[protectors] Move PromiseSpeciesProtector to Protectors

Bug: v8:9463
Change-Id: I49d74c5103f4ee2e09114a609cffe82c838655dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792782Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63646}

src/execution/isolate-inl.h

@@ -119,13 +119,6 @@ bool Isolate::IsArrayConstructorIntact() {
   return array_constructor_cell.value() == Smi::FromInt(kProtectorValid);
 }
 
-bool Isolate::IsPromiseSpeciesLookupChainIntact() {
-  PropertyCell species_cell =
-      PropertyCell::cast(root(RootIndex::kPromiseSpeciesProtector));
-  return species_cell.value().IsSmi() &&
-         Smi::ToInt(species_cell.value()) == kProtectorValid;
-}
-
 bool Isolate::IsStringLengthOverflowIntact() {
   Cell string_length_cell = Cell::cast(root(RootIndex::kStringLengthProtector));
   return string_length_cell.value() == Smi::FromInt(kProtectorValid);

src/execution/isolate.cc

@@ -4000,15 +4000,6 @@ void Isolate::InvalidateArrayConstructorProtector() {
   DCHECK(!IsArrayConstructorIntact());
 }
 
-void Isolate::InvalidatePromiseSpeciesProtector() {
-  DCHECK(factory()->promise_species_protector()->value().IsSmi());
-  DCHECK(IsPromiseSpeciesLookupChainIntact());
-  PropertyCell::SetValueWithInvalidation(
-      this, "promise_species_protector", factory()->promise_species_protector(),
-      handle(Smi::FromInt(kProtectorInvalid), this));
-  DCHECK(!IsPromiseSpeciesLookupChainIntact());
-}
-
 void Isolate::InvalidateStringLengthOverflowProtector() {
   DCHECK(factory()->string_length_protector()->value().IsSmi());
   DCHECK(IsStringLengthOverflowIntact());

src/execution/isolate.h

@@ -1176,12 +1176,6 @@ class Isolate final : private HiddenFactory {
 
   bool IsArrayOrObjectOrStringPrototype(Object object);
 
-  // Check that the @@species protector is intact, which guards the lookup of
-  // "constructor" on JSPromise instances, whose [[Prototype]] is the initial
-  // %PromisePrototype%, and the Symbol.species lookup on the
-  // %PromisePrototype%.
-  inline bool IsPromiseSpeciesLookupChainIntact();
-
   bool IsIsConcatSpreadableLookupChainIntact();
   bool IsIsConcatSpreadableLookupChainIntact(JSReceiver receiver);
   inline bool IsStringLengthOverflowIntact();
@@ -1262,7 +1256,6 @@ class Isolate final : private HiddenFactory {
 
   void InvalidateArrayConstructorProtector();
   void InvalidateRegExpSpeciesProtector(Handle<NativeContext> native_context);
-  void InvalidatePromiseSpeciesProtector();
   void InvalidateIsConcatSpreadableProtector();
   void InvalidateStringLengthOverflowProtector();
   void InvalidateArrayIteratorProtector();

src/execution/protectors.h

@@ -20,6 +20,8 @@ class Protectors : public AllStatic {
 
 #define DECLARED_PROTECTORS_ON_ISOLATE(V)                                    \
   V(ArraySpeciesLookupChain, ArraySpeciesProtector, array_species_protector) \
+  V(PromiseSpeciesLookupChain, PromiseSpeciesProtector,                      \
+    promise_species_protector)                                               \
   V(TypedArraySpeciesLookupChain, TypedArraySpeciesProtector,                \
     typed_array_species_protector)
 

src/objects/lookup.cc

@@ -248,7 +248,7 @@ void LookupIterator::InternalUpdateProtector() {
     }
 
     if (!Protectors::IsArraySpeciesLookupChainIntact(isolate_) &&
-        !isolate_->IsPromiseSpeciesLookupChainIntact() &&
+        !Protectors::IsPromiseSpeciesLookupChainIntact(isolate_) &&
         !Protectors::IsRegExpSpeciesLookupChainProtectorIntact(
             native_context) &&
         !Protectors::IsTypedArraySpeciesLookupChainIntact(isolate_)) {
@@ -262,8 +262,8 @@ void LookupIterator::InternalUpdateProtector() {
       Protectors::InvalidateArraySpeciesLookupChain(isolate_);
       return;
     } else if (receiver->IsJSPromise(isolate_)) {
-      if (!isolate_->IsPromiseSpeciesLookupChainIntact()) return;
-      isolate_->InvalidatePromiseSpeciesProtector();
+      if (!Protectors::IsPromiseSpeciesLookupChainIntact(isolate_)) return;
+      Protectors::InvalidatePromiseSpeciesLookupChain(isolate_);
       return;
     } else if (receiver->IsJSRegExp(isolate_)) {
       if (!Protectors::IsRegExpSpeciesLookupChainProtectorIntact(
@@ -293,8 +293,8 @@ void LookupIterator::InternalUpdateProtector() {
         Protectors::InvalidateArraySpeciesLookupChain(isolate_);
       } else if (isolate_->IsInAnyContext(*receiver,
                                           Context::PROMISE_PROTOTYPE_INDEX)) {
-        if (!isolate_->IsPromiseSpeciesLookupChainIntact()) return;
-        isolate_->InvalidatePromiseSpeciesProtector();
+        if (!Protectors::IsPromiseSpeciesLookupChainIntact(isolate_)) return;
+        Protectors::InvalidatePromiseSpeciesLookupChain(isolate_);
       } else if (isolate_->IsInAnyContext(*receiver,
                                           Context::REGEXP_PROTOTYPE_INDEX)) {
         if (!Protectors::IsRegExpSpeciesLookupChainProtectorIntact(
@@ -344,7 +344,7 @@ void LookupIterator::InternalUpdateProtector() {
     }
 
     if (!Protectors::IsArraySpeciesLookupChainIntact(isolate_) &&
-        !isolate_->IsPromiseSpeciesLookupChainIntact() &&
+        !Protectors::IsPromiseSpeciesLookupChainIntact(isolate_) &&
         !Protectors::IsRegExpSpeciesLookupChainProtectorIntact(
             native_context) &&
         !Protectors::IsTypedArraySpeciesLookupChainIntact(isolate_)) {
@@ -359,8 +359,8 @@ void LookupIterator::InternalUpdateProtector() {
       Protectors::InvalidateArraySpeciesLookupChain(isolate_);
     } else if (isolate_->IsInAnyContext(*receiver,
                                         Context::PROMISE_FUNCTION_INDEX)) {
-      if (!isolate_->IsPromiseSpeciesLookupChainIntact()) return;
-      isolate_->InvalidatePromiseSpeciesProtector();
+      if (!Protectors::IsPromiseSpeciesLookupChainIntact(isolate_)) return;
+      Protectors::InvalidatePromiseSpeciesLookupChain(isolate_);
     } else if (isolate_->IsInAnyContext(*receiver,
                                         Context::REGEXP_FUNCTION_INDEX)) {
       if (!Protectors::IsRegExpSpeciesLookupChainProtectorIntact(