1 // Copyright 2019 the V8 project authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef V8_EXECUTION_PROTECTORS_H_ 6 #define V8_EXECUTION_PROTECTORS_H_ 7 8 #include "src/handles/handles.h" 9 10 namespace v8 { 11 namespace internal { 12 13 class Protectors : public AllStatic { 14 public: 15 static const int kProtectorValid = 1; 16 static const int kProtectorInvalid = 0; 17 18 #define DECLARED_PROTECTORS_ON_ISOLATE(V) \ 19 V(ArrayBufferDetaching, ArrayBufferDetachingProtector, \ 20 array_buffer_detaching_protector) \ 21 V(ArrayConstructor, ArrayConstructorProtector, array_constructor_protector) \ 22 V(ArrayIteratorLookupChain, ArrayIteratorProtector, \ 23 array_iterator_protector) \ 24 V(ArraySpeciesLookupChain, ArraySpeciesProtector, array_species_protector) \ 25 V(IsConcatSpreadableLookupChain, IsConcatSpreadableProtector, \ 26 is_concat_spreadable_protector) \ 27 V(NoElements, NoElementsProtector, no_elements_protector) \ 28 \ 29 V(MegaDOM, MegaDOMProtector, mega_dom_protector) \ 30 \ 31 /* The MapIterator protector protects the original iteration behaviors */ \ 32 /* of Map.prototype.keys(), Map.prototype.values(), and */ \ 33 /* Set.prototype.entries(). It does not protect the original iteration */ \ 34 /* behavior of Map.prototype[Symbol.iterator](). */ \ 35 /* The protector is invalidated when: */ \ 36 /* * The 'next' property is set on an object where the property holder */ \ 37 /* is the %MapIteratorPrototype% (e.g. because the object is that very */ \ 38 /* prototype). */ \ 39 /* * The 'Symbol.iterator' property is set on an object where the */ \ 40 /* property holder is the %IteratorPrototype%. Note that this also */ \ 41 /* invalidates the SetIterator protector (see below). */ \ 42 V(MapIteratorLookupChain, MapIteratorProtector, map_iterator_protector) \ 43 V(RegExpSpeciesLookupChain, RegExpSpeciesProtector, \ 44 regexp_species_protector) \ 45 V(PromiseHook, PromiseHookProtector, promise_hook_protector) \ 46 V(PromiseThenLookupChain, PromiseThenProtector, promise_then_protector) \ 47 V(PromiseResolveLookupChain, PromiseResolveProtector, \ 48 promise_resolve_protector) \ 49 V(PromiseSpeciesLookupChain, PromiseSpeciesProtector, \ 50 promise_species_protector) \ 51 \ 52 /* The SetIterator protector protects the original iteration behavior of */ \ 53 /* Set.prototype.keys(), Set.prototype.values(), */ \ 54 /* Set.prototype.entries(), and Set.prototype[Symbol.iterator](). The */ \ 55 /* protector is invalidated when: */ \ 56 /* * The 'next' property is set on an object where the property holder */ \ 57 /* is the %SetIteratorPrototype% (e.g. because the object is that very */ \ 58 /* prototype). */ \ 59 /* * The 'Symbol.iterator' property is set on an object where the */ \ 60 /* property holder is the %SetPrototype% OR %IteratorPrototype%. This */ \ 61 /* means that setting Symbol.iterator on a MapIterator object can also */ \ 62 /* invalidate the SetIterator protector, and vice versa, setting */ \ 63 /* Symbol.iterator on a SetIterator object can also invalidate the */ \ 64 /* MapIterator. This is an over-approximation for the sake of */ \ 65 /* simplicity. */ \ 66 V(SetIteratorLookupChain, SetIteratorProtector, set_iterator_protector) \ 67 \ 68 /* The StringIteratorProtector protects the original string iteration */ \ 69 /* behavior for primitive strings. As long as the */ \ 70 /* StringIteratorProtector is valid, iterating over a primitive string */ \ 71 /* is guaranteed to be unobservable from user code and can thus be cut */ \ 72 /* short. More specifically, the protector gets invalidated as soon as */ \ 73 /* either String.prototype[Symbol.iterator] or */ \ 74 /* String.prototype[Symbol.iterator]().next is modified. This guarantee */ \ 75 /* does not apply to string objects (as opposed to primitives), since */ \ 76 /* they could define their own Symbol.iterator. */ \ 77 /* String.prototype itself does not need to be protected, since it is */ \ 78 /* non-configurable and non-writable. */ \ 79 V(StringIteratorLookupChain, StringIteratorProtector, \ 80 string_iterator_protector) \ 81 V(StringLengthOverflowLookupChain, StringLengthProtector, \ 82 string_length_protector) \ 83 V(TypedArraySpeciesLookupChain, TypedArraySpeciesProtector, \ 84 typed_array_species_protector) 85 86 #define DECLARE_PROTECTOR_ON_ISOLATE(name, unused_root_index, unused_cell) \ 87 V8_EXPORT_PRIVATE static inline bool Is##name##Intact(Isolate* isolate); \ 88 V8_EXPORT_PRIVATE static void Invalidate##name(Isolate* isolate); 89 DECLARED_PROTECTORS_ON_ISOLATE(DECLARE_PROTECTOR_ON_ISOLATE) 90 #undef DECLARE_PROTECTOR_ON_ISOLATE 91 }; 92 93 } // namespace internal 94 } // namespace v8 95 96 #endif // V8_EXECUTION_PROTECTORS_H_ 97