplitCache) \
V(FixedArray, regexp_multiple_cache, RegExpMultipleCache) \
/* Indirection lists for isolate-independent builtins */ \
V(FixedArray, builtins_constants_table, BuiltinsConstantsTable)
// These root references can be updated by the mutator.

32
tools/v8heapconst.py
View File

@ -406,22 +406,22 @@ KNOWN_OBJECTS = {
("old_space", 0x00709): "ArrayConstructorProtector",
("old_space", 0x00731): "NoElementsProtector",
("old_space", 0x00759): "IsConcatSpreadableProtector",
("old_space", 0x00769): "ArraySpeciesProtector",
("old_space", 0x00791): "TypedArraySpeciesProtector",
("old_space", 0x007b9): "PromiseSpeciesProtector",
("old_space", 0x007e1): "StringLengthProtector",
("old_space", 0x007f1): "ArrayIteratorProtector",
("old_space", 0x00819): "ArrayBufferDetachingProtector",
("old_space", 0x00841): "PromiseHookProtector",
("old_space", 0x00869): "PromiseResolveProtector",
("old_space", 0x00879): "MapIteratorProtector",
("old_space", 0x008a1): "PromiseThenProtector",
("old_space", 0x008c9): "SetIteratorProtector",
("old_space", 0x008f1): "StringIteratorProtector",
("old_space", 0x00919): "SingleCharacterStringCache",
("old_space", 0x01129): "StringSplitCache",
("old_space", 0x01939): "RegExpMultipleCache",
("old_space", 0x02149): "BuiltinsConstantsTable",
("old_space", 0x00781): "ArraySpeciesProtector",
("old_space", 0x007a9): "TypedArraySpeciesProtector",
("old_space", 0x007d1): "PromiseSpeciesProtector",
("old_space", 0x007f9): "StringLengthProtector",
("old_space", 0x00821): "ArrayIteratorProtector",
("old_space", 0x00849): "ArrayBufferDetachingProtector",
("old_space", 0x00871): "PromiseHookProtector",
("old_space", 0x00899): "PromiseResolveProtector",
("old_space", 0x008c1): "MapIteratorProtector",
("old_space", 0x008e9): "PromiseThenProtector",
("old_space", 0x00911): "SetIteratorProtector",
("old_space", 0x00939): "StringIteratorProtector",
("old_space", 0x00961): "SingleCharacterStringCache",
("old_space", 0x01171): "StringSplitCache",
("old_space", 0x01981): "RegExpMultipleCache",
("old_space", 0x02191): "BuiltinsConstantsTable",
}
# List of known V8 Frame Markers.