From b41df346dbf0e7b4df3058f156c31de4810b1b03 Mon Sep 17 00:00:00 2001 From: Shu-yu Guo Date: Mon, 19 Dec 2022 11:20:42 -0800 Subject: [PATCH] [ShadowRealm] Make CallSite#getFunction/getThis throw ShadowRealms have a callable boundary: there cannot be any edges between objects in the ShadowRealm and those from other realms. V8's prepareCallStack API breaks this invariant via getFunction() and getThis(). This CL makes those functions throw when called inside ShadowRealms. See also https://docs.google.com/document/d/1aXEy4YCC9CduxLs7MGw-UOm0P4OuG7W-cScBnLG3ALI/edit?usp=sharing Bug: v8:11989 Change-Id: I5a2b8fa735c0f10583c8cede4062645986b2d914 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4108810 Reviewed-by: Camillo Bruni Commit-Queue: Shu-yu Guo Reviewed-by: Adam Klein Cr-Commit-Position: refs/heads/main@{#84944} --- src/ast/scopes.cc | 2 + src/builtins/builtins-callsite.cc | 22 ++- src/common/globals.h | 19 ++- src/common/message-template.h | 2 + src/d8/d8.cc | 4 + src/debug/debug-scopes.cc | 4 + src/execution/isolate.cc | 2 + src/heap/setup-heap-internal.cc | 4 + src/objects/scope-info.cc | 16 +- src/objects/scope-info.h | 3 +- src/objects/scope-info.tq | 4 +- src/roots/roots.h | 1 + .../harmony/shadowrealm-callsite-throw.js | 49 ++++++ .../PrivateAccessorAccess.golden | 8 +- .../PrivateMethodAccess.golden | 4 +- .../StaticPrivateMethodAccess.golden | 30 ++-- tools/v8heapconst.py | 161 +++++++++--------- 17 files changed, 220 insertions(+), 115 deletions(-) create mode 100644 test/mjsunit/harmony/shadowrealm-callsite-throw.js diff --git a/src/ast/scopes.cc b/src/ast/scopes.cc index 404822d1ab..ad7014adb5 100644 --- a/src/ast/scopes.cc +++ b/src/ast/scopes.cc @@ -1797,6 +1797,8 @@ const char* Header(ScopeType scope_type, FunctionKind function_kind, case CLASS_SCOPE: return "class"; case WITH_SCOPE: return "with"; + case SHADOW_REALM_SCOPE: + return "shadowrealm"; } UNREACHABLE(); } diff --git a/src/builtins/builtins-callsite.cc b/src/builtins/builtins-callsite.cc index 4cbeaa6c3d..6afe84dfd5 100644 --- a/src/builtins/builtins-callsite.cc +++ b/src/builtins/builtins-callsite.cc @@ -66,8 +66,17 @@ BUILTIN(CallSitePrototypeGetFileName) { } BUILTIN(CallSitePrototypeGetFunction) { + static const char method_name[] = "getFunction"; HandleScope scope(isolate); - CHECK_CALLSITE(frame, "getFunction"); + CHECK_CALLSITE(frame, method_name); + if (isolate->raw_native_context().scope_info().scope_type() == + SHADOW_REALM_SCOPE) { + THROW_NEW_ERROR_RETURN_FAILURE( + isolate, + NewTypeError( + MessageTemplate::kCallSiteMethodUnsupportedInShadowRealm, + isolate->factory()->NewStringFromAsciiChecked(method_name))); + } if (frame->IsStrict() || (frame->function().IsJSFunction() && JSFunction::cast(frame->function()).shared().is_toplevel())) { @@ -124,8 +133,17 @@ BUILTIN(CallSitePrototypeGetScriptNameOrSourceURL) { } BUILTIN(CallSitePrototypeGetThis) { + static const char method_name[] = "getThis"; HandleScope scope(isolate); - CHECK_CALLSITE(frame, "getThis"); + CHECK_CALLSITE(frame, method_name); + if (isolate->raw_native_context().scope_info().scope_type() == + SHADOW_REALM_SCOPE) { + THROW_NEW_ERROR_RETURN_FAILURE( + isolate, + NewTypeError( + MessageTemplate::kCallSiteMethodUnsupportedInShadowRealm, + isolate->factory()->NewStringFromAsciiChecked(method_name))); + } if (frame->IsStrict()) return ReadOnlyRoots(isolate).undefined_value(); isolate->CountUsage(v8::Isolate::kCallSiteAPIGetThisSloppyCall); #if V8_ENABLE_WEBASSEMBLY diff --git a/src/common/globals.h b/src/common/globals.h index 771f809525..1be647e09f 100644 --- a/src/common/globals.h +++ b/src/common/globals.h @@ -1414,14 +1414,15 @@ inline std::ostream& operator<<(std::ostream& os, CreateArgumentsType type) { constexpr int kScopeInfoMaxInlinedLocalNamesSize = 75; enum ScopeType : uint8_t { - CLASS_SCOPE, // The scope introduced by a class. - EVAL_SCOPE, // The top-level scope for an eval source. - FUNCTION_SCOPE, // The top-level scope for a function. - MODULE_SCOPE, // The scope introduced by a module literal - SCRIPT_SCOPE, // The top-level scope for a script or a top-level eval. - CATCH_SCOPE, // The scope introduced by catch. - BLOCK_SCOPE, // The scope introduced by a new block. - WITH_SCOPE // The scope introduced by with. + CLASS_SCOPE, // The scope introduced by a class. + EVAL_SCOPE, // The top-level scope for an eval source. + FUNCTION_SCOPE, // The top-level scope for a function. + MODULE_SCOPE, // The scope introduced by a module literal + SCRIPT_SCOPE, // The top-level scope for a script or a top-level eval. + CATCH_SCOPE, // The scope introduced by catch. + BLOCK_SCOPE, // The scope introduced by a new block. + WITH_SCOPE, // The scope introduced by with. + SHADOW_REALM_SCOPE // Synthetic scope for ShadowRealm NativeContexts. }; inline std::ostream& operator<<(std::ostream& os, ScopeType type) { @@ -1442,6 +1443,8 @@ inline std::ostream& operator<<(std::ostream& os, ScopeType type) { return os << "CLASS_SCOPE"; case ScopeType::WITH_SCOPE: return os << "WITH_SCOPE"; + case ScopeType::SHADOW_REALM_SCOPE: + return os << "SHADOW_REALM_SCOPE"; } UNREACHABLE(); } diff --git a/src/common/message-template.h b/src/common/message-template.h index 343adf65ec..84f8afbd10 100644 --- a/src/common/message-template.h +++ b/src/common/message-template.h @@ -66,6 +66,8 @@ namespace internal { "CallSite expects wasm object as first or function as second argument, " \ "got <%, %>") \ T(CallSiteMethod, "CallSite method % expects CallSite as receiver") \ + T(CallSiteMethodUnsupportedInShadowRealm, \ + "CallSite method % is unsupported inside ShadowRealms") \ T(CannotBeShared, "% cannot be shared") \ T(CannotConvertToPrimitive, "Cannot convert object to primitive value") \ T(CannotPreventExt, "Cannot prevent extensions") \ diff --git a/src/d8/d8.cc b/src/d8/d8.cc index fca02f3038..70e6473d6d 100644 --- a/src/d8/d8.cc +++ b/src/d8/d8.cc @@ -1319,6 +1319,10 @@ MaybeLocal Shell::HostCreateShadowRealmContext( InitializeModuleEmbedderData(context); std::shared_ptr initiator_data = GetModuleDataFromContext(initiator_context); + + // ShadowRealms are synchronously accessible and are always in the same origin + // as the initiator context. + context->SetSecurityToken(initiator_context->GetSecurityToken()); shadow_realm_data->origin = initiator_data->origin; return context; diff --git a/src/debug/debug-scopes.cc b/src/debug/debug-scopes.cc index 8467d29d7b..1ddc787aa1 100644 --- a/src/debug/debug-scopes.cc +++ b/src/debug/debug-scopes.cc @@ -529,6 +529,10 @@ ScopeIterator::ScopeType ScopeIterator::Type() const { case EVAL_SCOPE: DCHECK_IMPLIES(NeedsContext(), context_->IsEvalContext()); return ScopeTypeEval; + case SHADOW_REALM_SCOPE: + DCHECK_IMPLIES(NeedsContext(), context_->IsNativeContext()); + // TODO(v8:11989): New ScopeType for ShadowRealms? + return ScopeTypeScript; } UNREACHABLE(); } diff --git a/src/execution/isolate.cc b/src/execution/isolate.cc index 652081b48a..f3a5ccca4b 100644 --- a/src/execution/isolate.cc +++ b/src/execution/isolate.cc @@ -5310,6 +5310,8 @@ MaybeHandle Isolate::RunHostCreateShadowRealmContextCallback() { Handle shadow_realm_context_handle = v8::Utils::OpenHandle(*shadow_realm_context); DCHECK(shadow_realm_context_handle->IsNativeContext()); + shadow_realm_context_handle->set_scope_info( + ReadOnlyRoots(this).shadow_realm_scope_info()); return Handle::cast(shadow_realm_context_handle); } diff --git a/src/heap/setup-heap-internal.cc b/src/heap/setup-heap-internal.cc index bd1dd03015..8f7c1e033b 100644 --- a/src/heap/setup-heap-internal.cc +++ b/src/heap/setup-heap-internal.cc @@ -974,6 +974,10 @@ void Heap::CreateInitialReadOnlyObjects() { ScopeInfo::CreateForNativeContext(isolate()); set_native_scope_info(*native_scope_info); + Handle shadow_realm_scope_info = + ScopeInfo::CreateForShadowRealmNativeContext(isolate()); + set_shadow_realm_scope_info(*shadow_realm_scope_info); + // Canonical off-heap trampoline data auto reloc_info = Builtins::GenerateOffHeapTrampolineRelocInfo(isolate_); set_off_heap_trampoline_relocation_info(*reloc_info); diff --git a/src/objects/scope-info.cc b/src/objects/scope-info.cc index c0117d27c9..1b6083f527 100644 --- a/src/objects/scope-info.cc +++ b/src/objects/scope-info.cc @@ -490,13 +490,21 @@ Handle ScopeInfo::CreateForNativeContext(Isolate* isolate) { return CreateForBootstrapping(isolate, BootstrappingType::kNative); } +// static +Handle ScopeInfo::CreateForShadowRealmNativeContext( + Isolate* isolate) { + return CreateForBootstrapping(isolate, BootstrappingType::kShadowRealm); +} + // static Handle ScopeInfo::CreateForBootstrapping(Isolate* isolate, BootstrappingType type) { const int parameter_count = 0; const bool is_empty_function = type == BootstrappingType::kFunction; - const bool is_native_context = type == BootstrappingType::kNative; + const bool is_native_context = (type == BootstrappingType::kNative) || + (type == BootstrappingType::kShadowRealm); const bool is_script = type == BootstrappingType::kScript; + const bool is_shadow_realm = type == BootstrappingType::kShadowRealm; const int context_local_count = is_empty_function || is_native_context ? 0 : 1; const bool has_inferred_function_name = is_empty_function; @@ -513,8 +521,12 @@ Handle ScopeInfo::CreateForBootstrapping(Isolate* isolate, factory->NewScopeInfo(length, AllocationType::kReadOnly); DisallowGarbageCollection _nogc; // Encode the flags. + DCHECK_IMPLIES(is_shadow_realm || is_script, !is_empty_function); int flags = - ScopeTypeBits::encode(is_empty_function ? FUNCTION_SCOPE : SCRIPT_SCOPE) | + ScopeTypeBits::encode( + is_empty_function + ? FUNCTION_SCOPE + : (is_shadow_realm ? SHADOW_REALM_SCOPE : SCRIPT_SCOPE)) | SloppyEvalCanExtendVarsBit::encode(false) | LanguageModeBit::encode(LanguageMode::kSloppy) | DeclarationScopeBit::encode(true) | diff --git a/src/objects/scope-info.h b/src/objects/scope-info.h index 3fe5c2c5ad..e087d7e169 100644 --- a/src/objects/scope-info.h +++ b/src/objects/scope-info.h @@ -271,6 +271,7 @@ class ScopeInfo : public TorqueGeneratedScopeInfo { V8_EXPORT_PRIVATE static Handle CreateForEmptyFunction( Isolate* isolate); static Handle CreateForNativeContext(Isolate* isolate); + static Handle CreateForShadowRealmNativeContext(Isolate* isolate); static Handle CreateGlobalThisBinding(Isolate* isolate); // Creates a copy of a {ScopeInfo} but with the provided locals blocklist @@ -363,7 +364,7 @@ class ScopeInfo : public TorqueGeneratedScopeInfo { return index; } - enum class BootstrappingType { kScript, kFunction, kNative }; + enum class BootstrappingType { kScript, kFunction, kNative, kShadowRealm }; static Handle CreateForBootstrapping(Isolate* isolate, BootstrappingType type); diff --git a/src/objects/scope-info.tq b/src/objects/scope-info.tq index d03228063f..e58db3f496 100644 --- a/src/objects/scope-info.tq +++ b/src/objects/scope-info.tq @@ -17,7 +17,8 @@ extern enum ScopeType extends uint32 { SCRIPT_SCOPE, CATCH_SCOPE, BLOCK_SCOPE, - WITH_SCOPE + WITH_SCOPE, + SHADOW_REALM_SCOPE } extern enum VariableAllocationInfo extends uint32 { @@ -158,6 +159,7 @@ extern class ScopeInfo extends HeapObject { flags.scope_type == ScopeType::SCRIPT_SCOPE || flags.scope_type == ScopeType::EVAL_SCOPE || flags.scope_type == ScopeType::MODULE_SCOPE || + flags.scope_type == ScopeType::SHADOW_REALM_SCOPE || (flags.is_empty ? false : flags.scope_type == ScopeType::CLASS_SCOPE)]: PositionInfo; diff --git a/src/roots/roots.h b/src/roots/roots.h index 7edbc9f673..b5c5196575 100644 --- a/src/roots/roots.h +++ b/src/roots/roots.h @@ -229,6 +229,7 @@ class Symbol; V(ScopeInfo, global_this_binding_scope_info, GlobalThisBindingScopeInfo) \ V(ScopeInfo, empty_function_scope_info, EmptyFunctionScopeInfo) \ V(ScopeInfo, native_scope_info, NativeScopeInfo) \ + V(ScopeInfo, shadow_realm_scope_info, ShadowRealmScopeInfo) \ V(RegisteredSymbolTable, empty_symbol_table, EmptySymbolTable) \ /* Hash seed */ \ V(ByteArray, hash_seed, HashSeed) diff --git a/test/mjsunit/harmony/shadowrealm-callsite-throw.js b/test/mjsunit/harmony/shadowrealm-callsite-throw.js new file mode 100644 index 0000000000..0739db4811 --- /dev/null +++ b/test/mjsunit/harmony/shadowrealm-callsite-throw.js @@ -0,0 +1,49 @@ +// Copyright 2022 the V8 project authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Flags: --harmony-shadow-realm + +// Test that CallSite#getFunction and CallSite#getThis throw inside +// ShadowRealms, as otherwise we could violate the callable boundary invariant. + +const shadowRealm = new ShadowRealm(); + +// The ShadowRealm won't have assertThrows, so use try-catch and accumulate a +// message string. +const wrapped = shadowRealm.evaluate(` +Error.prepareStackTrace = function(err, frames) { + let a = []; + for (let i = 0; i < frames.length; i++) { + try { + a.push(frames[i].getFunction()); + } catch (e) { + a.push("getFunction threw"); + } + try { + a.push(frames[i].getThis()); + } catch (e) { + a.push("getThis threw"); + } + } + return a.join(' '); +}; + +function inner() { + try { + throw new Error(); + } catch (e) { + return e.stack; + } +} + +inner; +`); + +(function outer() { + // There are 3 frames: top-level, outer, inner, so getFunction/getThis should + // throw 3 times. + assertEquals("getFunction threw getThis threw " + + "getFunction threw getThis threw " + + "getFunction threw getThis threw", wrapped()); +})(); diff --git a/test/unittests/interpreter/bytecode_expectations/PrivateAccessorAccess.golden b/test/unittests/interpreter/bytecode_expectations/PrivateAccessorAccess.golden index bc1c08c83e..03ff2c1085 100644 --- a/test/unittests/interpreter/bytecode_expectations/PrivateAccessorAccess.golden +++ b/test/unittests/interpreter/bytecode_expectations/PrivateAccessorAccess.golden @@ -83,7 +83,7 @@ bytecodes: [ /* 48 E> */ B(DefineKeyedOwnProperty), R(this), R(0), U8(0), /* 53 S> */ B(LdaImmutableCurrentContextSlot), U8(3), /* 58 E> */ B(GetKeyedProperty), R(this), U8(2), - B(Wide), B(LdaSmi), I16(306), + B(Wide), B(LdaSmi), I16(307), B(Star2), B(LdaConstant), U8(0), B(Star3), @@ -115,7 +115,7 @@ bytecodes: [ /* 41 E> */ B(DefineKeyedOwnProperty), R(this), R(0), U8(0), /* 46 S> */ B(LdaImmutableCurrentContextSlot), U8(3), /* 51 E> */ B(GetKeyedProperty), R(this), U8(2), - B(Wide), B(LdaSmi), I16(305), + B(Wide), B(LdaSmi), I16(306), B(Star2), B(LdaConstant), U8(0), B(Star3), @@ -149,7 +149,7 @@ bytecodes: [ B(Star2), B(LdaImmutableCurrentContextSlot), U8(3), /* 58 E> */ B(GetKeyedProperty), R(this), U8(2), - B(Wide), B(LdaSmi), I16(306), + B(Wide), B(LdaSmi), I16(307), B(Star3), B(LdaConstant), U8(0), B(Star4), @@ -181,7 +181,7 @@ bytecodes: [ /* 41 E> */ B(DefineKeyedOwnProperty), R(this), R(0), U8(0), /* 46 S> */ B(LdaImmutableCurrentContextSlot), U8(3), /* 51 E> */ B(GetKeyedProperty), R(this), U8(2), - B(Wide), B(LdaSmi), I16(305), + B(Wide), B(LdaSmi), I16(306), B(Star2), B(LdaConstant), U8(0), B(Star3), diff --git a/test/unittests/interpreter/bytecode_expectations/PrivateMethodAccess.golden b/test/unittests/interpreter/bytecode_expectations/PrivateMethodAccess.golden index a7cde86a77..91d5beae1b 100644 --- a/test/unittests/interpreter/bytecode_expectations/PrivateMethodAccess.golden +++ b/test/unittests/interpreter/bytecode_expectations/PrivateMethodAccess.golden @@ -58,7 +58,7 @@ bytecodes: [ B(Star2), B(LdaImmutableCurrentContextSlot), U8(3), /* 54 E> */ B(GetKeyedProperty), R(this), U8(2), - B(Wide), B(LdaSmi), I16(304), + B(Wide), B(LdaSmi), I16(305), B(Star3), B(LdaConstant), U8(0), B(Star4), @@ -91,7 +91,7 @@ bytecodes: [ /* 44 E> */ B(DefineKeyedOwnProperty), R(this), R(0), U8(0), /* 49 S> */ B(LdaImmutableCurrentContextSlot), U8(3), /* 54 E> */ B(GetKeyedProperty), R(this), U8(2), - B(Wide), B(LdaSmi), I16(304), + B(Wide), B(LdaSmi), I16(305), B(Star2), B(LdaConstant), U8(0), B(Star3), diff --git a/test/unittests/interpreter/bytecode_expectations/StaticPrivateMethodAccess.golden b/test/unittests/interpreter/bytecode_expectations/StaticPrivateMethodAccess.golden index 9ff074e5bb..d3d6c1751a 100644 --- a/test/unittests/interpreter/bytecode_expectations/StaticPrivateMethodAccess.golden +++ b/test/unittests/interpreter/bytecode_expectations/StaticPrivateMethodAccess.golden @@ -24,7 +24,7 @@ bytecodes: [ B(TestReferenceEqual), R(this), B(Mov), R(this), R(1), B(JumpIfTrue), U8(16), - B(Wide), B(LdaSmi), I16(298), + B(Wide), B(LdaSmi), I16(299), B(Star2), B(LdaConstant), U8(0), B(Star3), @@ -61,13 +61,13 @@ bytecodes: [ B(TestReferenceEqual), R(this), B(Mov), R(this), R(0), B(JumpIfTrue), U8(16), - B(Wide), B(LdaSmi), I16(298), + B(Wide), B(LdaSmi), I16(299), B(Star2), B(LdaConstant), U8(0), B(Star3), /* 61 E> */ B(CallRuntime), U16(Runtime::kNewTypeError), R(2), U8(2), B(Throw), - B(Wide), B(LdaSmi), I16(304), + B(Wide), B(LdaSmi), I16(305), B(Star2), B(LdaConstant), U8(1), B(Star3), @@ -99,13 +99,13 @@ bytecodes: [ B(TestReferenceEqual), R(this), B(Mov), R(this), R(0), B(JumpIfTrue), U8(16), - B(Wide), B(LdaSmi), I16(298), + B(Wide), B(LdaSmi), I16(299), B(Star1), B(LdaConstant), U8(0), B(Star2), /* 61 E> */ B(CallRuntime), U16(Runtime::kNewTypeError), R(1), U8(2), B(Throw), - B(Wide), B(LdaSmi), I16(304), + B(Wide), B(LdaSmi), I16(305), B(Star1), B(LdaConstant), U8(1), B(Star2), @@ -145,7 +145,7 @@ bytecodes: [ B(TestReferenceEqual), R(this), B(Mov), R(this), R(0), B(JumpIfTrue), U8(16), - B(Wide), B(LdaSmi), I16(298), + B(Wide), B(LdaSmi), I16(299), B(Star2), B(LdaConstant), U8(0), B(Star3), @@ -167,7 +167,7 @@ bytecodes: [ B(TestReferenceEqual), R(this), B(Mov), R(this), R(0), B(JumpIfTrue), U8(16), - B(Wide), B(LdaSmi), I16(298), + B(Wide), B(LdaSmi), I16(299), B(Star3), B(LdaConstant), U8(0), B(Star4), @@ -182,7 +182,7 @@ bytecodes: [ B(TestReferenceEqual), R(this), B(Mov), R(this), R(0), B(JumpIfTrue), U8(16), - B(Wide), B(LdaSmi), I16(298), + B(Wide), B(LdaSmi), I16(299), B(Star2), B(LdaConstant), U8(0), B(Star3), @@ -216,13 +216,13 @@ bytecodes: [ B(TestReferenceEqual), R(this), B(Mov), R(this), R(0), B(JumpIfTrue), U8(16), - B(Wide), B(LdaSmi), I16(298), + B(Wide), B(LdaSmi), I16(299), B(Star1), B(LdaConstant), U8(0), B(Star2), /* 65 E> */ B(CallRuntime), U16(Runtime::kNewTypeError), R(1), U8(2), B(Throw), - B(Wide), B(LdaSmi), I16(306), + B(Wide), B(LdaSmi), I16(307), B(Star1), B(LdaConstant), U8(1), B(Star2), @@ -253,13 +253,13 @@ bytecodes: [ B(TestReferenceEqual), R(this), B(Mov), R(this), R(0), B(JumpIfTrue), U8(16), - B(Wide), B(LdaSmi), I16(298), + B(Wide), B(LdaSmi), I16(299), B(Star1), B(LdaConstant), U8(0), B(Star2), /* 58 E> */ B(CallRuntime), U16(Runtime::kNewTypeError), R(1), U8(2), B(Throw), - B(Wide), B(LdaSmi), I16(305), + B(Wide), B(LdaSmi), I16(306), B(Star1), B(LdaConstant), U8(1), B(Star2), @@ -292,13 +292,13 @@ bytecodes: [ B(TestReferenceEqual), R(this), B(Mov), R(this), R(0), B(JumpIfTrue), U8(16), - B(Wide), B(LdaSmi), I16(298), + B(Wide), B(LdaSmi), I16(299), B(Star2), B(LdaConstant), U8(0), B(Star3), /* 65 E> */ B(CallRuntime), U16(Runtime::kNewTypeError), R(2), U8(2), B(Throw), - B(Wide), B(LdaSmi), I16(306), + B(Wide), B(LdaSmi), I16(307), B(Star2), B(LdaConstant), U8(1), B(Star3), @@ -327,7 +327,7 @@ bytecode array length: 19 bytecodes: [ /* 46 S> */ B(LdaImmutableCurrentContextSlot), U8(3), /* 51 E> */ B(GetKeyedProperty), R(this), U8(0), - B(Wide), B(LdaSmi), I16(305), + B(Wide), B(LdaSmi), I16(306), B(Star1), B(LdaConstant), U8(0), B(Star2), diff --git a/tools/v8heapconst.py b/tools/v8heapconst.py index 27a4611e03..19e3330fd5 100644 --- a/tools/v8heapconst.py +++ b/tools/v8heapconst.py @@ -403,84 +403,84 @@ KNOWN_MAPS = { ("read_only_space", 0x03499): (131, "BasicBlockCountersMarkerMap"), ("read_only_space", 0x034dd): (146, "ArrayBoilerplateDescriptionMap"), ("read_only_space", 0x035dd): (158, "InterceptorInfoMap"), - ("read_only_space", 0x0763d): (132, "PromiseFulfillReactionJobTaskMap"), - ("read_only_space", 0x07665): (133, "PromiseRejectReactionJobTaskMap"), - ("read_only_space", 0x0768d): (134, "CallableTaskMap"), - ("read_only_space", 0x076b5): (135, "CallbackTaskMap"), - ("read_only_space", 0x076dd): (136, "PromiseResolveThenableJobTaskMap"), - ("read_only_space", 0x07705): (139, "FunctionTemplateInfoMap"), - ("read_only_space", 0x0772d): (140, "ObjectTemplateInfoMap"), - ("read_only_space", 0x07755): (141, "AccessCheckInfoMap"), - ("read_only_space", 0x0777d): (142, "AccessorPairMap"), - ("read_only_space", 0x077a5): (143, "AliasedArgumentsEntryMap"), - ("read_only_space", 0x077cd): (144, "AllocationMementoMap"), - ("read_only_space", 0x077f5): (147, "AsmWasmDataMap"), - ("read_only_space", 0x0781d): (148, "AsyncGeneratorRequestMap"), - ("read_only_space", 0x07845): (149, "BreakPointMap"), - ("read_only_space", 0x0786d): (150, "BreakPointInfoMap"), - ("read_only_space", 0x07895): (151, "CallSiteInfoMap"), - ("read_only_space", 0x078bd): (152, "ClassPositionsMap"), - ("read_only_space", 0x078e5): (153, "DebugInfoMap"), - ("read_only_space", 0x0790d): (155, "ErrorStackDataMap"), - ("read_only_space", 0x07935): (157, "FunctionTemplateRareDataMap"), - ("read_only_space", 0x0795d): (159, "InterpreterDataMap"), - ("read_only_space", 0x07985): (160, "ModuleRequestMap"), - ("read_only_space", 0x079ad): (161, "PromiseCapabilityMap"), - ("read_only_space", 0x079d5): (162, "PromiseOnStackMap"), - ("read_only_space", 0x079fd): (163, "PromiseReactionMap"), - ("read_only_space", 0x07a25): (164, "PropertyDescriptorObjectMap"), - ("read_only_space", 0x07a4d): (165, "PrototypeInfoMap"), - ("read_only_space", 0x07a75): (166, "RegExpBoilerplateDescriptionMap"), - ("read_only_space", 0x07a9d): (167, "ScriptMap"), - ("read_only_space", 0x07ac5): (168, "ScriptOrModuleMap"), - ("read_only_space", 0x07aed): (169, "SourceTextModuleInfoEntryMap"), - ("read_only_space", 0x07b15): (170, "StackFrameInfoMap"), - ("read_only_space", 0x07b3d): (171, "TemplateObjectDescriptionMap"), - ("read_only_space", 0x07b65): (172, "Tuple2Map"), - ("read_only_space", 0x07b8d): (173, "WasmExceptionTagMap"), - ("read_only_space", 0x07bb5): (174, "WasmIndirectFunctionTableMap"), - ("read_only_space", 0x07bdd): (194, "SloppyArgumentsElementsMap"), - ("read_only_space", 0x07c05): (236, "DescriptorArrayMap"), - ("read_only_space", 0x07c2d): (222, "UncompiledDataWithoutPreparseDataMap"), - ("read_only_space", 0x07c55): (220, "UncompiledDataWithPreparseDataMap"), - ("read_only_space", 0x07c7d): (223, "UncompiledDataWithoutPreparseDataWithJobMap"), - ("read_only_space", 0x07ca5): (221, "UncompiledDataWithPreparseDataAndJobMap"), - ("read_only_space", 0x07ccd): (257, "OnHeapBasicBlockProfilerDataMap"), - ("read_only_space", 0x07cf5): (215, "TurbofanBitsetTypeMap"), - ("read_only_space", 0x07d1d): (219, "TurbofanUnionTypeMap"), - ("read_only_space", 0x07d45): (218, "TurbofanRangeTypeMap"), - ("read_only_space", 0x07d6d): (216, "TurbofanHeapConstantTypeMap"), - ("read_only_space", 0x07d95): (217, "TurbofanOtherNumberConstantTypeMap"), - ("read_only_space", 0x07dbd): (198, "TurboshaftWord32TypeMap"), - ("read_only_space", 0x07de5): (199, "TurboshaftWord32RangeTypeMap"), - ("read_only_space", 0x07e0d): (200, "TurboshaftWord32SetTypeMap"), - ("read_only_space", 0x07e35): (201, "TurboshaftWord64TypeMap"), - ("read_only_space", 0x07e5d): (202, "TurboshaftWord64RangeTypeMap"), - ("read_only_space", 0x07e85): (203, "TurboshaftWord64SetTypeMap"), - ("read_only_space", 0x07ead): (195, "TurboshaftFloat64TypeMap"), - ("read_only_space", 0x07ed5): (196, "TurboshaftFloat64RangeTypeMap"), - ("read_only_space", 0x07efd): (197, "TurboshaftFloat64SetTypeMap"), - ("read_only_space", 0x07f25): (253, "InternalClassMap"), - ("read_only_space", 0x07f4d): (264, "SmiPairMap"), - ("read_only_space", 0x07f75): (263, "SmiBoxMap"), - ("read_only_space", 0x07f9d): (228, "ExportedSubClassBaseMap"), - ("read_only_space", 0x07fc5): (229, "ExportedSubClassMap"), - ("read_only_space", 0x07fed): (234, "AbstractInternalClassSubclass1Map"), - ("read_only_space", 0x08015): (235, "AbstractInternalClassSubclass2Map"), - ("read_only_space", 0x0803d): (193, "InternalClassWithSmiElementsMap"), - ("read_only_space", 0x08065): (254, "InternalClassWithStructElementsMap"), - ("read_only_space", 0x0808d): (230, "ExportedSubClass2Map"), - ("read_only_space", 0x080b5): (265, "SortStateMap"), - ("read_only_space", 0x080dd): (271, "WasmStringViewIterMap"), - ("read_only_space", 0x08105): (145, "AllocationSiteWithWeakNextMap"), - ("read_only_space", 0x0812d): (145, "AllocationSiteWithoutWeakNextMap"), - ("read_only_space", 0x081f9): (137, "LoadHandler1Map"), - ("read_only_space", 0x08221): (137, "LoadHandler2Map"), - ("read_only_space", 0x08249): (137, "LoadHandler3Map"), - ("read_only_space", 0x08271): (138, "StoreHandler0Map"), - ("read_only_space", 0x08299): (138, "StoreHandler1Map"), - ("read_only_space", 0x082c1): (138, "StoreHandler2Map"), - ("read_only_space", 0x082e9): (138, "StoreHandler3Map"), + ("read_only_space", 0x07655): (132, "PromiseFulfillReactionJobTaskMap"), + ("read_only_space", 0x0767d): (133, "PromiseRejectReactionJobTaskMap"), + ("read_only_space", 0x076a5): (134, "CallableTaskMap"), + ("read_only_space", 0x076cd): (135, "CallbackTaskMap"), + ("read_only_space", 0x076f5): (136, "PromiseResolveThenableJobTaskMap"), + ("read_only_space", 0x0771d): (139, "FunctionTemplateInfoMap"), + ("read_only_space", 0x07745): (140, "ObjectTemplateInfoMap"), + ("read_only_space", 0x0776d): (141, "AccessCheckInfoMap"), + ("read_only_space", 0x07795): (142, "AccessorPairMap"), + ("read_only_space", 0x077bd): (143, "AliasedArgumentsEntryMap"), + ("read_only_space", 0x077e5): (144, "AllocationMementoMap"), + ("read_only_space", 0x0780d): (147, "AsmWasmDataMap"), + ("read_only_space", 0x07835): (148, "AsyncGeneratorRequestMap"), + ("read_only_space", 0x0785d): (149, "BreakPointMap"), + ("read_only_space", 0x07885): (150, "BreakPointInfoMap"), + ("read_only_space", 0x078ad): (151, "CallSiteInfoMap"), + ("read_only_space", 0x078d5): (152, "ClassPositionsMap"), + ("read_only_space", 0x078fd): (153, "DebugInfoMap"), + ("read_only_space", 0x07925): (155, "ErrorStackDataMap"), + ("read_only_space", 0x0794d): (157, "FunctionTemplateRareDataMap"), + ("read_only_space", 0x07975): (159, "InterpreterDataMap"), + ("read_only_space", 0x0799d): (160, "ModuleRequestMap"), + ("read_only_space", 0x079c5): (161, "PromiseCapabilityMap"), + ("read_only_space", 0x079ed): (162, "PromiseOnStackMap"), + ("read_only_space", 0x07a15): (163, "PromiseReactionMap"), + ("read_only_space", 0x07a3d): (164, "PropertyDescriptorObjectMap"), + ("read_only_space", 0x07a65): (165, "PrototypeInfoMap"), + ("read_only_space", 0x07a8d): (166, "RegExpBoilerplateDescriptionMap"), + ("read_only_space", 0x07ab5): (167, "ScriptMap"), + ("read_only_space", 0x07add): (168, "ScriptOrModuleMap"), + ("read_only_space", 0x07b05): (169, "SourceTextModuleInfoEntryMap"), + ("read_only_space", 0x07b2d): (170, "StackFrameInfoMap"), + ("read_only_space", 0x07b55): (171, "TemplateObjectDescriptionMap"), + ("read_only_space", 0x07b7d): (172, "Tuple2Map"), + ("read_only_space", 0x07ba5): (173, "WasmExceptionTagMap"), + ("read_only_space", 0x07bcd): (174, "WasmIndirectFunctionTableMap"), + ("read_only_space", 0x07bf5): (194, "SloppyArgumentsElementsMap"), + ("read_only_space", 0x07c1d): (236, "DescriptorArrayMap"), + ("read_only_space", 0x07c45): (222, "UncompiledDataWithoutPreparseDataMap"), + ("read_only_space", 0x07c6d): (220, "UncompiledDataWithPreparseDataMap"), + ("read_only_space", 0x07c95): (223, "UncompiledDataWithoutPreparseDataWithJobMap"), + ("read_only_space", 0x07cbd): (221, "UncompiledDataWithPreparseDataAndJobMap"), + ("read_only_space", 0x07ce5): (257, "OnHeapBasicBlockProfilerDataMap"), + ("read_only_space", 0x07d0d): (215, "TurbofanBitsetTypeMap"), + ("read_only_space", 0x07d35): (219, "TurbofanUnionTypeMap"), + ("read_only_space", 0x07d5d): (218, "TurbofanRangeTypeMap"), + ("read_only_space", 0x07d85): (216, "TurbofanHeapConstantTypeMap"), + ("read_only_space", 0x07dad): (217, "TurbofanOtherNumberConstantTypeMap"), + ("read_only_space", 0x07dd5): (198, "TurboshaftWord32TypeMap"), + ("read_only_space", 0x07dfd): (199, "TurboshaftWord32RangeTypeMap"), + ("read_only_space", 0x07e25): (200, "TurboshaftWord32SetTypeMap"), + ("read_only_space", 0x07e4d): (201, "TurboshaftWord64TypeMap"), + ("read_only_space", 0x07e75): (202, "TurboshaftWord64RangeTypeMap"), + ("read_only_space", 0x07e9d): (203, "TurboshaftWord64SetTypeMap"), + ("read_only_space", 0x07ec5): (195, "TurboshaftFloat64TypeMap"), + ("read_only_space", 0x07eed): (196, "TurboshaftFloat64RangeTypeMap"), + ("read_only_space", 0x07f15): (197, "TurboshaftFloat64SetTypeMap"), + ("read_only_space", 0x07f3d): (253, "InternalClassMap"), + ("read_only_space", 0x07f65): (264, "SmiPairMap"), + ("read_only_space", 0x07f8d): (263, "SmiBoxMap"), + ("read_only_space", 0x07fb5): (228, "ExportedSubClassBaseMap"), + ("read_only_space", 0x07fdd): (229, "ExportedSubClassMap"), + ("read_only_space", 0x08005): (234, "AbstractInternalClassSubclass1Map"), + ("read_only_space", 0x0802d): (235, "AbstractInternalClassSubclass2Map"), + ("read_only_space", 0x08055): (193, "InternalClassWithSmiElementsMap"), + ("read_only_space", 0x0807d): (254, "InternalClassWithStructElementsMap"), + ("read_only_space", 0x080a5): (230, "ExportedSubClass2Map"), + ("read_only_space", 0x080cd): (265, "SortStateMap"), + ("read_only_space", 0x080f5): (271, "WasmStringViewIterMap"), + ("read_only_space", 0x0811d): (145, "AllocationSiteWithWeakNextMap"), + ("read_only_space", 0x08145): (145, "AllocationSiteWithoutWeakNextMap"), + ("read_only_space", 0x08211): (137, "LoadHandler1Map"), + ("read_only_space", 0x08239): (137, "LoadHandler2Map"), + ("read_only_space", 0x08261): (137, "LoadHandler3Map"), + ("read_only_space", 0x08289): (138, "StoreHandler0Map"), + ("read_only_space", 0x082b1): (138, "StoreHandler1Map"), + ("read_only_space", 0x082d9): (138, "StoreHandler2Map"), + ("read_only_space", 0x08301): (138, "StoreHandler3Map"), ("old_space", 0x0438d): (2116, "ExternalMap"), ("old_space", 0x043b5): (2120, "JSMessageObjectMap"), } @@ -536,8 +536,9 @@ KNOWN_OBJECTS = { ("read_only_space", 0x04b35): "GlobalThisBindingScopeInfo", ("read_only_space", 0x04b65): "EmptyFunctionScopeInfo", ("read_only_space", 0x04b89): "NativeScopeInfo", - ("read_only_space", 0x04ba1): "EmptySymbolTable", - ("read_only_space", 0x04bbd): "HashSeed", + ("read_only_space", 0x04ba1): "ShadowRealmScopeInfo", + ("read_only_space", 0x04bb9): "EmptySymbolTable", + ("read_only_space", 0x04bd5): "HashSeed", ("old_space", 0x0423d): "ArgumentsIteratorAccessor", ("old_space", 0x04255): "ArrayLengthAccessor", ("old_space", 0x0426d): "BoundFunctionLengthAccessor",