Commit 2c17e49a authored by Joshua Litt's avatar Joshua Litt Committed by Commit Bot

[protectors] Migrate another batch of protectors

Bug: v8:9463
Change-Id: Ie0e04e102b56ffdfb636e94ef293bb0d46e5f4a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1808485Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63933}
parent 33ff3b05
......@@ -1189,7 +1189,8 @@ bool IterateElements(Isolate* isolate, Handle<JSReceiver> receiver,
static Maybe<bool> IsConcatSpreadable(Isolate* isolate, Handle<Object> obj) {
HandleScope handle_scope(isolate);
if (!obj->IsJSReceiver()) return Just(false);
if (!isolate->IsIsConcatSpreadableLookupChainIntact(JSReceiver::cast(*obj))) {
if (!Protectors::IsIsConcatSpreadableLookupChainIntact(isolate) ||
JSReceiver::cast(*obj).HasProxyInPrototype(isolate)) {
// Slow path if @@isConcatSpreadable has been used.
Handle<Symbol> key(isolate->factory()->is_concat_spreadable_symbol());
Handle<Object> value;
......@@ -1258,7 +1259,7 @@ Object Slow_ArrayConcat(BuiltinArguments* args, Handle<Object> species,
// dictionary.
bool fast_case = is_array_species &&
(estimate_nof * 2) >= estimate_result_length &&
isolate->IsIsConcatSpreadableLookupChainIntact();
Protectors::IsIsConcatSpreadableLookupChainIntact(isolate);
if (fast_case && kind == PACKED_DOUBLE_ELEMENTS) {
Handle<FixedArrayBase> storage =
......@@ -1406,7 +1407,7 @@ bool IsSimpleArray(Isolate* isolate, Handle<JSArray> obj) {
MaybeHandle<JSArray> Fast_ArrayConcat(Isolate* isolate,
BuiltinArguments* args) {
if (!isolate->IsIsConcatSpreadableLookupChainIntact()) {
if (!Protectors::IsIsConcatSpreadableLookupChainIntact(isolate)) {
return MaybeHandle<JSArray>();
}
// We shouldn't overflow when adding another len.
......
......@@ -6193,8 +6193,8 @@ TNode<BoolT> CodeStubAssembler::IsArrayIteratorProtectorCellInvalid() {
TNode<BoolT> CodeStubAssembler::IsPromiseResolveProtectorCellInvalid() {
TNode<Smi> invalid = SmiConstant(Isolate::kProtectorInvalid);
TNode<Cell> cell = PromiseResolveProtectorConstant();
TNode<Object> cell_value = LoadObjectField(cell, Cell::kValueOffset);
TNode<PropertyCell> cell = PromiseResolveProtectorConstant();
TNode<Object> cell_value = LoadObjectField(cell, PropertyCell::kValueOffset);
return TaggedEqual(cell_value, invalid);
}
......
......@@ -2544,7 +2544,9 @@ void JSHeapBroker::InitializeAndStartSerializing(
GetOrCreateData(f->promise_then_protector())
->AsPropertyCell()
->Serialize(this);
GetOrCreateData(f->string_length_protector())->AsCell()->Serialize(this);
GetOrCreateData(f->string_length_protector())
->AsPropertyCell()
->Serialize(this);
// - CEntry stub
GetOrCreateData(
CodeFactory::CEntry(isolate(), 1, kDontSaveFPRegs, kArgvOnStack, true));
......
......@@ -567,8 +567,8 @@ Reduction JSTypedLowering::ReduceJSAdd(Node* node) {
Node* length =
graph()->NewNode(simplified()->NumberAdd(), left_length, right_length);
CellRef string_length_protector(broker(),
factory()->string_length_protector());
PropertyCellRef string_length_protector(
broker(), factory()->string_length_protector());
if (string_length_protector.value().AsSmi() == Isolate::kProtectorValid) {
// We can just deoptimize if the {length} is out-of-bounds. Besides
// generating a shorter code sequence than the version below, this
......
......@@ -113,17 +113,6 @@ Isolate::ExceptionScope::~ExceptionScope() {
NATIVE_CONTEXT_FIELDS(NATIVE_CONTEXT_FIELD_ACCESSOR)
#undef NATIVE_CONTEXT_FIELD_ACCESSOR
bool Isolate::IsStringLengthOverflowIntact() {
Cell string_length_cell = Cell::cast(root(RootIndex::kStringLengthProtector));
return string_length_cell.value() == Smi::FromInt(kProtectorValid);
}
bool Isolate::IsArrayBufferDetachingIntact() {
PropertyCell buffer_detaching =
PropertyCell::cast(root(RootIndex::kArrayBufferDetachingProtector));
return buffer_detaching.value() == Smi::FromInt(kProtectorValid);
}
} // namespace internal
} // namespace v8
......
......@@ -3881,38 +3881,6 @@ bool Isolate::IsNoElementsProtectorIntact() {
return Isolate::IsNoElementsProtectorIntact(context());
}
bool Isolate::IsIsConcatSpreadableLookupChainIntact() {
Cell is_concat_spreadable_cell = heap()->is_concat_spreadable_protector();
bool is_is_concat_spreadable_set =
Smi::ToInt(is_concat_spreadable_cell.value()) == kProtectorInvalid;
#ifdef DEBUG
Map root_array_map =
raw_native_context().GetInitialJSArrayMap(GetInitialFastElementsKind());
if (root_array_map.is_null()) {
// Ignore the value of is_concat_spreadable during bootstrap.
return !is_is_concat_spreadable_set;
}
Handle<Object> array_prototype(array_function()->prototype(), this);
Handle<Symbol> key = factory()->is_concat_spreadable_symbol();
Handle<Object> value;
LookupIterator it(this, array_prototype, key);
if (it.IsFound() && !JSReceiver::GetDataProperty(&it)->IsUndefined(this)) {
// TODO(cbruni): Currently we do not revert if we unset the
// @@isConcatSpreadable property on Array.prototype or Object.prototype
// hence the reverse implication doesn't hold.
DCHECK(is_is_concat_spreadable_set);
return false;
}
#endif // DEBUG
return !is_is_concat_spreadable_set;
}
bool Isolate::IsIsConcatSpreadableLookupChainIntact(JSReceiver receiver) {
if (!IsIsConcatSpreadableLookupChainIntact()) return false;
return !receiver.HasProxyInPrototype(this);
}
bool Isolate::IsPromiseHookProtectorIntact() {
PropertyCell promise_hook_cell = heap()->promise_hook_protector();
bool is_promise_hook_protector_intact =
......@@ -3924,13 +3892,6 @@ bool Isolate::IsPromiseHookProtectorIntact() {
return is_promise_hook_protector_intact;
}
bool Isolate::IsPromiseResolveLookupChainIntact() {
Cell promise_resolve_cell = heap()->promise_resolve_protector();
bool is_promise_resolve_protector_intact =
Smi::ToInt(promise_resolve_cell.value()) == kProtectorValid;
return is_promise_resolve_protector_intact;
}
void Isolate::UpdateNoElementsProtectorOnSetElement(Handle<JSObject> object) {
DisallowHeapAllocation no_gc;
if (!object->map().is_prototype_map()) return;
......@@ -3956,38 +3917,6 @@ void Isolate::TraceProtectorInvalidation(const char* protector_name) {
protector_name);
}
void Isolate::InvalidateIsConcatSpreadableProtector() {
DCHECK(factory()->is_concat_spreadable_protector()->value().IsSmi());
DCHECK(IsIsConcatSpreadableLookupChainIntact());
if (FLAG_trace_protector_invalidation) {
TraceProtectorInvalidation("is_concat_spreadable_protector");
}
factory()->is_concat_spreadable_protector()->set_value(
Smi::FromInt(kProtectorInvalid));
DCHECK(!IsIsConcatSpreadableLookupChainIntact());
}
void Isolate::InvalidateStringLengthOverflowProtector() {
DCHECK(factory()->string_length_protector()->value().IsSmi());
DCHECK(IsStringLengthOverflowIntact());
if (FLAG_trace_protector_invalidation) {
TraceProtectorInvalidation("string_length_protector");
}
factory()->string_length_protector()->set_value(
Smi::FromInt(kProtectorInvalid));
DCHECK(!IsStringLengthOverflowIntact());
}
void Isolate::InvalidateArrayBufferDetachingProtector() {
DCHECK(factory()->array_buffer_detaching_protector()->value().IsSmi());
DCHECK(IsArrayBufferDetachingIntact());
PropertyCell::SetValueWithInvalidation(
this, "array_buffer_detaching_protector",
factory()->array_buffer_detaching_protector(),
handle(Smi::FromInt(kProtectorInvalid), this));
DCHECK(!IsArrayBufferDetachingIntact());
}
void Isolate::InvalidatePromiseHookProtector() {
DCHECK(factory()->promise_hook_protector()->value().IsSmi());
DCHECK(IsPromiseHookProtectorIntact());
......@@ -3997,17 +3926,6 @@ void Isolate::InvalidatePromiseHookProtector() {
DCHECK(!IsPromiseHookProtectorIntact());
}
void Isolate::InvalidatePromiseResolveProtector() {
DCHECK(factory()->promise_resolve_protector()->value().IsSmi());
DCHECK(IsPromiseResolveLookupChainIntact());
if (FLAG_trace_protector_invalidation) {
TraceProtectorInvalidation("promise_resolve_protector");
}
factory()->promise_resolve_protector()->set_value(
Smi::FromInt(kProtectorInvalid));
DCHECK(!IsPromiseResolveLookupChainIntact());
}
bool Isolate::IsAnyInitialArrayPrototype(Handle<JSArray> array) {
DisallowHeapAllocation no_gc;
return IsInAnyContext(*array, Context::INITIAL_ARRAY_PROTOTYPE_INDEX);
......
......@@ -1174,21 +1174,10 @@ class Isolate final : private HiddenFactory {
bool IsArrayOrObjectOrStringPrototype(Object object);
bool IsIsConcatSpreadableLookupChainIntact();
bool IsIsConcatSpreadableLookupChainIntact(JSReceiver receiver);
inline bool IsStringLengthOverflowIntact();
// Make sure we do check for detached array buffers.
inline bool IsArrayBufferDetachingIntact();
// Disable promise optimizations if promise (debug) hooks have ever been
// active, because those can observe promises.
bool IsPromiseHookProtectorIntact();
// Make sure a lookup of "resolve" on the %Promise% intrinsic object
// yeidls the initial Promise.resolve method.
bool IsPromiseResolveLookupChainIntact();
// On intent to set an element in object, make sure that appropriate
// notifications occur if the set is on the elements of the array or
// object prototype. Also ensure that changes to prototype chain between
......@@ -1207,11 +1196,7 @@ class Isolate final : private HiddenFactory {
// The `protector_name` C string must be statically allocated.
void TraceProtectorInvalidation(const char* protector_name);
void InvalidateIsConcatSpreadableProtector();
void InvalidateStringLengthOverflowProtector();
void InvalidateArrayBufferDetachingProtector();
V8_EXPORT_PRIVATE void InvalidatePromiseHookProtector();
void InvalidatePromiseResolveProtector();
// Returns true if array is the initial array prototype in any native context.
bool IsAnyInitialArrayPrototype(Handle<JSArray> array);
......
......@@ -19,10 +19,14 @@ class Protectors : public AllStatic {
V(RegExpSpeciesLookupChainProtector, regexp_species_protector)
#define DECLARED_PROTECTORS_ON_ISOLATE(V) \
V(ArraySpeciesLookupChain, ArraySpeciesProtector, array_species_protector) \
V(ArrayBufferDetaching, ArrayBufferDetachingProtector, \
array_buffer_detaching_protector) \
V(ArrayConstructor, ArrayConstructorProtector, array_constructor_protector) \
V(ArrayIteratorLookupChain, ArrayIteratorProtector, \
array_iterator_protector) \
V(ArraySpeciesLookupChain, ArraySpeciesProtector, array_species_protector) \
V(IsConcatSpreadableLookupChain, IsConcatSpreadableProtector, \
is_concat_spreadable_protector) \
\
/* The MapIterator protector protects the original iteration behaviors */ \
/* of Map.prototype.keys(), Map.prototype.values(), and */ \
......@@ -37,6 +41,8 @@ class Protectors : public AllStatic {
/* invalidates the SetIterator protector (see below). */ \
V(MapIteratorLookupChain, MapIteratorProtector, map_iterator_protector) \
V(PromiseThenLookupChain, PromiseThenProtector, promise_then_protector) \
V(PromiseResolveLookupChain, PromiseResolveProtector, \
promise_resolve_protector) \
V(PromiseSpeciesLookupChain, PromiseSpeciesProtector, \
promise_species_protector) \
\
......@@ -69,6 +75,8 @@ class Protectors : public AllStatic {
/* non-configurable and non-writable. */ \
V(StringIteratorLookupChain, StringIteratorProtector, \
string_iterator_protector) \
V(StringLengthOverflowLookupChain, StringLengthProtector, \
string_length_protector) \
V(TypedArraySpeciesLookupChain, TypedArraySpeciesProtector, \
typed_array_species_protector)
......
......@@ -11,6 +11,7 @@
#include "src/builtins/constants-table-builder.h"
#include "src/codegen/compiler.h"
#include "src/execution/isolate-inl.h"
#include "src/execution/protectors-inl.h"
#include "src/heap/heap-inl.h"
#include "src/heap/incremental-marking.h"
#include "src/heap/mark-compact-inl.h"
......@@ -2290,8 +2291,8 @@ Handle<Object> Factory::NewInvalidStringLengthError() {
FATAL("Aborting on invalid string length");
}
// Invalidate the "string length" protector.
if (isolate()->IsStringLengthOverflowIntact()) {
isolate()->InvalidateStringLengthOverflowProtector();
if (Protectors::IsStringLengthOverflowLookupChainIntact(isolate())) {
Protectors::InvalidateStringLengthOverflowLookupChain(isolate());
}
return NewRangeError(MessageTemplate::kInvalidStringLength);
}
......
......@@ -839,6 +839,14 @@ void Heap::CreateInitialObjects() {
script->set_origin_options(ScriptOriginOptions(true, false));
set_empty_script(*script);
{
Handle<PropertyCell> cell = factory->NewPropertyCell(
factory->empty_string(), AllocationType::kReadOnly);
cell->set_value(roots.the_hole_value());
set_empty_property_cell(*cell);
}
// Protectors
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
......@@ -846,66 +854,103 @@ void Heap::CreateInitialObjects() {
set_array_constructor_protector(*cell);
}
Handle<PropertyCell> cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_no_elements_protector(*cell);
cell = factory->NewPropertyCell(factory->empty_string(),
AllocationType::kReadOnly);
cell->set_value(roots.the_hole_value());
set_empty_property_cell(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_no_elements_protector(*cell);
}
cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_array_iterator_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_array_iterator_protector(*cell);
}
cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_map_iterator_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_map_iterator_protector(*cell);
}
cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_set_iterator_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_set_iterator_protector(*cell);
}
Handle<Cell> is_concat_spreadable_cell = factory->NewCell(
handle(Smi::FromInt(Isolate::kProtectorValid), isolate()));
set_is_concat_spreadable_protector(*is_concat_spreadable_cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_is_concat_spreadable_protector(*cell);
}
cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_array_species_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_array_species_protector(*cell);
}
cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_typed_array_species_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_typed_array_species_protector(*cell);
}
cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_promise_species_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_promise_species_protector(*cell);
}
cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_string_iterator_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_string_iterator_protector(*cell);
}
Handle<Cell> string_length_overflow_cell = factory->NewCell(
handle(Smi::FromInt(Isolate::kProtectorValid), isolate()));
set_string_length_protector(*string_length_overflow_cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_string_length_protector(*cell);
}
cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_array_buffer_detaching_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_array_buffer_detaching_protector(*cell);
}
cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_promise_hook_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_promise_hook_protector(*cell);
}
Handle<Cell> promise_resolve_cell = factory->NewCell(
handle(Smi::FromInt(Isolate::kProtectorValid), isolate()));
set_promise_resolve_protector(*promise_resolve_cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_promise_resolve_protector(*cell);
}
cell = factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_promise_then_protector(*cell);
{
Handle<PropertyCell> cell =
factory->NewPropertyCell(factory->empty_string());
cell->set_value(Smi::FromInt(Isolate::kProtectorValid));
set_promise_then_protector(*cell);
}
set_serialized_objects(roots.empty_fixed_array());
set_serialized_global_proxy_sizes(roots.empty_fixed_array());
......
......@@ -5,6 +5,7 @@
#include "src/objects/js-array-buffer.h"
#include "src/objects/js-array-buffer-inl.h"
#include "src/execution/protectors-inl.h"
#include "src/logging/counters.h"
#include "src/objects/property-descriptor.h"
......@@ -58,8 +59,8 @@ void JSArrayBuffer::Detach(bool force_for_wasm_memory) {
CHECK_IMPLIES(force_for_wasm_memory, backing_store->is_wasm_memory());
}
if (isolate->IsArrayBufferDetachingIntact()) {
isolate->InvalidateArrayBufferDetachingProtector();
if (Protectors::IsArrayBufferDetachingIntact(isolate)) {
Protectors::InvalidateArrayBufferDetaching(isolate);
}
DCHECK(!is_shared());
......
......@@ -375,8 +375,8 @@ void LookupIterator::InternalUpdateProtector() {
Protectors::InvalidateTypedArraySpeciesLookupChain(isolate_);
}
} else if (*name_ == roots.is_concat_spreadable_symbol()) {
if (!isolate_->IsIsConcatSpreadableLookupChainIntact()) return;
isolate_->InvalidateIsConcatSpreadableProtector();
if (!Protectors::IsIsConcatSpreadableLookupChainIntact(isolate_)) return;
Protectors::InvalidateIsConcatSpreadableLookupChain(isolate_);
} else if (*name_ == roots.iterator_symbol()) {
if (receiver->IsJSArray(isolate_)) {
if (!Protectors::IsArrayIteratorLookupChainIntact(isolate_)) return;
......@@ -413,11 +413,11 @@ void LookupIterator::InternalUpdateProtector() {
Protectors::InvalidateStringIteratorLookupChain(isolate_);
}
} else if (*name_ == roots.resolve_string()) {
if (!isolate_->IsPromiseResolveLookupChainIntact()) return;
if (!Protectors::IsPromiseResolveLookupChainIntact(isolate_)) return;
// Setting the "resolve" property on any %Promise% intrinsic object
// invalidates the Promise.resolve protector.
if (isolate_->IsInAnyContext(*receiver, Context::PROMISE_FUNCTION_INDEX)) {
isolate_->InvalidatePromiseResolveProtector();
Protectors::InvalidatePromiseResolveLookupChain(isolate_);
}
} else if (*name_ == roots.then_string()) {
if (!Protectors::IsPromiseThenLookupChainIntact(isolate_)) return;
......
......@@ -206,37 +206,37 @@ class Symbol;
// Mutable roots that are known to be immortal immovable, for which we can
// safely skip write barriers.
#define STRONG_MUTABLE_IMMOVABLE_ROOT_LIST(V) \
ACCESSOR_INFO_ROOT_LIST(V) \
/* Maps */ \
V(Map, external_map, ExternalMap) \
V(Map, message_object_map, JSMessageObjectMap) \
/* Canonical empty values */ \
V(Script, empty_script, EmptyScript) \
V(FeedbackCell, many_closures_cell, ManyClosuresCell) \
V(Cell, invalid_prototype_validity_cell, InvalidPrototypeValidityCell) \
/* Protectors */ \
V(PropertyCell, array_constructor_protector, ArrayConstructorProtector) \
V(PropertyCell, no_elements_protector, NoElementsProtector) \
V(Cell, is_concat_spreadable_protector, IsConcatSpreadableProtector) \
V(PropertyCell, array_species_protector, ArraySpeciesProtector) \
V(PropertyCell, typed_array_species_protector, TypedArraySpeciesProtector) \
V(PropertyCell, promise_species_protector, PromiseSpeciesProtector) \
V(Cell, string_length_protector, StringLengthProtector) \
V(PropertyCell, array_iterator_protector, ArrayIteratorProtector) \
V(PropertyCell, array_buffer_detaching_protector, \
ArrayBufferDetachingProtector) \
V(PropertyCell, promise_hook_protector, PromiseHookProtector) \
V(Cell, promise_resolve_protector, PromiseResolveProtector) \
V(PropertyCell, map_iterator_protector, MapIteratorProtector) \
V(PropertyCell, promise_then_protector, PromiseThenProtector) \
V(PropertyCell, set_iterator_protector, SetIteratorProtector) \
V(PropertyCell, string_iterator_protector, StringIteratorProtector) \
/* Caches */ \
V(FixedArray, single_character_string_cache, SingleCharacterStringCache) \
V(FixedArray, string_split_cache, StringSplitCache) \
V(FixedArray, regexp_multiple_cache, RegExpMultipleCache) \
/* Indirection lists for isolate-independent builtins */ \
#define STRONG_MUTABLE_IMMOVABLE_ROOT_LIST(V) \
ACCESSOR_INFO_ROOT_LIST(V) \
/* Maps */ \
V(Map, external_map, ExternalMap) \
V(Map, message_object_map, JSMessageObjectMap) \
/* Canonical empty values */ \
V(Script, empty_script, EmptyScript) \
V(FeedbackCell, many_closures_cell, ManyClosuresCell) \
V(Cell, invalid_prototype_validity_cell, InvalidPrototypeValidityCell) \
/* Protectors */ \
V(PropertyCell, array_constructor_protector, ArrayConstructorProtector) \
V(PropertyCell, no_elements_protector, NoElementsProtector) \
V(PropertyCell, is_concat_spreadable_protector, IsConcatSpreadableProtector) \
V(PropertyCell, array_species_protector, ArraySpeciesProtector) \
V(PropertyCell, typed_array_species_protector, TypedArraySpeciesProtector) \
V(PropertyCell, promise_species_protector, PromiseSpeciesProtector) \
V(PropertyCell, string_length_protector, StringLengthProtector) \
V(PropertyCell, array_iterator_protector, ArrayIteratorProtector) \
V(PropertyCell, array_buffer_detaching_protector, \
ArrayBufferDetachingProtector) \
V(PropertyCell, promise_hook_protector, PromiseHookProtector) \
V(PropertyCell, promise_resolve_protector, PromiseResolveProtector) \
V(PropertyCell, map_iterator_protector, MapIteratorProtector) \
V(PropertyCell, promise_then_protector, PromiseThenProtector) \
V(PropertyCell, set_iterator_protector, SetIteratorProtector) \
V(PropertyCell, string_iterator_protector, StringIteratorProtector) \
/* Caches */ \
V(FixedArray, single_character_string_cache, SingleCharacterStringCache) \
V(FixedArray, string_split_cache, StringSplitCache) \
V(FixedArray, regexp_multiple_cache, RegExpMultipleCache) \
/* Indirection lists for isolate-independent builtins */ \
V(FixedArray, builtins_constants_table, BuiltinsConstantsTable)
// These root references can be updated by the mutator.
......
......@@ -406,22 +406,22 @@ KNOWN_OBJECTS = {
("old_space", 0x00709): "ArrayConstructorProtector",
("old_space", 0x00731): "NoElementsProtector",
("old_space", 0x00759): "IsConcatSpreadableProtector",
("old_space", 0x00769): "ArraySpeciesProtector",
("old_space", 0x00791): "TypedArraySpeciesProtector",
("old_space", 0x007b9): "PromiseSpeciesProtector",
("old_space", 0x007e1): "StringLengthProtector",
("old_space", 0x007f1): "ArrayIteratorProtector",
("old_space", 0x00819): "ArrayBufferDetachingProtector",
("old_space", 0x00841): "PromiseHookProtector",
("old_space", 0x00869): "PromiseResolveProtector",
("old_space", 0x00879): "MapIteratorProtector",
("old_space", 0x008a1): "PromiseThenProtector",
("old_space", 0x008c9): "SetIteratorProtector",
("old_space", 0x008f1): "StringIteratorProtector",
("old_space", 0x00919): "SingleCharacterStringCache",
("old_space", 0x01129): "StringSplitCache",
("old_space", 0x01939): "RegExpMultipleCache",
("old_space", 0x02149): "BuiltinsConstantsTable",
("old_space", 0x00781): "ArraySpeciesProtector",
("old_space", 0x007a9): "TypedArraySpeciesProtector",
("old_space", 0x007d1): "PromiseSpeciesProtector",
("old_space", 0x007f9): "StringLengthProtector",
("old_space", 0x00821): "ArrayIteratorProtector",
("old_space", 0x00849): "ArrayBufferDetachingProtector",
("old_space", 0x00871): "PromiseHookProtector",
("old_space", 0x00899): "PromiseResolveProtector",
("old_space", 0x008c1): "MapIteratorProtector",
("old_space", 0x008e9): "PromiseThenProtector",
("old_space", 0x00911): "SetIteratorProtector",
("old_space", 0x00939): "StringIteratorProtector",
("old_space", 0x00961): "SingleCharacterStringCache",
("old_space", 0x01171): "StringSplitCache",
("old_space", 0x01981): "RegExpMultipleCache",
("old_space", 0x02191): "BuiltinsConstantsTable",
}
# List of known V8 Frame Markers.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment