From d61dcb846c589e86c68432207caeb3d4bced6a58 Mon Sep 17 00:00:00 2001 From: Joshua Litt Date: Wed, 4 Sep 2019 07:39:19 -0700 Subject: [PATCH] [protectors] Migrate TypedSpeciesArrayLookupChain protector Migrates TypedSpeciesArrayLookupChain protector to the protectors static class. Bug: v8:9463 Change-Id: I6941f664557b463aecd0b57035b2fb741cdfe14d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1783846 Reviewed-by: Jakob Gruber Commit-Queue: Joshua Litt Cr-Commit-Position: refs/heads/master@{#63611} --- src/execution/isolate-inl.h | 7 ------- src/execution/isolate.cc | 10 ---------- src/execution/isolate.h | 3 --- src/execution/protectors.h | 6 ++++-- src/objects/lookup.cc | 16 ++++++++-------- test/cctest/test-typedarrays.cc | 7 ++++--- 6 files changed, 16 insertions(+), 33 deletions(-) diff --git a/src/execution/isolate-inl.h b/src/execution/isolate-inl.h index e1b021b921..64a62c93e6 100644 --- a/src/execution/isolate-inl.h +++ b/src/execution/isolate-inl.h @@ -119,13 +119,6 @@ bool Isolate::IsArrayConstructorIntact() { return array_constructor_cell.value() == Smi::FromInt(kProtectorValid); } -bool Isolate::IsTypedArraySpeciesLookupChainIntact() { - PropertyCell species_cell = - PropertyCell::cast(root(RootIndex::kTypedArraySpeciesProtector)); - return species_cell.value().IsSmi() && - Smi::ToInt(species_cell.value()) == kProtectorValid; -} - bool Isolate::IsPromiseSpeciesLookupChainIntact() { PropertyCell species_cell = PropertyCell::cast(root(RootIndex::kPromiseSpeciesProtector)); diff --git a/src/execution/isolate.cc b/src/execution/isolate.cc index d090ed5260..ca0260bd7b 100644 --- a/src/execution/isolate.cc +++ b/src/execution/isolate.cc @@ -3999,16 +3999,6 @@ void Isolate::InvalidateArrayConstructorProtector() { DCHECK(!IsArrayConstructorIntact()); } -void Isolate::InvalidateTypedArraySpeciesProtector() { - DCHECK(factory()->typed_array_species_protector()->value().IsSmi()); - DCHECK(IsTypedArraySpeciesLookupChainIntact()); - PropertyCell::SetValueWithInvalidation( - this, "typed_array_species_protector", - factory()->typed_array_species_protector(), - handle(Smi::FromInt(kProtectorInvalid), this)); - DCHECK(!IsTypedArraySpeciesLookupChainIntact()); -} - void Isolate::InvalidatePromiseSpeciesProtector() { DCHECK(factory()->promise_species_protector()->value().IsSmi()); DCHECK(IsPromiseSpeciesLookupChainIntact()); diff --git a/src/execution/isolate.h b/src/execution/isolate.h index 4eadb42438..25cb5605a5 100644 --- a/src/execution/isolate.h +++ b/src/execution/isolate.h @@ -1176,8 +1176,6 @@ class Isolate final : private HiddenFactory { bool IsArrayOrObjectOrStringPrototype(Object object); - inline bool IsTypedArraySpeciesLookupChainIntact(); - // Check that the @@species protector is intact, which guards the lookup of // "constructor" on JSPromise instances, whose [[Prototype]] is the initial // %PromisePrototype%, and the Symbol.species lookup on the @@ -1263,7 +1261,6 @@ class Isolate final : private HiddenFactory { void TraceProtectorInvalidation(const char* protector_name); void InvalidateArrayConstructorProtector(); - void InvalidateTypedArraySpeciesProtector(); void InvalidateRegExpSpeciesProtector(Handle native_context); void InvalidatePromiseSpeciesProtector(); void InvalidateIsConcatSpreadableProtector(); diff --git a/src/execution/protectors.h b/src/execution/protectors.h index 5c54613bb1..1479911765 100644 --- a/src/execution/protectors.h +++ b/src/execution/protectors.h @@ -18,8 +18,10 @@ class Protectors : public AllStatic { #define DECLARED_PROTECTORS_ON_NATIVE_CONTEXT(V) \ V(RegExpSpeciesLookupChainProtector, regexp_species_protector) -#define DECLARED_PROTECTORS_ON_ISOLATE(V) \ - V(ArraySpeciesLookupChain, ArraySpeciesProtector, array_species_protector) +#define DECLARED_PROTECTORS_ON_ISOLATE(V) \ + V(ArraySpeciesLookupChain, ArraySpeciesProtector, array_species_protector) \ + V(TypedArraySpeciesLookupChain, TypedArraySpeciesProtector, \ + typed_array_species_protector) #define DECLARE_PROTECTOR_ON_NATIVE_CONTEXT(name, unused_cell) \ static inline bool Is##name##Intact(Handle native_context); \ diff --git a/src/objects/lookup.cc b/src/objects/lookup.cc index 445d0815f3..fecab7f255 100644 --- a/src/objects/lookup.cc +++ b/src/objects/lookup.cc @@ -251,7 +251,7 @@ void LookupIterator::InternalUpdateProtector() { !isolate_->IsPromiseSpeciesLookupChainIntact() && !Protectors::IsRegExpSpeciesLookupChainProtectorIntact( native_context) && - !isolate_->IsTypedArraySpeciesLookupChainIntact()) { + !Protectors::IsTypedArraySpeciesLookupChainIntact(isolate_)) { return; } // Setting the constructor property could change an instance's @@species @@ -274,8 +274,8 @@ void LookupIterator::InternalUpdateProtector() { native_context); return; } else if (receiver->IsJSTypedArray(isolate_)) { - if (!isolate_->IsTypedArraySpeciesLookupChainIntact()) return; - isolate_->InvalidateTypedArraySpeciesProtector(); + if (!Protectors::IsTypedArraySpeciesLookupChainIntact(isolate_)) return; + Protectors::InvalidateTypedArraySpeciesLookupChain(isolate_); return; } if (receiver->map(isolate_).is_prototype_map()) { @@ -306,8 +306,8 @@ void LookupIterator::InternalUpdateProtector() { } else if (isolate_->IsInAnyContext( receiver->map(isolate_).prototype(isolate_), Context::TYPED_ARRAY_PROTOTYPE_INDEX)) { - if (!isolate_->IsTypedArraySpeciesLookupChainIntact()) return; - isolate_->InvalidateTypedArraySpeciesProtector(); + if (!Protectors::IsTypedArraySpeciesLookupChainIntact(isolate_)) return; + Protectors::InvalidateTypedArraySpeciesLookupChain(isolate_); } } } else if (*name_ == roots.next_string()) { @@ -347,7 +347,7 @@ void LookupIterator::InternalUpdateProtector() { !isolate_->IsPromiseSpeciesLookupChainIntact() && !Protectors::IsRegExpSpeciesLookupChainProtectorIntact( native_context) && - !isolate_->IsTypedArraySpeciesLookupChainIntact()) { + !Protectors::IsTypedArraySpeciesLookupChainIntact(isolate_)) { return; } // Setting the Symbol.species property of any Array, Promise or TypedArray @@ -370,8 +370,8 @@ void LookupIterator::InternalUpdateProtector() { Protectors::InvalidateRegExpSpeciesLookupChainProtector(isolate_, native_context); } else if (IsTypedArrayFunctionInAnyContext(isolate_, *receiver)) { - if (!isolate_->IsTypedArraySpeciesLookupChainIntact()) return; - isolate_->InvalidateTypedArraySpeciesProtector(); + if (!Protectors::IsTypedArraySpeciesLookupChainIntact(isolate_)) return; + Protectors::InvalidateTypedArraySpeciesLookupChain(isolate_); } } else if (*name_ == roots.is_concat_spreadable_symbol()) { if (!isolate_->IsIsConcatSpreadableLookupChainIntact()) return; diff --git a/test/cctest/test-typedarrays.cc b/test/cctest/test-typedarrays.cc index fb4740cb92..29a04ca05d 100644 --- a/test/cctest/test-typedarrays.cc +++ b/test/cctest/test-typedarrays.cc @@ -7,6 +7,7 @@ #include "src/init/v8.h" #include "test/cctest/cctest.h" +#include "src/execution/protectors-inl.h" #include "src/heap/heap.h" #include "src/objects/objects-inl.h" #include "src/objects/objects.h" @@ -115,12 +116,12 @@ void TestSpeciesProtector(char* code, v8::internal::Isolate* i_isolate = reinterpret_cast(isolate); - CHECK(i_isolate->IsTypedArraySpeciesLookupChainIntact()); + CHECK(Protectors::IsTypedArraySpeciesLookupChainIntact(i_isolate)); CompileRun(code); if (invalidates_species_protector) { - CHECK(!i_isolate->IsTypedArraySpeciesLookupChainIntact()); + CHECK(!Protectors::IsTypedArraySpeciesLookupChainIntact(i_isolate)); } else { - CHECK(i_isolate->IsTypedArraySpeciesLookupChainIntact()); + CHECK(Protectors::IsTypedArraySpeciesLookupChainIntact(i_isolate)); } v8::Local my_typed_array = CompileRun("MyTypedArray");