Diff
Modified: trunk/Source/_javascript_Core/CMakeLists.txt (250288 => 250289)
--- trunk/Source/_javascript_Core/CMakeLists.txt 2019-09-24 06:59:52 UTC (rev 250288)
+++ trunk/Source/_javascript_Core/CMakeLists.txt 2019-09-24 07:43:24 UTC (rev 250289)
@@ -767,6 +767,7 @@
runtime/CagedBarrierPtr.h
runtime/CallData.h
runtime/CatchScope.h
+ runtime/CellSize.h
runtime/ClassInfo.h
runtime/CodeSpecializationKind.h
runtime/CommonIdentifiers.h
Modified: trunk/Source/_javascript_Core/ChangeLog (250288 => 250289)
--- trunk/Source/_javascript_Core/ChangeLog 2019-09-24 06:59:52 UTC (rev 250288)
+++ trunk/Source/_javascript_Core/ChangeLog 2019-09-24 07:43:24 UTC (rev 250289)
@@ -1,3 +1,23 @@
+2019-09-24 Mark Lam <mark....@apple.com>
+
+ Refactor cellSize() out of VMInspector::verifyCellSize().
+ https://bugs.webkit.org/show_bug.cgi?id=202132
+
+ Reviewed by Saam Barati.
+
+ * CMakeLists.txt:
+ * _javascript_Core.xcodeproj/project.pbxproj:
+ * runtime/CellSize.h: Added.
+ (JSC::isDynamicallySizedType):
+ (JSC::cellSize):
+ * runtime/DirectArguments.h:
+ * runtime/JSBigInt.h:
+ * runtime/JSModuleNamespaceObject.h:
+ * runtime/JSType.h:
+ (JSC::isDynamicallySizedType): Deleted.
+ * tools/VMInspectorInlines.h:
+ (JSC::VMInspector::verifyCellSize):
+
2019-09-23 Mark Lam <mark....@apple.com>
Introducing Integrity audit functions.
Modified: trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj (250288 => 250289)
--- trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj 2019-09-24 06:59:52 UTC (rev 250288)
+++ trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj 2019-09-24 07:43:24 UTC (rev 250289)
@@ -1911,6 +1911,7 @@
FEA3BBAC212C97CB00E93AD1 /* DFGCFG.h in Headers */ = {isa = PBXBuildFile; fileRef = FEA3BBAB212C97CB00E93AD1 /* DFGCFG.h */; };
FEB51F6C1A97B688001F921C /* Regress141809.mm in Sources */ = {isa = PBXBuildFile; fileRef = FEB51F6B1A97B688001F921C /* Regress141809.mm */; };
FEB58C15187B8B160098EF0B /* ErrorHandlingScope.h in Headers */ = {isa = PBXBuildFile; fileRef = FEB58C13187B8B160098EF0B /* ErrorHandlingScope.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ FEC160322339E9F900A04CB8 /* CellSize.h in Headers */ = {isa = PBXBuildFile; fileRef = FEC160312339E9F900A04CB8 /* CellSize.h */; };
FEC5797323105B5100BCA83F /* VMInspectorInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = FEC5797223105B4800BCA83F /* VMInspectorInlines.h */; };
FEC5797623105F4E00BCA83F /* Integrity.h in Headers */ = {isa = PBXBuildFile; fileRef = FEC5797523105F4300BCA83F /* Integrity.h */; settings = {ATTRIBUTES = (Private, ); }; };
FEC579782310954C00BCA83F /* IntegrityInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = FEC579772310954B00BCA83F /* IntegrityInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -5138,6 +5139,7 @@
FEB51F6B1A97B688001F921C /* Regress141809.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = Regress141809.mm; path = API/tests/Regress141809.mm; sourceTree = "<group>"; };
FEB58C12187B8B160098EF0B /* ErrorHandlingScope.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ErrorHandlingScope.cpp; sourceTree = "<group>"; };
FEB58C13187B8B160098EF0B /* ErrorHandlingScope.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ErrorHandlingScope.h; sourceTree = "<group>"; };
+ FEC160312339E9F900A04CB8 /* CellSize.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CellSize.h; sourceTree = "<group>"; };
FEC5797223105B4800BCA83F /* VMInspectorInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = VMInspectorInlines.h; sourceTree = "<group>"; };
FEC5797423105F4200BCA83F /* Integrity.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Integrity.cpp; sourceTree = "<group>"; };
FEC5797523105F4300BCA83F /* Integrity.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Integrity.h; sourceTree = "<group>"; };
@@ -6949,6 +6951,7 @@
145C507F0D9DF63B0088F6B9 /* CallData.h */,
FE80C1981D775FB4008510C0 /* CatchScope.cpp */,
FE80C1961D775B27008510C0 /* CatchScope.h */,
+ FEC160312339E9F900A04CB8 /* CellSize.h */,
E326C4961ECBEF5700A9A905 /* ClassInfo.cpp */,
BC6AAAE40E1F426500AD87D8 /* ClassInfo.h */,
0FE0501C1AA9095600D33B33 /* ClonedArguments.cpp */,
@@ -9029,6 +9032,7 @@
FE1BD0211E72027900134BC9 /* CellProfile.h in Headers */,
0F1C3DDA1BBCE09E00E523E4 /* CellState.h in Headers */,
BC6AAAE50E1F426500AD87D8 /* ClassInfo.h in Headers */,
+ FEC160322339E9F900A04CB8 /* CellSize.h in Headers */,
0FE050261AA9095600D33B33 /* ClonedArguments.h in Headers */,
BC18C45E0E16F5CD00B34460 /* CLoopStack.h in Headers */,
A7C1EAF017987AB600299DB2 /* CLoopStackInlines.h in Headers */,
Added: trunk/Source/_javascript_Core/runtime/CellSize.h (0 => 250289)
--- trunk/Source/_javascript_Core/runtime/CellSize.h (rev 0)
+++ trunk/Source/_javascript_Core/runtime/CellSize.h 2019-09-24 07:43:24 UTC (rev 250289)
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2019 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "DirectArguments.h"
+#include "JSBigInt.h"
+#include "JSLexicalEnvironment.h"
+#include "JSModuleEnvironment.h"
+#include "JSModuleNamespaceObject.h"
+
+namespace JSC {
+
+inline constexpr bool isDynamicallySizedType(JSType type)
+{
+ if (type == BigIntType
+ || type == DirectArgumentsType
+ || type == FinalObjectType
+ || type == LexicalEnvironmentType
+ || type == ModuleEnvironmentType
+ || type == ModuleNamespaceObjectType)
+ return true;
+ return false;
+}
+
+inline size_t cellSize(VM& vm, JSCell* cell)
+{
+ Structure* structure = cell->structure(vm);
+ const ClassInfo* classInfo = structure->classInfo();
+ JSType cellType = cell->type();
+
+ if (isDynamicallySizedType(cellType)) {
+ switch (cellType) {
+ case BigIntType: {
+ auto* bigInt = jsCast<JSBigInt*>(cell);
+ return JSBigInt::allocationSize(bigInt->length());
+ }
+ case DirectArgumentsType: {
+ auto* args = jsCast<DirectArguments*>(cell);
+ return DirectArguments::allocationSize(args->m_minCapacity);
+ }
+ case FinalObjectType:
+ return JSFinalObject::allocationSize(structure->inlineCapacity());
+ case LexicalEnvironmentType: {
+ auto* env = jsCast<JSLexicalEnvironment*>(cell);
+ return JSLexicalEnvironment::allocationSize(env->symbolTable());
+ }
+ case ModuleEnvironmentType: {
+ auto* env = jsCast<JSModuleEnvironment*>(cell);
+ return JSModuleEnvironment::allocationSize(env->symbolTable());
+ }
+ case ModuleNamespaceObjectType: {
+ auto* obj = jsCast<JSModuleNamespaceObject*>(cell);
+ return JSModuleNamespaceObject::allocationSize(obj->m_names.capacity());
+ }
+ default:
+ RELEASE_ASSERT_NOT_REACHED();
+ }
+ }
+ return classInfo->staticClassSize;
+}
+
+} // namespace JSC
Modified: trunk/Source/_javascript_Core/runtime/DirectArguments.h (250288 => 250289)
--- trunk/Source/_javascript_Core/runtime/DirectArguments.h 2019-09-24 06:59:52 UTC (rev 250288)
+++ trunk/Source/_javascript_Core/runtime/DirectArguments.h 2019-09-24 07:43:24 UTC (rev 250289)
@@ -185,7 +185,7 @@
using MappedArguments = CagedBarrierPtr<Gigacage::Primitive, bool>;
MappedArguments m_mappedArguments; // If non-null, it means that length, callee, and caller are fully materialized properties.
- friend class VMInspector;
+ friend size_t cellSize(VM&, JSCell*);
};
} // namespace JSC
Modified: trunk/Source/_javascript_Core/runtime/JSBigInt.h (250288 => 250289)
--- trunk/Source/_javascript_Core/runtime/JSBigInt.h 2019-09-24 06:59:52 UTC (rev 250288)
+++ trunk/Source/_javascript_Core/runtime/JSBigInt.h 2019-09-24 07:43:24 UTC (rev 250289)
@@ -250,7 +250,7 @@
const unsigned m_length;
bool m_sign { false };
- friend class VMInspector;
+ friend size_t cellSize(VM&, JSCell*);
};
inline size_t JSBigInt::allocationSize(unsigned length)
Modified: trunk/Source/_javascript_Core/runtime/JSModuleNamespaceObject.h (250288 => 250289)
--- trunk/Source/_javascript_Core/runtime/JSModuleNamespaceObject.h 2019-09-24 06:59:52 UTC (rev 250288)
+++ trunk/Source/_javascript_Core/runtime/JSModuleNamespaceObject.h 2019-09-24 07:43:24 UTC (rev 250289)
@@ -104,7 +104,7 @@
Vector<Identifier> m_names;
WriteBarrier<AbstractModuleRecord> m_moduleRecord;
- friend class VMInspector;
+ friend size_t cellSize(VM&, JSCell*);
};
} // namespace JSC
Modified: trunk/Source/_javascript_Core/runtime/JSType.h (250288 => 250289)
--- trunk/Source/_javascript_Core/runtime/JSType.h 2019-09-24 06:59:52 UTC (rev 250288)
+++ trunk/Source/_javascript_Core/runtime/JSType.h 2019-09-24 07:43:24 UTC (rev 250289)
@@ -140,18 +140,6 @@
return (static_cast<uint32_t>(type) - FirstTypedArrayType) < NumberOfTypedArrayTypesExcludingDataView;
}
-inline constexpr bool isDynamicallySizedType(JSType type)
-{
- if (type == BigIntType
- || type == DirectArgumentsType
- || type == FinalObjectType
- || type == LexicalEnvironmentType
- || type == ModuleEnvironmentType
- || type == ModuleNamespaceObjectType)
- return true;
- return false;
-}
-
} // namespace JSC
namespace WTF {
Modified: trunk/Source/_javascript_Core/tools/VMInspectorInlines.h (250288 => 250289)
--- trunk/Source/_javascript_Core/tools/VMInspectorInlines.h 2019-09-24 06:59:52 UTC (rev 250288)
+++ trunk/Source/_javascript_Core/tools/VMInspectorInlines.h 2019-09-24 07:43:24 UTC (rev 250289)
@@ -25,11 +25,7 @@
#pragma once
-#include "DirectArguments.h"
-#include "JSBigInt.h"
-#include "JSLexicalEnvironment.h"
-#include "JSModuleEnvironment.h"
-#include "JSModuleNamespaceObject.h"
+#include "CellSize.h"
#include "VMInspector.h"
#include <wtf/Assertions.h>
@@ -51,44 +47,10 @@
JSType cellType = cell->type();
AUDIT_VERIFY(action, verifier, cellType == structure->m_blob.type(), cell, cellType, structure->m_blob.type());
- if (isDynamicallySizedType(cellType)) {
- size_t cellSize = 0;
- switch (cellType) {
- case BigIntType: {
- auto* bigInt = jsCast<JSBigInt*>(cell);
- cellSize = JSBigInt::allocationSize(bigInt->length());
- break;
- }
- case DirectArgumentsType: {
- auto* args = jsCast<DirectArguments*>(cell);
- cellSize = DirectArguments::allocationSize(args->m_minCapacity);
- break;
- }
- case FinalObjectType:
- cellSize = JSFinalObject::allocationSize(structure->inlineCapacity());
- break;
- case LexicalEnvironmentType: {
- auto* env = jsCast<JSLexicalEnvironment*>(cell);
- cellSize = JSLexicalEnvironment::allocationSize(env->symbolTable());
- break;
- }
- case ModuleEnvironmentType: {
- auto* env = jsCast<JSModuleEnvironment*>(cell);
- cellSize = JSModuleEnvironment::allocationSize(env->symbolTable());
- break;
- }
- case ModuleNamespaceObjectType: {
- auto* obj = jsCast<JSModuleNamespaceObject*>(cell);
- cellSize = JSModuleNamespaceObject::allocationSize(obj->m_names.capacity());
- break;
- }
- default:
- RELEASE_ASSERT_NOT_REACHED();
- }
- AUDIT_VERIFY(action, verifier, cellSize <= allocatorCellSize, cell, cellType, cellSize, allocatorCellSize);
- AUDIT_VERIFY(action, verifier, cellSize >= classInfo->staticClassSize, cell, cellType, cellSize, classInfo->staticClassSize);
- } else
- AUDIT_VERIFY(action, verifier, classInfo->staticClassSize <= allocatorCellSize, cell, cellType, classInfo->staticClassSize, allocatorCellSize);
+ size_t size = cellSize(vm, cell);
+ AUDIT_VERIFY(action, verifier, size <= allocatorCellSize, cell, cellType, size, allocatorCellSize, classInfo->staticClassSize);
+ if (isDynamicallySizedType(cellType))
+ AUDIT_VERIFY(action, verifier, size >= classInfo->staticClassSize, cell, cellType, size, classInfo->staticClassSize);
return true;
}