| OLD | NEW |
|---|
| 1 // Copyright 2014 the V8 project authors. All rights reserved. | 1 // Copyright 2014 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/bootstrapper.h" | 5 #include "src/bootstrapper.h" |
| 6 | 6 |
| 7 #include "src/accessors.h" | 7 #include "src/accessors.h" |
| 8 #include "src/api-natives.h" | 8 #include "src/api-natives.h" |
| 9 #include "src/code-stubs.h" | 9 #include "src/code-stubs.h" |
| 10 #include "src/extensions/externalize-string-extension.h" | 10 #include "src/extensions/externalize-string-extension.h" |
| (...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 130 private: | 130 private: |
| 131 Handle<Context> native_context() { return native_context_; } | 131 Handle<Context> native_context() { return native_context_; } |
| 132 | 132 |
| 133 // Creates some basic objects. Used for creating a context from scratch. | 133 // Creates some basic objects. Used for creating a context from scratch. |
| 134 void CreateRoots(); | 134 void CreateRoots(); |
| 135 // Creates the empty function. Used for creating a context from scratch. | 135 // Creates the empty function. Used for creating a context from scratch. |
| 136 Handle<JSFunction> CreateEmptyFunction(Isolate* isolate); | 136 Handle<JSFunction> CreateEmptyFunction(Isolate* isolate); |
| 137 // Creates the ThrowTypeError function. ECMA 5th Ed. 13.2.3 | 137 // Creates the ThrowTypeError function. ECMA 5th Ed. 13.2.3 |
| 138 Handle<JSFunction> GetRestrictedFunctionPropertiesThrower(); | 138 Handle<JSFunction> GetRestrictedFunctionPropertiesThrower(); |
| 139 Handle<JSFunction> GetStrictArgumentsPoisonFunction(); | 139 Handle<JSFunction> GetStrictArgumentsPoisonFunction(); |
| 140 Handle<JSFunction> GetThrowTypeErrorIntrinsic(Builtins::Name builtin_name); |
| 140 | 141 |
| 141 void CreateStrictModeFunctionMaps(Handle<JSFunction> empty); | 142 void CreateStrictModeFunctionMaps(Handle<JSFunction> empty); |
| 142 void CreateStrongModeFunctionMaps(Handle<JSFunction> empty); | 143 void CreateStrongModeFunctionMaps(Handle<JSFunction> empty); |
| 143 | 144 |
| 144 // Make the "arguments" and "caller" properties throw a TypeError on access. | 145 // Make the "arguments" and "caller" properties throw a TypeError on access. |
| 145 void AddRestrictedFunctionProperties(Handle<Map> map); | 146 void AddRestrictedFunctionProperties(Handle<Map> map); |
| 146 | 147 |
| 147 // Creates the global objects using the global proxy and the template passed | 148 // Creates the global objects using the global proxy and the template passed |
| 148 // in through the API. We call this regardless of whether we are building a | 149 // in through the API. We call this regardless of whether we are building a |
| 149 // context from scratch or using a deserialized one from the partial snapshot | 150 // context from scratch or using a deserialized one from the partial snapshot |
| (...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 288 Isolate* isolate_; | 289 Isolate* isolate_; |
| 289 Handle<Context> result_; | 290 Handle<Context> result_; |
| 290 Handle<Context> native_context_; | 291 Handle<Context> native_context_; |
| 291 | 292 |
| 292 // Function maps. Function maps are created initially with a read only | 293 // Function maps. Function maps are created initially with a read only |
| 293 // prototype for the processing of JS builtins. Later the function maps are | 294 // prototype for the processing of JS builtins. Later the function maps are |
| 294 // replaced in order to make prototype writable. These are the final, writable | 295 // replaced in order to make prototype writable. These are the final, writable |
| 295 // prototype, maps. | 296 // prototype, maps. |
| 296 Handle<Map> sloppy_function_map_writable_prototype_; | 297 Handle<Map> sloppy_function_map_writable_prototype_; |
| 297 Handle<Map> strict_function_map_writable_prototype_; | 298 Handle<Map> strict_function_map_writable_prototype_; |
| 298 Handle<JSFunction> strict_poison_function; | 299 Handle<JSFunction> strict_poison_function_; |
| 299 Handle<JSFunction> restricted_function_properties_thrower; | 300 Handle<JSFunction> restricted_function_properties_thrower_; |
| 300 | 301 |
| 301 BootstrapperActive active_; | 302 BootstrapperActive active_; |
| 302 friend class Bootstrapper; | 303 friend class Bootstrapper; |
| 303 }; | 304 }; |
| 304 | 305 |
| 305 | 306 |
| 306 void Bootstrapper::Iterate(ObjectVisitor* v) { | 307 void Bootstrapper::Iterate(ObjectVisitor* v) { |
| 307 extensions_cache_.Iterate(v); | 308 extensions_cache_.Iterate(v); |
| 308 v->Synchronize(VisitorSynchronization::kExtensions); | 309 v->Synchronize(VisitorSynchronization::kExtensions); |
| 309 } | 310 } |
| (...skipping 296 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 606 Handle<AccessorInfo> name = | 607 Handle<AccessorInfo> name = |
| 607 Accessors::FunctionNameInfo(isolate(), ro_attribs); | 608 Accessors::FunctionNameInfo(isolate(), ro_attribs); |
| 608 { // Add name. | 609 { // Add name. |
| 609 AccessorConstantDescriptor d(Handle<Name>(Name::cast(name->name())), name, | 610 AccessorConstantDescriptor d(Handle<Name>(Name::cast(name->name())), name, |
| 610 ro_attribs); | 611 ro_attribs); |
| 611 map->AppendDescriptor(&d); | 612 map->AppendDescriptor(&d); |
| 612 } | 613 } |
| 613 } | 614 } |
| 614 | 615 |
| 615 | 616 |
| 617 // Creates the %ThrowTypeError% function. |
| 618 Handle<JSFunction> Genesis::GetThrowTypeErrorIntrinsic( |
| 619 Builtins::Name builtin_name) { |
| 620 Handle<String> name = |
| 621 factory()->InternalizeOneByteString(STATIC_CHAR_VECTOR("ThrowTypeError")); |
| 622 Handle<Code> code(isolate()->builtins()->builtin(builtin_name)); |
| 623 Handle<JSFunction> function = |
| 624 factory()->NewFunctionWithoutPrototype(name, code); |
| 625 function->set_map(native_context()->sloppy_function_map()); |
| 626 function->shared()->DontAdaptArguments(); |
| 627 |
| 628 // %ThrowTypeError% must not have a name property. |
| 629 JSReceiver::DeleteProperty(function, factory()->name_string()).Assert(); |
| 630 |
| 631 // length needs to be non configurable. |
| 632 Handle<Object> value(Smi::FromInt(function->shared()->length()), isolate()); |
| 633 JSObject::SetOwnPropertyIgnoreAttributes( |
| 634 function, factory()->length_string(), value, |
| 635 static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE | READ_ONLY)) |
| 636 .Assert(); |
| 637 |
| 638 JSObject::PreventExtensions(function).Assert(); |
| 639 |
| 640 return function; |
| 641 } |
| 642 |
| 643 |
| 616 // ECMAScript 5th Edition, 13.2.3 | 644 // ECMAScript 5th Edition, 13.2.3 |
| 617 Handle<JSFunction> Genesis::GetRestrictedFunctionPropertiesThrower() { | 645 Handle<JSFunction> Genesis::GetRestrictedFunctionPropertiesThrower() { |
| 618 if (restricted_function_properties_thrower.is_null()) { | 646 if (restricted_function_properties_thrower_.is_null()) { |
| 619 Handle<String> name = factory()->InternalizeOneByteString( | 647 restricted_function_properties_thrower_ = GetThrowTypeErrorIntrinsic( |
| 620 STATIC_CHAR_VECTOR("ThrowTypeError")); | 648 Builtins::kRestrictedFunctionPropertiesThrower); |
| 621 Handle<Code> code(isolate()->builtins()->builtin( | |
| 622 Builtins::kRestrictedFunctionPropertiesThrower)); | |
| 623 restricted_function_properties_thrower = | |
| 624 factory()->NewFunctionWithoutPrototype(name, code); | |
| 625 restricted_function_properties_thrower->set_map( | |
| 626 native_context()->sloppy_function_map()); | |
| 627 restricted_function_properties_thrower->shared()->DontAdaptArguments(); | |
| 628 | |
| 629 JSObject::PreventExtensions(restricted_function_properties_thrower) | |
| 630 .Assert(); | |
| 631 } | 649 } |
| 632 return restricted_function_properties_thrower; | 650 return restricted_function_properties_thrower_; |
| 633 } | 651 } |
| 634 | 652 |
| 635 | 653 |
| 636 Handle<JSFunction> Genesis::GetStrictArgumentsPoisonFunction() { | 654 Handle<JSFunction> Genesis::GetStrictArgumentsPoisonFunction() { |
| 637 if (strict_poison_function.is_null()) { | 655 if (strict_poison_function_.is_null()) { |
| 638 Handle<String> name = factory()->InternalizeOneByteString( | 656 strict_poison_function_ = GetThrowTypeErrorIntrinsic( |
| 639 STATIC_CHAR_VECTOR("ThrowTypeError")); | 657 Builtins::kRestrictedStrictArgumentsPropertiesThrower); |
| 640 Handle<Code> code(isolate()->builtins()->builtin( | |
| 641 Builtins::kRestrictedStrictArgumentsPropertiesThrower)); | |
| 642 strict_poison_function = factory()->NewFunctionWithoutPrototype(name, code); | |
| 643 strict_poison_function->set_map(native_context()->sloppy_function_map()); | |
| 644 strict_poison_function->shared()->DontAdaptArguments(); | |
| 645 | |
| 646 JSObject::PreventExtensions(strict_poison_function).Assert(); | |
| 647 } | 658 } |
| 648 return strict_poison_function; | 659 return strict_poison_function_; |
| 649 } | 660 } |
| 650 | 661 |
| 651 | 662 |
| 652 Handle<Map> Genesis::CreateStrictFunctionMap( | 663 Handle<Map> Genesis::CreateStrictFunctionMap( |
| 653 FunctionMode function_mode, Handle<JSFunction> empty_function) { | 664 FunctionMode function_mode, Handle<JSFunction> empty_function) { |
| 654 Handle<Map> map = factory()->NewMap(JS_FUNCTION_TYPE, JSFunction::kSize); | 665 Handle<Map> map = factory()->NewMap(JS_FUNCTION_TYPE, JSFunction::kSize); |
| 655 SetStrictFunctionInstanceDescriptor(map, function_mode); | 666 SetStrictFunctionInstanceDescriptor(map, function_mode); |
| 656 map->set_function_with_prototype(IsFunctionModeWithPrototype(function_mode)); | 667 map->set_function_with_prototype(IsFunctionModeWithPrototype(function_mode)); |
| 657 Map::SetPrototype(map, empty_function); | 668 Map::SetPrototype(map, empty_function); |
| 658 return map; | 669 return map; |
| (...skipping 2289 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2948 return from + sizeof(NestingCounterType); | 2959 return from + sizeof(NestingCounterType); |
| 2949 } | 2960 } |
| 2950 | 2961 |
| 2951 | 2962 |
| 2952 // Called when the top-level V8 mutex is destroyed. | 2963 // Called when the top-level V8 mutex is destroyed. |
| 2953 void Bootstrapper::FreeThreadResources() { | 2964 void Bootstrapper::FreeThreadResources() { |
| 2954 DCHECK(!IsActive()); | 2965 DCHECK(!IsActive()); |
| 2955 } | 2966 } |
| 2956 | 2967 |
| 2957 } } // namespace v8::internal | 2968 } } // namespace v8::internal |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1061393002:
Fix issues with name and length on poison pill function (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master