Commit 54fb5e38 authored by Jakob Kummerow's avatar Jakob Kummerow Committed by Commit Bot

[ubsan] Port PropertyCell to the new design

Bug: v8:3770
Change-Id: Ib387ecfe17a5ebaea9e6b97eff171b803da5b0d3
Reviewed-on: https://chromium-review.googlesource.com/c/1380692
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Reviewed-by: 's avatarAlexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58317}
parent 11a4da99
......@@ -173,6 +173,7 @@ class Handle final : public HandleBase {
std::is_same<S, OrderedHashMap>::value ||
std::is_same<S, OrderedHashSet>::value ||
std::is_same<S, OrderedNameDictionary>::value ||
std::is_same<S, PropertyCell>::value ||
std::is_same<S, ScriptContextTable>::value ||
std::is_same<S, ScopeInfo>::value ||
std::is_same<S, SharedFunctionInfo>::value ||
......
......@@ -65,7 +65,7 @@ class WasmInstanceObject;
V(Oddball, Oddball*) \
V(PreParsedScopeData, PreParsedScopeData) \
V(PropertyArray, PropertyArray) \
V(PropertyCell, PropertyCell*) \
V(PropertyCell, PropertyCell) \
V(PrototypeInfo, PrototypeInfo) \
V(SeqOneByteString, SeqOneByteString) \
V(SeqTwoByteString, SeqTwoByteString) \
......
......@@ -154,25 +154,25 @@ bool Isolate::IsArraySpeciesLookupChainIntact() {
// done here. In place, there are mjsunit tests harmony/array-species* which
// ensure that behavior is correct in various invalid protector cases.
PropertyCell* species_cell = heap()->array_species_protector();
PropertyCell species_cell = heap()->array_species_protector();
return species_cell->value()->IsSmi() &&
Smi::ToInt(species_cell->value()) == kProtectorValid;
}
bool Isolate::IsTypedArraySpeciesLookupChainIntact() {
PropertyCell* species_cell = heap()->typed_array_species_protector();
PropertyCell species_cell = heap()->typed_array_species_protector();
return species_cell->value()->IsSmi() &&
Smi::ToInt(species_cell->value()) == kProtectorValid;
}
bool Isolate::IsRegExpSpeciesLookupChainIntact() {
PropertyCell* species_cell = heap()->regexp_species_protector();
PropertyCell species_cell = heap()->regexp_species_protector();
return species_cell->value()->IsSmi() &&
Smi::ToInt(species_cell->value()) == kProtectorValid;
}
bool Isolate::IsPromiseSpeciesLookupChainIntact() {
PropertyCell* species_cell = heap()->promise_species_protector();
PropertyCell species_cell = heap()->promise_species_protector();
return species_cell->value()->IsSmi() &&
Smi::ToInt(species_cell->value()) == kProtectorValid;
}
......@@ -183,27 +183,27 @@ bool Isolate::IsStringLengthOverflowIntact() {
}
bool Isolate::IsArrayBufferDetachingIntact() {
PropertyCell* buffer_detaching = heap()->array_buffer_detaching_protector();
PropertyCell buffer_detaching = heap()->array_buffer_detaching_protector();
return buffer_detaching->value() == Smi::FromInt(kProtectorValid);
}
bool Isolate::IsArrayIteratorLookupChainIntact() {
PropertyCell* array_iterator_cell = heap()->array_iterator_protector();
PropertyCell array_iterator_cell = heap()->array_iterator_protector();
return array_iterator_cell->value() == Smi::FromInt(kProtectorValid);
}
bool Isolate::IsMapIteratorLookupChainIntact() {
PropertyCell* map_iterator_cell = heap()->map_iterator_protector();
PropertyCell map_iterator_cell = heap()->map_iterator_protector();
return map_iterator_cell->value() == Smi::FromInt(kProtectorValid);
}
bool Isolate::IsSetIteratorLookupChainIntact() {
PropertyCell* set_iterator_cell = heap()->set_iterator_protector();
PropertyCell set_iterator_cell = heap()->set_iterator_protector();
return set_iterator_cell->value() == Smi::FromInt(kProtectorValid);
}
bool Isolate::IsStringIteratorLookupChainIntact() {
PropertyCell* string_iterator_cell = heap()->string_iterator_protector();
PropertyCell string_iterator_cell = heap()->string_iterator_protector();
return string_iterator_cell->value() == Smi::FromInt(kProtectorValid);
}
......
......@@ -3595,7 +3595,7 @@ bool Isolate::IsInAnyContext(Object* object, uint32_t index) {
}
bool Isolate::IsNoElementsProtectorIntact(Context context) {
PropertyCell* no_elements_cell = heap()->no_elements_protector();
PropertyCell no_elements_cell = heap()->no_elements_protector();
bool cell_reports_intact =
no_elements_cell->value()->IsSmi() &&
Smi::ToInt(no_elements_cell->value()) == kProtectorValid;
......@@ -3712,7 +3712,7 @@ bool Isolate::IsIsConcatSpreadableLookupChainIntact(JSReceiver receiver) {
}
bool Isolate::IsPromiseHookProtectorIntact() {
PropertyCell* promise_hook_cell = heap()->promise_hook_protector();
PropertyCell promise_hook_cell = heap()->promise_hook_protector();
bool is_promise_hook_protector_intact =
Smi::ToInt(promise_hook_cell->value()) == kProtectorValid;
DCHECK_IMPLIES(is_promise_hook_protector_intact,
......@@ -3730,7 +3730,7 @@ bool Isolate::IsPromiseResolveLookupChainIntact() {
}
bool Isolate::IsPromiseThenLookupChainIntact() {
PropertyCell* promise_then_cell = heap()->promise_then_protector();
PropertyCell promise_then_cell = heap()->promise_then_protector();
bool is_promise_then_protector_intact =
Smi::ToInt(promise_then_cell->value()) == kProtectorValid;
return is_promise_then_protector_intact;
......
......@@ -1125,7 +1125,7 @@ LookupIterator::State LookupIterator::LookupInSpecialHolder(
int number = dict->FindEntry(isolate(), name_);
if (number == GlobalDictionary::kNotFound) return NOT_FOUND;
number_ = static_cast<uint32_t>(number);
PropertyCell* cell = dict->CellAt(number_);
PropertyCell cell = dict->CellAt(number_);
if (cell->value()->IsTheHole(isolate_)) return NOT_FOUND;
property_details_ = cell->property_details();
has_property_ = true;
......
......@@ -1525,7 +1525,7 @@ void Cell::CellPrint(std::ostream& os) { // NOLINT
}
void PropertyCell::PropertyCellPrint(std::ostream& os) { // NOLINT
HeapObject::PrintHeader(os, "PropertyCell");
PrintHeader(os, "PropertyCell");
os << "\n - name: ";
name()->NamePrint(os);
os << "\n - value: " << Brief(value());
......
......@@ -3733,7 +3733,7 @@ void HeapObject::HeapObjectShortPrint(std::ostream& os) { // NOLINT
break;
}
case PROPERTY_CELL_TYPE: {
PropertyCell* cell = PropertyCell::cast(this);
PropertyCell cell = PropertyCell::cast(this);
os << "<PropertyCell name=";
cell->name()->ShortPrint(os);
os << " value=";
......
......@@ -101,7 +101,7 @@ RootIndex NameDictionaryShape::GetMapRootIndex() {
return RootIndex::kNameDictionaryMap;
}
PropertyCell* GlobalDictionary::CellAt(int entry) {
PropertyCell GlobalDictionary::CellAt(int entry) {
DCHECK(KeyAt(entry)->IsPropertyCell());
return PropertyCell::cast(KeyAt(entry));
}
......@@ -197,7 +197,7 @@ template <typename Dictionary>
void GlobalDictionaryShape::DetailsAtPut(Isolate* isolate, Dictionary dict,
int entry, PropertyDetails value) {
DCHECK_LE(0, entry); // Not found is -1, which is not caught by get().
PropertyCell* cell = dict->CellAt(entry);
PropertyCell cell = dict->CellAt(entry);
if (cell->property_details().IsReadOnly() != value.IsReadOnly()) {
cell->dependent_code()->DeoptimizeDependentCodeGroup(
isolate, DependentCode::kPropertyCellChangedGroup);
......
......@@ -233,7 +233,7 @@ class GlobalDictionary
DECL_CAST2(GlobalDictionary)
inline Object* ValueAt(int entry);
inline PropertyCell* CellAt(int entry);
inline PropertyCell CellAt(int entry);
inline void SetEntry(Isolate* isolate, int entry, Object* key, Object* value,
PropertyDetails details);
inline Name NameAt(int entry);
......
......@@ -16,7 +16,9 @@
namespace v8 {
namespace internal {
CAST_ACCESSOR(PropertyCell)
OBJECT_CONSTRUCTORS_IMPL(PropertyCell, HeapObjectPtr)
CAST_ACCESSOR2(PropertyCell)
ACCESSORS2(PropertyCell, dependent_code, DependentCode, kDependentCodeOffset)
ACCESSORS2(PropertyCell, name, Name, kNameOffset)
ACCESSORS(PropertyCell, value, Object, kValueOffset)
......
......@@ -5,7 +5,7 @@
#ifndef V8_OBJECTS_PROPERTY_CELL_H_
#define V8_OBJECTS_PROPERTY_CELL_H_
#include "src/objects.h"
#include "src/objects/heap-object.h"
// Has to be the last include (doesn't have include guards):
#include "src/objects/object-macros.h"
......@@ -13,7 +13,7 @@
namespace v8 {
namespace internal {
class PropertyCell : public HeapObject {
class PropertyCell : public HeapObjectPtr {
public:
// [name]: the name of the global property.
DECL_ACCESSORS2(name, Name)
......@@ -50,7 +50,7 @@ class PropertyCell : public HeapObject {
Handle<PropertyCell> cell,
Handle<Object> new_value);
DECL_CAST(PropertyCell)
DECL_CAST2(PropertyCell)
// Dispatched behavior.
DECL_PRINTER(PropertyCell)
......@@ -70,8 +70,7 @@ class PropertyCell : public HeapObject {
typedef FixedBodyDescriptor<kNameOffset, kSize, kSize> BodyDescriptor;
private:
DISALLOW_IMPLICIT_CONSTRUCTORS(PropertyCell);
OBJECT_CONSTRUCTORS(PropertyCell, HeapObjectPtr);
};
} // namespace internal
......
......@@ -1157,7 +1157,7 @@ void V8HeapExplorer::ExtractFeedbackCellReferences(HeapEntry* entry,
}
void V8HeapExplorer::ExtractPropertyCellReferences(HeapEntry* entry,
PropertyCell* cell) {
PropertyCell cell) {
SetInternalReference(entry, "value", cell->value(),
PropertyCell::kValueOffset);
TagObject(cell->dependent_code(), "(dependent code)");
......@@ -1322,7 +1322,7 @@ void V8HeapExplorer::ExtractPropertyReferences(JSObject js_obj,
ReadOnlyRoots roots(isolate);
for (int i = 0; i < length; ++i) {
if (!dictionary->IsKey(roots, dictionary->KeyAt(i))) continue;
PropertyCell* cell = dictionary->CellAt(i);
PropertyCell cell = dictionary->CellAt(i);
Name name = cell->name();
Object* value = cell->value();
PropertyDetails details = cell->property_details();
......
......@@ -366,7 +366,7 @@ class V8HeapExplorer : public HeapEntriesAllocator {
void ExtractCellReferences(HeapEntry* entry, Cell* cell);
void ExtractFeedbackCellReferences(HeapEntry* entry,
FeedbackCell feedback_cell);
void ExtractPropertyCellReferences(HeapEntry* entry, PropertyCell* cell);
void ExtractPropertyCellReferences(HeapEntry* entry, PropertyCell cell);
void ExtractAllocationSiteReferences(HeapEntry* entry, AllocationSite site);
void ExtractArrayBoilerplateDescriptionReferences(
HeapEntry* entry, ArrayBoilerplateDescription value);
......
......@@ -204,7 +204,7 @@ class RootVisitor;
V(FixedArray, empty_ordered_hash_map, EmptyOrderedHashMap) \
V(FixedArray, empty_ordered_hash_set, EmptyOrderedHashSet) \
V(FeedbackMetadata, empty_feedback_metadata, EmptyFeedbackMetadata) \
V(PropertyCell*, empty_property_cell, EmptyPropertyCell) \
V(PropertyCell, empty_property_cell, EmptyPropertyCell) \
V(NameDictionary, empty_property_dictionary, EmptyPropertyDictionary) \
V(InterceptorInfo, noop_interceptor_info, NoOpInterceptorInfo) \
V(WeakFixedArray, empty_weak_fixed_array, EmptyWeakFixedArray) \
......@@ -225,39 +225,39 @@ class RootVisitor;
// Mutable roots that are known to be immortal immovable, for which we can
// safely skip write barriers.
#define STRONG_MUTABLE_IMMOVABLE_ROOT_LIST(V) \
ACCESSOR_INFO_ROOT_LIST(V) \
/* Maps */ \
V(Map, external_map, ExternalMap) \
V(Map, message_object_map, JSMessageObjectMap) \
/* Canonical empty values */ \
V(Script, empty_script, EmptyScript) \
V(FeedbackCell, many_closures_cell, ManyClosuresCell) \
V(FeedbackCell, no_feedback_cell, NoFeedbackCell) \
V(Cell*, invalid_prototype_validity_cell, InvalidPrototypeValidityCell) \
/* Protectors */ \
V(Cell*, array_constructor_protector, ArrayConstructorProtector) \
V(PropertyCell*, no_elements_protector, NoElementsProtector) \
V(Cell*, is_concat_spreadable_protector, IsConcatSpreadableProtector) \
V(PropertyCell*, array_species_protector, ArraySpeciesProtector) \
V(PropertyCell*, typed_array_species_protector, TypedArraySpeciesProtector) \
V(PropertyCell*, regexp_species_protector, RegExpSpeciesProtector) \
V(PropertyCell*, promise_species_protector, PromiseSpeciesProtector) \
V(Cell*, string_length_protector, StringLengthProtector) \
V(PropertyCell*, array_iterator_protector, ArrayIteratorProtector) \
V(PropertyCell*, array_buffer_detaching_protector, \
ArrayBufferDetachingProtector) \
V(PropertyCell*, promise_hook_protector, PromiseHookProtector) \
V(Cell*, promise_resolve_protector, PromiseResolveProtector) \
V(PropertyCell*, map_iterator_protector, MapIteratorProtector) \
V(PropertyCell*, promise_then_protector, PromiseThenProtector) \
V(PropertyCell*, set_iterator_protector, SetIteratorProtector) \
V(PropertyCell*, string_iterator_protector, StringIteratorProtector) \
/* Caches */ \
V(FixedArray, single_character_string_cache, SingleCharacterStringCache) \
V(FixedArray, string_split_cache, StringSplitCache) \
V(FixedArray, regexp_multiple_cache, RegExpMultipleCache) \
/* Indirection lists for isolate-independent builtins */ \
#define STRONG_MUTABLE_IMMOVABLE_ROOT_LIST(V) \
ACCESSOR_INFO_ROOT_LIST(V) \
/* Maps */ \
V(Map, external_map, ExternalMap) \
V(Map, message_object_map, JSMessageObjectMap) \
/* Canonical empty values */ \
V(Script, empty_script, EmptyScript) \
V(FeedbackCell, many_closures_cell, ManyClosuresCell) \
V(FeedbackCell, no_feedback_cell, NoFeedbackCell) \
V(Cell*, invalid_prototype_validity_cell, InvalidPrototypeValidityCell) \
/* Protectors */ \
V(Cell*, array_constructor_protector, ArrayConstructorProtector) \
V(PropertyCell, no_elements_protector, NoElementsProtector) \
V(Cell*, is_concat_spreadable_protector, IsConcatSpreadableProtector) \
V(PropertyCell, array_species_protector, ArraySpeciesProtector) \
V(PropertyCell, typed_array_species_protector, TypedArraySpeciesProtector) \
V(PropertyCell, regexp_species_protector, RegExpSpeciesProtector) \
V(PropertyCell, promise_species_protector, PromiseSpeciesProtector) \
V(Cell*, string_length_protector, StringLengthProtector) \
V(PropertyCell, array_iterator_protector, ArrayIteratorProtector) \
V(PropertyCell, array_buffer_detaching_protector, \
ArrayBufferDetachingProtector) \
V(PropertyCell, promise_hook_protector, PromiseHookProtector) \
V(Cell*, promise_resolve_protector, PromiseResolveProtector) \
V(PropertyCell, map_iterator_protector, MapIteratorProtector) \
V(PropertyCell, promise_then_protector, PromiseThenProtector) \
V(PropertyCell, set_iterator_protector, SetIteratorProtector) \
V(PropertyCell, string_iterator_protector, StringIteratorProtector) \
/* Caches */ \
V(FixedArray, single_character_string_cache, SingleCharacterStringCache) \
V(FixedArray, string_split_cache, StringSplitCache) \
V(FixedArray, regexp_multiple_cache, RegExpMultipleCache) \
/* Indirection lists for isolate-independent builtins */ \
V(FixedArray, builtins_constants_table, BuiltinsConstantsTable)
// These root references can be updated by the mutator.
......
......@@ -491,7 +491,7 @@ RUNTIME_FUNCTION(Runtime_GetProperty) {
JSGlobalObject::cast(*receiver)->global_dictionary();
int entry = dictionary->FindEntry(isolate, key);
if (entry != GlobalDictionary::kNotFound) {
PropertyCell* cell = dictionary->CellAt(entry);
PropertyCell cell = dictionary->CellAt(entry);
if (cell->property_details().kind() == kData) {
Object* value = cell->value();
if (!value->IsTheHole(isolate)) return value;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment