Chromium Code Reviews Chromium Code Reviews
Issue 1061393002:
Fix issues with name and length on poison pill function (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 the V8 project authors. All rights reserved. | 1 // Copyright 2014 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/bootstrapper.h" | 5 #include "src/bootstrapper.h" |
| 6 | 6 |
| 7 #include "src/accessors.h" | 7 #include "src/accessors.h" |
| 8 #include "src/api-natives.h" | 8 #include "src/api-natives.h" |
| 9 #include "src/code-stubs.h" | 9 #include "src/code-stubs.h" |
| 10 #include "src/extensions/externalize-string-extension.h" | 10 #include "src/extensions/externalize-string-extension.h" |
| (...skipping 278 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 289 Isolate* isolate_; | 289 Isolate* isolate_; |
| 290 Handle<Context> result_; | 290 Handle<Context> result_; |
| 291 Handle<Context> native_context_; | 291 Handle<Context> native_context_; |
| 292 | 292 |
| 293 // Function maps. Function maps are created initially with a read only | 293 // Function maps. Function maps are created initially with a read only |
| 294 // prototype for the processing of JS builtins. Later the function maps are | 294 // prototype for the processing of JS builtins. Later the function maps are |
| 295 // replaced in order to make prototype writable. These are the final, writable | 295 // replaced in order to make prototype writable. These are the final, writable |
| 296 // prototype, maps. | 296 // prototype, maps. |
| 297 Handle<Map> sloppy_function_map_writable_prototype_; | 297 Handle<Map> sloppy_function_map_writable_prototype_; |
| 298 Handle<Map> strict_function_map_writable_prototype_; | 298 Handle<Map> strict_function_map_writable_prototype_; |
| 299 Handle<JSFunction> strict_poison_function; | 299 Handle<JSFunction> strict_poison_function_; |
| 300 Handle<JSFunction> generator_poison_function; | 300 Handle<JSFunction> generator_poison_function; |
| 301 | 301 |
| 302 BootstrapperActive active_; | 302 BootstrapperActive active_; |
| 303 friend class Bootstrapper; | 303 friend class Bootstrapper; |
| 304 }; | 304 }; |
| 305 | 305 |
| 306 | 306 |
| 307 void Bootstrapper::Iterate(ObjectVisitor* v) { | 307 void Bootstrapper::Iterate(ObjectVisitor* v) { |
| 308 extensions_cache_.Iterate(v); | 308 extensions_cache_.Iterate(v); |
| 309 v->Synchronize(VisitorSynchronization::kExtensions); | 309 v->Synchronize(VisitorSynchronization::kExtensions); |
| (...skipping 297 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 607 Handle<AccessorInfo> name = | 607 Handle<AccessorInfo> name = |
| 608 Accessors::FunctionNameInfo(isolate(), ro_attribs); | 608 Accessors::FunctionNameInfo(isolate(), ro_attribs); |
| 609 { // Add name. | 609 { // Add name. |
| 610 AccessorConstantDescriptor d(Handle<Name>(Name::cast(name->name())), name, | 610 AccessorConstantDescriptor d(Handle<Name>(Name::cast(name->name())), name, |
| 611 ro_attribs); | 611 ro_attribs); |
| 612 map->AppendDescriptor(&d); | 612 map->AppendDescriptor(&d); |
| 613 } | 613 } |
| 614 } | 614 } |
| 615 | 615 |
| 616 | 616 |
| 617 // ECMAScript 5th Edition, 13.2.3 | 617 // ECMAScript 6th Edition, 9.2.7.1 |
| 618 Handle<JSFunction> Genesis::GetStrictPoisonFunction() { | 618 Handle<JSFunction> Genesis::GetStrictPoisonFunction() { |
| 619 if (strict_poison_function.is_null()) { | 619 if (strict_poison_function_.is_null()) { |
| 620 Handle<String> name = factory()->InternalizeOneByteString( | 620 Handle<String> name = factory()->InternalizeOneByteString( |
| 621 STATIC_CHAR_VECTOR("ThrowTypeError")); | 621 STATIC_CHAR_VECTOR("ThrowTypeError")); |
| 622 Handle<Code> code(isolate()->builtins()->builtin( | 622 Handle<Code> code(isolate()->builtins()->builtin( |
| 623 Builtins::kStrictModePoisonPill)); | 623 Builtins::kStrictModePoisonPill)); |
| 624 strict_poison_function = factory()->NewFunctionWithoutPrototype(name, code); | 624 Handle<JSFunction> function = |
| 625 strict_poison_function->set_map(native_context()->sloppy_function_map()); | 625 factory()->NewFunctionWithoutPrototype(name, code); |
| 626 strict_poison_function->shared()->DontAdaptArguments(); | 626 function->set_map(native_context()->sloppy_function_map()); |
| 627 function->shared()->DontAdaptArguments(); | |
| 627 | 628 |
| 628 JSObject::PreventExtensions(strict_poison_function).Assert(); | 629 // %ThrowTypeError% must not have a name property. |
| 630 JSReceiver::DeleteProperty(function, factory()->name_string()).Assert(); | |
|
adamk
2015/04/07 20:02:58
So this'll put this into "slow" mode, but we don't
arv (Not doing code reviews)
2015/04/07 20:10:16
Yes. But that is fine since the would have to extr
| |
| 631 | |
| 632 // length needs to be non configurable | |
| 633 LookupIterator it(function, factory()->length_string()); | |
| 634 CHECK_EQ(LookupIterator::ACCESSOR, it.state()); | |
|
adamk
2015/04/07 20:02:58
Seems like this could be a DCHECK_EQ just as well.
arv (Not doing code reviews)
2015/04/07 20:10:16
It had to be CHECK before when I was using lower l
| |
| 635 DCHECK(it.HolderIsReceiverOrHiddenPrototype()); | |
| 636 Handle<Object> value(Smi::FromInt(function->shared()->length()), isolate()); | |
| 637 JSObject::SetOwnPropertyIgnoreAttributes( | |
|
adamk
2015/04/07 20:02:57
So does this end up getting rid of the accessor? B
arv (Not doing code reviews)
2015/04/07 20:10:16
Yes. But let me expand the test to make sure that
| |
| 638 function, factory()->length_string(), value, | |
| 639 static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE | READ_ONLY)) | |
| 640 .Assert(); | |
| 641 | |
| 642 JSObject::PreventExtensions(function).Assert(); | |
| 643 | |
| 644 strict_poison_function_ = function; | |
| 629 } | 645 } |
| 630 return strict_poison_function; | 646 return strict_poison_function_; |
| 631 } | 647 } |
| 632 | 648 |
| 633 | 649 |
| 634 Handle<JSFunction> Genesis::GetGeneratorPoisonFunction() { | 650 Handle<JSFunction> Genesis::GetGeneratorPoisonFunction() { |
| 635 if (generator_poison_function.is_null()) { | 651 if (generator_poison_function.is_null()) { |
| 636 Handle<String> name = factory()->InternalizeOneByteString( | 652 Handle<String> name = factory()->InternalizeOneByteString( |
| 637 STATIC_CHAR_VECTOR("ThrowTypeError")); | 653 STATIC_CHAR_VECTOR("ThrowTypeError")); |
| 638 Handle<Code> code(isolate()->builtins()->builtin( | 654 Handle<Code> code(isolate()->builtins()->builtin( |
| 639 Builtins::kGeneratorPoisonPill)); | 655 Builtins::kGeneratorPoisonPill)); |
| 640 generator_poison_function = factory()->NewFunctionWithoutPrototype( | 656 generator_poison_function = factory()->NewFunctionWithoutPrototype( |
| (...skipping 2322 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2963 return from + sizeof(NestingCounterType); | 2979 return from + sizeof(NestingCounterType); |
| 2964 } | 2980 } |
| 2965 | 2981 |
| 2966 | 2982 |
| 2967 // Called when the top-level V8 mutex is destroyed. | 2983 // Called when the top-level V8 mutex is destroyed. |
| 2968 void Bootstrapper::FreeThreadResources() { | 2984 void Bootstrapper::FreeThreadResources() { |
| 2969 DCHECK(!IsActive()); | 2985 DCHECK(!IsActive()); |
| 2970 } | 2986 } |
| 2971 | 2987 |
| 2972 } } // namespace v8::internal | 2988 } } // namespace v8::internal |
| OLD | NEW |
