trusted-pointer-scope_8h_source.html

// Copyright 2025 the V8 project authors. All rights reserved.

// Use of this source code is governed by a BSD-style license that can be

// found in the LICENSE file.


#ifndef V8_SANDBOX_TRUSTED_POINTER_SCOPE_H_

#define V8_SANDBOX_TRUSTED_POINTER_SCOPE_H_


#include "src/sandbox/isolate.h"


namespace v8::internal {


class DisallowJavascriptExecution;


#ifdef V8_ENABLE_SANDBOX


struct TrustedPointerTableEntry;


// A TrustedPointerPublishingScope is an optional facility for tracking

// (multiple) newly created TrustedPointerTable entries, and having the

// ability to neuter them afterwards, e.g. if their initialization as a

// group failed in such a way that they should not be made accessible to

// untrusted code (not even via existing in-sandbox corruption).

class TrustedPointerPublishingScope {

 public:

  TrustedPointerPublishingScope(Isolate* isolate,

                                const DisallowJavascriptExecution& no_js);

  ~TrustedPointerPublishingScope();


  // Decide whether the tracked pointers should be published or discarded.

  void MarkSuccess() { state_ = State::kSuccess; }

  void MarkFailure() { state_ = State::kFailure; }


  void TrackPointer(TrustedPointerTableEntry* entry);


 private:

  enum class State : uint8_t { kInProgress, kSuccess, kFailure };

  enum class Storage : uint8_t { kEmpty, kSingleton, kVector };


  State state_{State::kInProgress};

  Storage storage_{Storage::kEmpty};

  // We could use a base::SmallVector here, but it'd make the object bigger.

  union {

    TrustedPointerTableEntry* singleton_{nullptr};

    std::vector<TrustedPointerTableEntry*>* vector_;

  };

  Isolate* isolate_;

};


// Temporarily disables a TrustedPointerPublishingScope.

class DisableTrustedPointerPublishingScope {

 public:

  explicit DisableTrustedPointerPublishingScope(Isolate* isolate);

  ~DisableTrustedPointerPublishingScope();


 private:

  Isolate* isolate_;

  TrustedPointerPublishingScope* saved_{nullptr};

};


#else  // V8_ENABLE_SANDBOX


class TrustedPointerPublishingScope {

 public:


  TrustedPointerPublishingScope(Isolate* isolate,

                                const DisallowJavascriptExecution& no_js) {}


  void MarkSuccess() {}

  void MarkFailure() {}

};


class DisableTrustedPointerPublishingScope {

 public:

  explicit DisableTrustedPointerPublishingScope(Isolate* isolate) {}

};


#endif  // V8_ENABLE_SANDBOX


}  // namespace v8::internal


#endif  // V8_SANDBOX_TRUSTED_POINTER_SCOPE_H_

isolate_
Isolate * isolate_
Definition api-natives.cc:37

v8::internal::DisableTrustedPointerPublishingScope
Definition trusted-pointer-scope.h:70

v8::internal::DisableTrustedPointerPublishingScope::DisableTrustedPointerPublishingScope
DisableTrustedPointerPublishingScope(Isolate *isolate)
Definition trusted-pointer-scope.h:72

v8::internal::Isolate
Definition isolate.h:586

v8::internal::TrustedPointerPublishingScope
Definition trusted-pointer-scope.h:62

v8::internal::TrustedPointerPublishingScope::TrustedPointerPublishingScope
TrustedPointerPublishingScope(Isolate *isolate, const DisallowJavascriptExecution &no_js)
Definition trusted-pointer-scope.h:64

v8::internal::TrustedPointerPublishingScope::MarkSuccess
void MarkSuccess()
Definition trusted-pointer-scope.h:66

v8::internal::TrustedPointerPublishingScope::MarkFailure
void MarkFailure()
Definition trusted-pointer-scope.h:67

vector_
std::vector< T > vector_
Definition sweeper.cc:212

state_
enum v8::internal::@1270::DeoptimizableCodeIterator::@67 state_

storage_
digit_t * storage_
Definition mul-fft.cc:475

v8::internal::detail::kSuccess
@ kSuccess
Definition string-hasher-inl.h:118

v8::internal::swiss_table::kEmpty
@ kEmpty
Definition swiss-hash-table-helpers.h:177

v8::internal
Definition api-arguments-inl.h:20

isolate.h