[sandbox] Access microtask queue in NativeContext via bottlenecks

Bug: v8:10391 Change-Id: I29393ebcb58b1000040d7f7ba205895a8ba363f7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2148782Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#67558}

[sandbox] Access microtask queue in NativeContext via bottlenecks
Bug: v8:10391 Change-Id: I29393ebcb58b1000040d7f7ba205895a8ba363f7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2148782Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#67558}
843c8de8 · Samuel Groß · Commit Bot · 69110a77 · 843c8de8 · 843c8de8
Commit 843c8de8 authored May 04, 2020 by Samuel Groß Committed by Commit Bot May 05, 2020
7 changed files
--- a/src/builtins/builtins-microtask-queue-gen.cc
+++ b/src/builtins/builtins-microtask-queue-gen.cc
@@ -53,8 +53,8 @@ class MicrotaskQueueBuiltinsAssembler : public CodeStubAssembler {
 TNode<RawPtrT> MicrotaskQueueBuiltinsAssembler::GetMicrotaskQueue(
    TNode<Context> native_context) {
  CSA_ASSERT(this, IsNativeContext(native_context));
-  return LoadObjectField<RawPtrT>(native_context,
+  return DecodeExternalPointer(LoadObjectField<ExternalPointerT>(
-                                  NativeContext::kMicrotaskQueueOffset);
+      native_context, NativeContext::kMicrotaskQueueOffset));
 }
 TNode<RawPtrT> MicrotaskQueueBuiltinsAssembler::GetMicrotaskRingBuffer(

--- a/src/heap/factory.cc
+++ b/src/heap/factory.cc
@@ -1051,7 +1051,7 @@ Handle<NativeContext> Factory::NewNativeContext() {
  context->set_errors_thrown(Smi::zero());
  context->set_math_random_index(Smi::zero());
  context->set_serialized_objects(*empty_fixed_array());
-  context->set_microtask_queue(nullptr);
+  context->set_microtask_queue(isolate(), nullptr);
  context->set_osr_code_cache(*empty_weak_fixed_array());
  context->set_retained_maps(*empty_weak_array_list());
  return context;

--- a/src/init/bootstrapper.cc
+++ b/src/init/bootstrapper.cc
@@ -363,7 +363,7 @@ void Bootstrapper::DetachGlobal(Handle<Context> env) {
    isolate_->AddDetachedContext(env);
  }
-  env->native_context().set_microtask_queue(nullptr);
+  env->native_context().set_microtask_queue(isolate_, nullptr);
 }
 namespace {
@@ -5406,8 +5406,8 @@ Genesis::Genesis(
  }
  native_context()->set_microtask_queue(
-      microtask_queue ? static_cast<MicrotaskQueue*>(microtask_queue)
+      isolate, microtask_queue ? static_cast<MicrotaskQueue*>(microtask_queue)
-                      : isolate->default_microtask_queue());
+                               : isolate->default_microtask_queue());
  // Install experimental natives. Do not include them into the
  // snapshot as we should be able to turn them off at runtime. Re-installing

--- a/src/objects/contexts-inl.h
+++ b/src/objects/contexts-inl.h
@@ -245,14 +245,18 @@ Map Context::GetInitialJSArrayMap(ElementsKind kind) const {
  return Map::cast(initial_js_array_map);
 }
-MicrotaskQueue* NativeContext::microtask_queue() const {
+DEF_GETTER(NativeContext, microtask_queue, MicrotaskQueue*) {
+  ExternalPointer_t encoded_value =
+      ReadField<ExternalPointer_t>(kMicrotaskQueueOffset);
  return reinterpret_cast<MicrotaskQueue*>(
-      ReadField<Address>(kMicrotaskQueueOffset));
+      DecodeExternalPointer(isolate, encoded_value));
 }
-void NativeContext::set_microtask_queue(MicrotaskQueue* microtask_queue) {
+void NativeContext::set_microtask_queue(Isolate* isolate,
-  WriteField<Address>(kMicrotaskQueueOffset,
+                                        MicrotaskQueue* microtask_queue) {
-                      reinterpret_cast<Address>(microtask_queue));
+  ExternalPointer_t encoded_value = EncodeExternalPointer(
+      isolate, reinterpret_cast<Address>(microtask_queue));
+  WriteField<ExternalPointer_t>(kMicrotaskQueueOffset, encoded_value);
 }
 OSROptimizedCodeCache NativeContext::GetOSROptimizedCodeCache() {

--- a/src/objects/contexts.h
+++ b/src/objects/contexts.h
@@ -692,7 +692,8 @@ class NativeContext : public Context {
  // TODO(neis): Move some stuff from Context here.
  // [microtask_queue]: pointer to the MicrotaskQueue object.
-  DECL_PRIMITIVE_ACCESSORS(microtask_queue, MicrotaskQueue*)
+  DECL_GETTER(microtask_queue, MicrotaskQueue*)
+  inline void set_microtask_queue(Isolate* isolate, MicrotaskQueue* queue);
  // Dispatched behavior.
  DECL_PRINTER(NativeContext)

--- a/src/snapshot/context-serializer.cc
+++ b/src/snapshot/context-serializer.cc
@@ -25,7 +25,8 @@ class SanitizeNativeContextScope final {
  SanitizeNativeContextScope(Isolate* isolate, NativeContext native_context,
                             bool allow_active_isolate_for_testing,
                             const DisallowHeapAllocation& no_gc)
-      : native_context_(native_context),
+      : isolate_(isolate),
+        native_context_(native_context),
        microtask_queue_(native_context.microtask_queue()),
        optimized_code_list_(native_context.OptimizedCodeListHead()),
        deoptimized_code_list_(native_context.DeoptimizedCodeListHead()) {
@@ -42,7 +43,7 @@ class SanitizeNativeContextScope final {
    }
 #endif
    Object undefined = ReadOnlyRoots(isolate).undefined_value();
-    native_context.set_microtask_queue(nullptr);
+    native_context.set_microtask_queue(isolate, nullptr);
    native_context.SetOptimizedCodeListHead(undefined);
    native_context.SetDeoptimizedCodeListHead(undefined);
  }
@@ -51,10 +52,11 @@ class SanitizeNativeContextScope final {
    // Restore saved fields.
    native_context_.SetDeoptimizedCodeListHead(optimized_code_list_);
    native_context_.SetOptimizedCodeListHead(deoptimized_code_list_);
-    native_context_.set_microtask_queue(microtask_queue_);
+    native_context_.set_microtask_queue(isolate_, microtask_queue_);
  }
 private:
+  Isolate* isolate_;
  NativeContext native_context_;
  MicrotaskQueue* const microtask_queue_;
  const Object optimized_code_list_;

--- a/test/unittests/execution/microtask-queue-unittest.cc
+++ b/test/unittests/execution/microtask-queue-unittest.cc
@@ -89,7 +89,7 @@ class MicrotaskQueueTest : public TestWithNativeContextAndFinalizationRegistry,
  void SetUp() override {
    microtask_queue_ = MicrotaskQueue::New(isolate());
-    native_context()->set_microtask_queue(microtask_queue());
+    native_context()->set_microtask_queue(isolate(), microtask_queue());
    if (GetParam()) {
      // Use a PromiseHook to switch the implementation to ResolvePromise
@@ -254,9 +254,9 @@ TEST_P(MicrotaskQueueTest, PromiseHandlerContext) {
  Handle<Context> context2 = Utils::OpenHandle(*v8_context2, isolate());
  Handle<Context> context3 = Utils::OpenHandle(*v8_context3, isolate());
  Handle<Context> context4 = Utils::OpenHandle(*v8_context3, isolate());
-  context2->native_context().set_microtask_queue(microtask_queue());
+  context2->native_context().set_microtask_queue(isolate(), microtask_queue());
-  context3->native_context().set_microtask_queue(microtask_queue());
+  context3->native_context().set_microtask_queue(isolate(), microtask_queue());
-  context4->native_context().set_microtask_queue(microtask_queue());
+  context4->native_context().set_microtask_queue(isolate(), microtask_queue());
  Handle<JSFunction> handler;
  Handle<JSProxy> proxy;
@@ -587,7 +587,7 @@ TEST_P(MicrotaskQueueTest, DetachGlobal_InactiveHandler) {
  Local<v8::Context> sub_context = v8::Context::New(v8_isolate());
  Utils::OpenHandle(*sub_context)
      ->native_context()
-      .set_microtask_queue(microtask_queue());
+      .set_microtask_queue(isolate(), microtask_queue());
  Handle<JSArray> result;
  Handle<JSFunction> stale_handler;