[ubsan] Port Cell to the new design
Bug: v8:3770 Change-Id: I24169b4564d1bdf544354b964aa22c066bc0da2b Reviewed-on: https://chromium-review.googlesource.com/c/1380912 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#58320}
This commit is contained in:
parent
cd17215a2a
commit
f9d033de1e
@ -153,8 +153,8 @@ class Handle final : public HandleBase {
|
||||
(std::is_same<T, HeapObject>::value &&
|
||||
(std::is_same<S, AllocationSite>::value ||
|
||||
std::is_same<S, ArrayBoilerplateDescription>::value ||
|
||||
std::is_same<S, ByteArray>::value || std::is_same<S, Code>::value ||
|
||||
std::is_same<S, Context>::value ||
|
||||
std::is_same<S, ByteArray>::value || std::is_same<S, Cell>::value ||
|
||||
std::is_same<S, Code>::value || std::is_same<S, Context>::value ||
|
||||
std::is_same<S, DescriptorArray>::value ||
|
||||
std::is_same<S, FeedbackCell>::value ||
|
||||
std::is_same<S, FeedbackVector>::value ||
|
||||
|
@ -38,7 +38,7 @@ class WasmInstanceObject;
|
||||
V(BigInt, BigInt) \
|
||||
V(ByteArray, ByteArray) \
|
||||
V(BytecodeArray, BytecodeArray) \
|
||||
V(Cell, Cell*) \
|
||||
V(Cell, Cell) \
|
||||
V(Code, Code) \
|
||||
V(CodeDataContainer, CodeDataContainer) \
|
||||
V(ConsString, ConsString) \
|
||||
|
@ -137,7 +137,7 @@ NATIVE_CONTEXT_FIELDS(NATIVE_CONTEXT_FIELD_ACCESSOR)
|
||||
#undef NATIVE_CONTEXT_FIELD_ACCESSOR
|
||||
|
||||
bool Isolate::IsArrayConstructorIntact() {
|
||||
Cell* array_constructor_cell = heap()->array_constructor_protector();
|
||||
Cell array_constructor_cell = heap()->array_constructor_protector();
|
||||
return array_constructor_cell->value() == Smi::FromInt(kProtectorValid);
|
||||
}
|
||||
|
||||
@ -178,7 +178,7 @@ bool Isolate::IsPromiseSpeciesLookupChainIntact() {
|
||||
}
|
||||
|
||||
bool Isolate::IsStringLengthOverflowIntact() {
|
||||
Cell* string_length_cell = heap()->string_length_protector();
|
||||
Cell string_length_cell = heap()->string_length_protector();
|
||||
return string_length_cell->value() == Smi::FromInt(kProtectorValid);
|
||||
}
|
||||
|
||||
|
@ -3680,7 +3680,7 @@ bool Isolate::IsNoElementsProtectorIntact() {
|
||||
}
|
||||
|
||||
bool Isolate::IsIsConcatSpreadableLookupChainIntact() {
|
||||
Cell* is_concat_spreadable_cell = heap()->is_concat_spreadable_protector();
|
||||
Cell is_concat_spreadable_cell = heap()->is_concat_spreadable_protector();
|
||||
bool is_is_concat_spreadable_set =
|
||||
Smi::ToInt(is_concat_spreadable_cell->value()) == kProtectorInvalid;
|
||||
#ifdef DEBUG
|
||||
@ -3723,7 +3723,7 @@ bool Isolate::IsPromiseHookProtectorIntact() {
|
||||
}
|
||||
|
||||
bool Isolate::IsPromiseResolveLookupChainIntact() {
|
||||
Cell* promise_resolve_cell = heap()->promise_resolve_protector();
|
||||
Cell promise_resolve_cell = heap()->promise_resolve_protector();
|
||||
bool is_promise_resolve_protector_intact =
|
||||
Smi::ToInt(promise_resolve_cell->value()) == kProtectorValid;
|
||||
return is_promise_resolve_protector_intact;
|
||||
|
@ -1519,7 +1519,7 @@ void JSGlobalObject::JSGlobalObjectPrint(std::ostream& os) { // NOLINT
|
||||
}
|
||||
|
||||
void Cell::CellPrint(std::ostream& os) { // NOLINT
|
||||
HeapObject::PrintHeader(os, "Cell");
|
||||
PrintHeader(os, "Cell");
|
||||
os << "\n - value: " << Brief(value());
|
||||
os << "\n";
|
||||
}
|
||||
|
@ -12963,7 +12963,7 @@ void InvalidateOnePrototypeValidityCellInternal(Map map) {
|
||||
Object* maybe_cell = map->prototype_validity_cell();
|
||||
if (maybe_cell->IsCell()) {
|
||||
// Just set the value; the cell will be replaced lazily.
|
||||
Cell* cell = Cell::cast(maybe_cell);
|
||||
Cell cell = Cell::cast(maybe_cell);
|
||||
cell->set_value(Smi::FromInt(Map::kPrototypeChainInvalid));
|
||||
}
|
||||
}
|
||||
@ -13091,7 +13091,7 @@ bool Map::IsPrototypeChainInvalidated(Map map) {
|
||||
DCHECK(map->is_prototype_map());
|
||||
Object* maybe_cell = map->prototype_validity_cell();
|
||||
if (maybe_cell->IsCell()) {
|
||||
Cell* cell = Cell::cast(maybe_cell);
|
||||
Cell cell = Cell::cast(maybe_cell);
|
||||
return cell->value() != Smi::FromInt(Map::kPrototypeChainValid);
|
||||
}
|
||||
return true;
|
||||
|
@ -15,10 +15,16 @@
|
||||
namespace v8 {
|
||||
namespace internal {
|
||||
|
||||
CAST_ACCESSOR(Cell)
|
||||
OBJECT_CONSTRUCTORS_IMPL(Cell, HeapObjectPtr)
|
||||
|
||||
CAST_ACCESSOR2(Cell)
|
||||
|
||||
ACCESSORS(Cell, value, Object, kValueOffset)
|
||||
|
||||
Cell Cell::FromValueAddress(Address value) {
|
||||
return Cell::cast(HeapObject::FromAddress(value - kValueOffset));
|
||||
}
|
||||
|
||||
} // namespace internal
|
||||
} // namespace v8
|
||||
|
||||
|
@ -5,7 +5,7 @@
|
||||
#ifndef V8_OBJECTS_CELL_H_
|
||||
#define V8_OBJECTS_CELL_H_
|
||||
|
||||
#include "src/objects.h"
|
||||
#include "src/objects/heap-object.h"
|
||||
|
||||
// Has to be the last include (doesn't have include guards):
|
||||
#include "src/objects/object-macros.h"
|
||||
@ -13,17 +13,14 @@
|
||||
namespace v8 {
|
||||
namespace internal {
|
||||
|
||||
class Cell : public HeapObject {
|
||||
class Cell : public HeapObjectPtr {
|
||||
public:
|
||||
// [value]: value of the cell.
|
||||
DECL_ACCESSORS(value, Object)
|
||||
|
||||
DECL_CAST(Cell)
|
||||
DECL_CAST2(Cell)
|
||||
|
||||
static inline Cell* FromValueAddress(Address value) {
|
||||
Object* result = FromAddress(value - kValueOffset);
|
||||
return static_cast<Cell*>(result);
|
||||
}
|
||||
static inline Cell FromValueAddress(Address value);
|
||||
|
||||
inline Address ValueAddress() { return address() + kValueOffset; }
|
||||
|
||||
@ -38,8 +35,7 @@ class Cell : public HeapObject {
|
||||
typedef FixedBodyDescriptor<kValueOffset, kValueOffset + kPointerSize, kSize>
|
||||
BodyDescriptor;
|
||||
|
||||
private:
|
||||
DISALLOW_IMPLICIT_CONSTRUCTORS(Cell);
|
||||
OBJECT_CONSTRUCTORS(Cell, HeapObjectPtr);
|
||||
};
|
||||
|
||||
} // namespace internal
|
||||
|
@ -624,7 +624,7 @@ class Map : public HeapObjectPtr {
|
||||
inline int NumberOfOwnDescriptors() const;
|
||||
inline void SetNumberOfOwnDescriptors(int number);
|
||||
|
||||
inline Cell* RetrieveDescriptorsPointer();
|
||||
inline Cell RetrieveDescriptorsPointer();
|
||||
|
||||
// Checks whether all properties are stored either in the map or on the object
|
||||
// (inobject, properties, or elements backing store), requiring no special
|
||||
|
@ -140,7 +140,7 @@ void Module::CreateExport(Isolate* isolate, Handle<Module> module,
|
||||
module->set_exports(*exports);
|
||||
}
|
||||
|
||||
Cell* Module::GetCell(int cell_index) {
|
||||
Cell Module::GetCell(int cell_index) {
|
||||
DisallowHeapAllocation no_gc;
|
||||
Object* cell;
|
||||
switch (ModuleDescriptor::GetCellIndexKind(cell_index)) {
|
||||
|
@ -105,7 +105,7 @@ class Module : public Struct {
|
||||
static V8_WARN_UNUSED_RESULT MaybeHandle<Object> Evaluate(
|
||||
Isolate* isolate, Handle<Module> module);
|
||||
|
||||
Cell* GetCell(int cell_index);
|
||||
Cell GetCell(int cell_index);
|
||||
static Handle<Object> LoadVariable(Isolate* isolate, Handle<Module> module,
|
||||
int cell_index);
|
||||
static void StoreVariable(Handle<Module> module, int cell_index,
|
||||
|
@ -1145,7 +1145,7 @@ void V8HeapExplorer::ExtractCodeReferences(HeapEntry* entry, Code code) {
|
||||
Code::kSourcePositionTableOffset);
|
||||
}
|
||||
|
||||
void V8HeapExplorer::ExtractCellReferences(HeapEntry* entry, Cell* cell) {
|
||||
void V8HeapExplorer::ExtractCellReferences(HeapEntry* entry, Cell cell) {
|
||||
SetInternalReference(entry, "value", cell->value(), Cell::kValueOffset);
|
||||
}
|
||||
|
||||
|
@ -363,7 +363,7 @@ class V8HeapExplorer : public HeapEntriesAllocator {
|
||||
AccessorInfo accessor_info);
|
||||
void ExtractAccessorPairReferences(HeapEntry* entry, AccessorPair accessors);
|
||||
void ExtractCodeReferences(HeapEntry* entry, Code code);
|
||||
void ExtractCellReferences(HeapEntry* entry, Cell* cell);
|
||||
void ExtractCellReferences(HeapEntry* entry, Cell cell);
|
||||
void ExtractFeedbackCellReferences(HeapEntry* entry,
|
||||
FeedbackCell feedback_cell);
|
||||
void ExtractPropertyCellReferences(HeapEntry* entry, PropertyCell cell);
|
||||
|
@ -239,11 +239,6 @@ class RelocInfo {
|
||||
WriteBarrierMode write_barrier_mode = UPDATE_WRITE_BARRIER,
|
||||
ICacheFlushMode icache_flush_mode = FLUSH_ICACHE_IF_NEEDED);
|
||||
V8_INLINE Address target_off_heap_target();
|
||||
V8_INLINE Cell* target_cell();
|
||||
V8_INLINE Handle<Cell> target_cell_handle();
|
||||
V8_INLINE void set_target_cell(
|
||||
Cell* cell, WriteBarrierMode write_barrier_mode = UPDATE_WRITE_BARRIER,
|
||||
ICacheFlushMode icache_flush_mode = FLUSH_ICACHE_IF_NEEDED);
|
||||
V8_INLINE void set_target_external_reference(
|
||||
Address, ICacheFlushMode icache_flush_mode = FLUSH_ICACHE_IF_NEEDED);
|
||||
|
||||
|
10
src/roots.h
10
src/roots.h
@ -234,21 +234,21 @@ class RootVisitor;
|
||||
V(Script, empty_script, EmptyScript) \
|
||||
V(FeedbackCell, many_closures_cell, ManyClosuresCell) \
|
||||
V(FeedbackCell, no_feedback_cell, NoFeedbackCell) \
|
||||
V(Cell*, invalid_prototype_validity_cell, InvalidPrototypeValidityCell) \
|
||||
V(Cell, invalid_prototype_validity_cell, InvalidPrototypeValidityCell) \
|
||||
/* Protectors */ \
|
||||
V(Cell*, array_constructor_protector, ArrayConstructorProtector) \
|
||||
V(Cell, array_constructor_protector, ArrayConstructorProtector) \
|
||||
V(PropertyCell, no_elements_protector, NoElementsProtector) \
|
||||
V(Cell*, is_concat_spreadable_protector, IsConcatSpreadableProtector) \
|
||||
V(Cell, is_concat_spreadable_protector, IsConcatSpreadableProtector) \
|
||||
V(PropertyCell, array_species_protector, ArraySpeciesProtector) \
|
||||
V(PropertyCell, typed_array_species_protector, TypedArraySpeciesProtector) \
|
||||
V(PropertyCell, regexp_species_protector, RegExpSpeciesProtector) \
|
||||
V(PropertyCell, promise_species_protector, PromiseSpeciesProtector) \
|
||||
V(Cell*, string_length_protector, StringLengthProtector) \
|
||||
V(Cell, string_length_protector, StringLengthProtector) \
|
||||
V(PropertyCell, array_iterator_protector, ArrayIteratorProtector) \
|
||||
V(PropertyCell, array_buffer_detaching_protector, \
|
||||
ArrayBufferDetachingProtector) \
|
||||
V(PropertyCell, promise_hook_protector, PromiseHookProtector) \
|
||||
V(Cell*, promise_resolve_protector, PromiseResolveProtector) \
|
||||
V(Cell, promise_resolve_protector, PromiseResolveProtector) \
|
||||
V(PropertyCell, map_iterator_protector, MapIteratorProtector) \
|
||||
V(PropertyCell, promise_then_protector, PromiseThenProtector) \
|
||||
V(PropertyCell, set_iterator_protector, SetIteratorProtector) \
|
||||
|
@ -869,7 +869,7 @@ UnalignedSlot Deserializer::ReadDataCase(Isolate* isolate,
|
||||
new_object = reinterpret_cast<Object*>(
|
||||
Code::cast(new_object)->raw_instruction_start());
|
||||
} else {
|
||||
Cell* cell = Cell::cast(new_object);
|
||||
Cell cell = Cell::cast(new_object);
|
||||
new_object = reinterpret_cast<Object*>(cell->ValueAddress());
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user