[es6] do not add caller/arguments to ES6 function definitions

src/bootstrapper.cc

 // Copyright 2014 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/bootstrapper.h"
 
 #include "src/accessors.h"
 #include "src/api-natives.h"
 #include "src/code-stubs.h"
 #include "src/extensions/externalize-string-extension.h"
@@ skipping 239 matching lines @@
     // Without prototype.
     FUNCTION_WITHOUT_PROTOTYPE,
     BOUND_FUNCTION
   };
 
   static bool IsFunctionModeWithPrototype(FunctionMode function_mode) {
     return (function_mode == FUNCTION_WITH_WRITEABLE_PROTOTYPE ||
             function_mode == FUNCTION_WITH_READONLY_PROTOTYPE);
   }
 
-  Handle<Map> CreateSloppyFunctionMap(FunctionMode function_mode);
+  Handle<Map> CreateSloppyFunctionMap(FunctionMode function_mode,
+                                      bool add_restricted_props = true);
 
   void SetFunctionInstanceDescriptor(Handle<Map> map,
-                                     FunctionMode function_mode);
+                                     FunctionMode function_mode,
+                                     bool add_restricted_props = true);
   void MakeFunctionInstancePrototypeWritable();
 
   Handle<Map> CreateStrictFunctionMap(FunctionMode function_mode,
                                       Handle<JSFunction> empty_function);
   Handle<Map> CreateStrongFunctionMap(Handle<JSFunction> empty_function,
                                       bool is_constructor);
 
 
   void SetStrictFunctionInstanceDescriptor(Handle<Map> map,
                                            FunctionMode function_mode);
@@ skipping 15 matching lines @@
   Isolate* isolate_;
   Handle<Context> result_;
   Handle<Context> native_context_;
 
   // Function maps. Function maps are created initially with a read only
   // prototype for the processing of JS builtins. Later the function maps are
   // replaced in order to make prototype writable. These are the final, writable
   // prototype, maps.
   Handle<Map> sloppy_function_map_writable_prototype_;
   Handle<Map> strict_function_map_writable_prototype_;
+  Handle<Map> plain_function_map_writable_prototype_;

[arv (Not doing code reviews), 2015/03/25 13:36:47]

Can you rename these. Right now it is not clear how there can be anything but
sloppy and strict.

The concept of "plain" function is something new here. It is never defined what
it means.

[caitp (gmail), 2015/03/25 13:42:59]

what would be better here? "newstyle_..."? "unpoisoned_..."?
"without_restricted_properties..."? (just asking for opinions, "plain" seemed to
convey the "no restricted properties" thing nicely)

   Handle<JSFunction> strict_poison_function;
   Handle<JSFunction> generator_poison_function;
 
   BootstrapperActive active_;
   friend class Bootstrapper;
 };
 
 
 void Bootstrapper::Iterate(ObjectVisitor* v) {
   extensions_cache_.Iterate(v);
@@ skipping 61 matching lines @@
   }
   JSObject::AddProperty(target, internalized_name, function, attributes);
   if (target->IsJSGlobalObject()) {
     function->shared()->set_instance_class_name(*internalized_name);
   }
   function->shared()->set_native(true);
   return function;
 }
 
 
-void Genesis::SetFunctionInstanceDescriptor(
-    Handle<Map> map, FunctionMode function_mode) {
+void Genesis::SetFunctionInstanceDescriptor(Handle<Map> map,
+                                            FunctionMode function_mode,
+                                            bool add_restricted_props) {
   int size = IsFunctionModeWithPrototype(function_mode) ? 5 : 4;
   Map::EnsureDescriptorSlack(map, size);
 
   PropertyAttributes ro_attribs =
       static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE | READ_ONLY);
   PropertyAttributes roc_attribs =
       static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY);
 
   Handle<AccessorInfo> length =
       Accessors::FunctionLengthInfo(isolate(), roc_attribs);
   {  // Add length.
     AccessorConstantDescriptor d(Handle<Name>(Name::cast(length->name())),
                                  length, roc_attribs);
     map->AppendDescriptor(&d);
   }
   Handle<AccessorInfo> name =
       Accessors::FunctionNameInfo(isolate(), ro_attribs);
   {  // Add name.
     AccessorConstantDescriptor d(Handle<Name>(Name::cast(name->name())), name,
                                  roc_attribs);
     map->AppendDescriptor(&d);
   }
-  Handle<AccessorInfo> args =
-      Accessors::FunctionArgumentsInfo(isolate(), ro_attribs);
-  {  // Add arguments.
+  if (add_restricted_props) {  // Add arguments.
+    Handle<AccessorInfo> args =
+        Accessors::FunctionArgumentsInfo(isolate(), ro_attribs);
     AccessorConstantDescriptor d(Handle<Name>(Name::cast(args->name())), args,
                                  ro_attribs);
     map->AppendDescriptor(&d);
   }
-  Handle<AccessorInfo> caller =
-      Accessors::FunctionCallerInfo(isolate(), ro_attribs);
-  {  // Add caller.
+  if (add_restricted_props) {  // Add caller.

[arv (Not doing code reviews), 2015/03/25 13:36:47]

Maybe

if (add_restricted_props) {
  {
    ...
  }
  {
    ...
}

to remove a branch.

+    Handle<AccessorInfo> caller =
+        Accessors::FunctionCallerInfo(isolate(), ro_attribs);
     AccessorConstantDescriptor d(Handle<Name>(Name::cast(caller->name())),
                                  caller, ro_attribs);
     map->AppendDescriptor(&d);
   }
   if (IsFunctionModeWithPrototype(function_mode)) {
     if (function_mode == FUNCTION_WITH_WRITEABLE_PROTOTYPE) {
       ro_attribs = static_cast<PropertyAttributes>(ro_attribs & ~READ_ONLY);
     }
     Handle<AccessorInfo> prototype =
         Accessors::FunctionPrototypeInfo(isolate(), ro_attribs);
     AccessorConstantDescriptor d(Handle<Name>(Name::cast(prototype->name())),
                                  prototype, ro_attribs);
     map->AppendDescriptor(&d);
   }
 }
 
 
-Handle<Map> Genesis::CreateSloppyFunctionMap(FunctionMode function_mode) {
+Handle<Map> Genesis::CreateSloppyFunctionMap(FunctionMode function_mode,
+                                             bool add_restricted_props) {
   Handle<Map> map = factory()->NewMap(JS_FUNCTION_TYPE, JSFunction::kSize);
-  SetFunctionInstanceDescriptor(map, function_mode);
+  SetFunctionInstanceDescriptor(map, function_mode, add_restricted_props);
   map->set_function_with_prototype(IsFunctionModeWithPrototype(function_mode));
   return map;
 }
 
 
 Handle<JSFunction> Genesis::CreateEmptyFunction(Isolate* isolate) {
   // Allocate the map for function instances. Maps are allocated first and their
   // prototypes patched later, once empty function is created.
 
   // Functions with this map will not have a 'prototype' property, and
   // can not be used as constructors.
   Handle<Map> function_without_prototype_map =
       CreateSloppyFunctionMap(FUNCTION_WITHOUT_PROTOTYPE);
   native_context()->set_sloppy_function_without_prototype_map(
       *function_without_prototype_map);
 
+  Handle<Map> plain_function_without_prototype_map =
+      CreateSloppyFunctionMap(FUNCTION_WITHOUT_PROTOTYPE, false);
+  native_context()->set_plain_function_without_prototype_map(
+      *plain_function_without_prototype_map);
+
   // Allocate the function map. This map is temporary, used only for processing
   // of builtins.
   // Later the map is replaced with writable prototype map, allocated below.
   Handle<Map> function_map =
       CreateSloppyFunctionMap(FUNCTION_WITH_READONLY_PROTOTYPE);
   native_context()->set_sloppy_function_map(*function_map);
   native_context()->set_sloppy_function_with_readonly_prototype_map(
       *function_map);
 
+  Handle<Map> plain_function_map =
+      CreateSloppyFunctionMap(FUNCTION_WITH_READONLY_PROTOTYPE, false);
+  native_context()->set_plain_function_map(*plain_function_map);
+
   // The final map for functions. Writeable prototype.
   // This map is installed in MakeFunctionInstancePrototypeWritable.
   sloppy_function_map_writable_prototype_ =
       CreateSloppyFunctionMap(FUNCTION_WITH_WRITEABLE_PROTOTYPE);
-
+  plain_function_map_writable_prototype_ =
+      CreateSloppyFunctionMap(FUNCTION_WITH_WRITEABLE_PROTOTYPE, false);
   Factory* factory = isolate->factory();
 
   Handle<String> object_name = factory->Object_string();
 
   Handle<JSObject> object_function_prototype;
 
   {  // --- O b j e c t ---
     Handle<JSFunction> object_fun = factory->NewFunction(object_name);
     int unused = JSObject::kInitialGlobalObjectUnusedPropertiesCount;
     int instance_size = JSObject::kHeaderSize + kPointerSize * unused;
@@ skipping 45 matching lines @@
   script->set_type(Smi::FromInt(Script::TYPE_NATIVE));
   empty_function->shared()->set_script(*script);
   empty_function->shared()->set_start_position(0);
   empty_function->shared()->set_end_position(source->length());
   empty_function->shared()->DontAdaptArguments();
 
   // Set prototypes for the function maps.
   native_context()->sloppy_function_map()->SetPrototype(empty_function);
   native_context()->sloppy_function_without_prototype_map()->SetPrototype(
       empty_function);
+  native_context()->plain_function_map()->SetPrototype(empty_function);
+  native_context()->plain_function_without_prototype_map()->SetPrototype(
+      empty_function);
   sloppy_function_map_writable_prototype_->SetPrototype(empty_function);
+  plain_function_map_writable_prototype_->SetPrototype(empty_function);
   return empty_function;
 }
 
 
-void Genesis::SetStrictFunctionInstanceDescriptor(
-    Handle<Map> map, FunctionMode function_mode) {
+void Genesis::SetStrictFunctionInstanceDescriptor(Handle<Map> map,
+                                                  FunctionMode function_mode) {
   int size = IsFunctionModeWithPrototype(function_mode) ? 5 : 4;
   Map::EnsureDescriptorSlack(map, size);
 
   Handle<AccessorPair> arguments(factory()->NewAccessorPair());
   Handle<AccessorPair> caller(factory()->NewAccessorPair());
   PropertyAttributes rw_attribs =
       static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE);
   PropertyAttributes ro_attribs =
       static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE | READ_ONLY);
   PropertyAttributes roc_attribs =
@@ skipping 96 matching lines @@
     generator_poison_function->set_map(native_context()->sloppy_function_map());
     generator_poison_function->shared()->DontAdaptArguments();
 
     JSObject::PreventExtensions(generator_poison_function).Assert();
   }
   return generator_poison_function;
 }
 
 
 Handle<Map> Genesis::CreateStrictFunctionMap(
-    FunctionMode function_mode,
-    Handle<JSFunction> empty_function) {
+    FunctionMode function_mode, Handle<JSFunction> empty_function) {
   Handle<Map> map = factory()->NewMap(JS_FUNCTION_TYPE, JSFunction::kSize);
   SetStrictFunctionInstanceDescriptor(map, function_mode);
   map->set_function_with_prototype(IsFunctionModeWithPrototype(function_mode));
   map->SetPrototype(empty_function);
   return map;
 }
 
 
 Handle<Map> Genesis::CreateStrongFunctionMap(
     Handle<JSFunction> empty_function, bool is_constructor) {
@@ skipping 18 matching lines @@
   // only for processing of builtins.
   // Later the map is replaced with writable prototype map, allocated below.
   Handle<Map> strict_function_map =
       CreateStrictFunctionMap(FUNCTION_WITH_READONLY_PROTOTYPE, empty);
   native_context()->set_strict_function_map(*strict_function_map);
 
   // The final map for the strict mode functions. Writeable prototype.
   // This map is installed in MakeFunctionInstancePrototypeWritable.
   strict_function_map_writable_prototype_ =
       CreateStrictFunctionMap(FUNCTION_WITH_WRITEABLE_PROTOTYPE, empty);
+
   // Special map for bound functions.
   Handle<Map> bound_function_map =
       CreateStrictFunctionMap(BOUND_FUNCTION, empty);
   native_context()->set_bound_function_map(*bound_function_map);
 
   // Complete the callbacks.
   PoisonArgumentsAndCaller(strict_function_without_prototype_map);
   PoisonArgumentsAndCaller(strict_function_map);
   PoisonArgumentsAndCaller(strict_function_map_writable_prototype_);
   PoisonArgumentsAndCaller(bound_function_map);
@@ skipping 14 matching lines @@
                          Handle<String> name,
                          Handle<JSFunction> func) {
   DescriptorArray* descs = map->instance_descriptors();
   int number = descs->SearchWithCache(*name, *map);
   AccessorPair* accessors = AccessorPair::cast(descs->GetValue(number));
   accessors->set_getter(*func);
   accessors->set_setter(*func);
 }
 
 
-static void ReplaceAccessors(Handle<Map> map,
-                             Handle<String> name,
-                             PropertyAttributes attributes,
-                             Handle<AccessorPair> accessor_pair) {
-  DescriptorArray* descriptors = map->instance_descriptors();
-  int idx = descriptors->SearchWithCache(*name, *map);
-  AccessorConstantDescriptor descriptor(name, accessor_pair, attributes);
-  descriptors->Replace(idx, &descriptor);
-}
-
-
 void Genesis::PoisonArgumentsAndCaller(Handle<Map> map) {
   SetAccessors(map, factory()->arguments_string(), GetStrictPoisonFunction());
   SetAccessors(map, factory()->caller_string(), GetStrictPoisonFunction());
 }
 
 
 static void AddToWeakNativeContextList(Context* context) {
   DCHECK(context->IsNativeContext());
   Heap* heap = context->GetIsolate()->heap();
 #ifdef DEBUG
@@ skipping 1318 matching lines @@
         InstallFunction(builtins, "GeneratorFunctionPrototype",
                         JS_FUNCTION_TYPE, JSFunction::kHeaderSize,
                         generator_object_prototype, Builtins::kIllegal);
     InstallFunction(builtins, "GeneratorFunction", JS_FUNCTION_TYPE,
                     JSFunction::kSize, generator_function_prototype,
                     Builtins::kIllegal);
 
     // Create maps for generator functions and their prototypes.  Store those
     // maps in the native context.
     Handle<Map> generator_function_map =
-        Map::Copy(sloppy_function_map_writable_prototype_, "GeneratorFunction");
+        Map::Copy(plain_function_map_writable_prototype_, "GeneratorFunction");
     generator_function_map->SetPrototype(generator_function_prototype);
-    native_context()->set_sloppy_generator_function_map(
-        *generator_function_map);
-
-    // The "arguments" and "caller" instance properties aren't specified, so
-    // technically we could leave them out.  They make even less sense for
-    // generators than for functions.  Still, the same argument that it makes
-    // sense to keep them around but poisoned in strict mode applies to
-    // generators as well.  With poisoned accessors, naive callers can still
-    // iterate over the properties without accessing them.
-    //
-    // We can't use PoisonArgumentsAndCaller because that mutates accessor pairs
-    // in place, and the initial state of the generator function map shares the
-    // accessor pair with sloppy functions.  Also the error message should be
-    // different.  Also unhappily, we can't use the API accessors to implement
-    // poisoning, because API accessors present themselves as data properties,
-    // not accessor properties, and so getOwnPropertyDescriptor raises an
-    // exception as it tries to get the values.  Sadness.
-    Handle<AccessorPair> poison_pair(factory()->NewAccessorPair());
-    PropertyAttributes rw_attribs =
-        static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE);
-    Handle<JSFunction> poison_function = GetGeneratorPoisonFunction();
-    poison_pair->set_getter(*poison_function);
-    poison_pair->set_setter(*poison_function);
-    ReplaceAccessors(generator_function_map, factory()->arguments_string(),
-                     rw_attribs, poison_pair);
-    ReplaceAccessors(generator_function_map, factory()->caller_string(),
-                     rw_attribs, poison_pair);
-
-    Handle<Map> strict_function_map(native_context()->strict_function_map());
-    Handle<Map> strict_generator_function_map =
-        Map::Copy(strict_function_map, "StrictGeneratorFunction");
-    // "arguments" and "caller" already poisoned.
-    strict_generator_function_map->SetPrototype(generator_function_prototype);
-    native_context()->set_strict_generator_function_map(
-        *strict_generator_function_map);
+    native_context()->set_generator_function_map(*generator_function_map);
 
     Handle<Map> strong_function_map(native_context()->strong_function_map());
     Handle<Map> strong_generator_function_map =
         Map::Copy(strong_function_map, "StrongGeneratorFunction");
     strong_generator_function_map->SetPrototype(generator_function_prototype);
     native_context()->set_strong_generator_function_map(
         *strong_generator_function_map);
 
     Handle<JSFunction> object_function(native_context()->object_function());
     Handle<Map> generator_object_prototype_map = Map::Create(isolate(), 0);
@@ skipping 833 matching lines @@
   return from + sizeof(NestingCounterType);
 }
 
 
 // Called when the top-level V8 mutex is destroyed.
 void Bootstrapper::FreeThreadResources() {
   DCHECK(!IsActive());
 }
 
 } }  // namespace v8::internal