Chromium Code Reviews Chromium Code Reviews
Issue 1092043002:
Protect the emptiness of Array prototype elements with a PropertyCell. (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| (...skipping 16623 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 16634 last_location = last_message = NULL; | 16634 last_location = last_message = NULL; |
| 16635 // Still entered, should fail. | 16635 // Still entered, should fail. |
| 16636 isolate->Dispose(); | 16636 isolate->Dispose(); |
| 16637 CHECK(last_location); | 16637 CHECK(last_location); |
| 16638 CHECK(last_message); | 16638 CHECK(last_message); |
| 16639 } | 16639 } |
| 16640 isolate->Dispose(); | 16640 isolate->Dispose(); |
| 16641 } | 16641 } |
| 16642 | 16642 |
| 16643 | 16643 |
| 16644 static void BreakArrayGuarantees(const char* script) { | |
| 16645 printf("script: %s\n", script); | |
|
Jakob Kummerow
2015/04/21 15:41:49
nit: debugging leftover?
mvstanton
2015/04/22 07:22:33
Done.
| |
| 16646 v8::Isolate* isolate1 = v8::Isolate::New(); | |
| 16647 isolate1->Enter(); | |
| 16648 v8::Persistent<v8::Context> context1; | |
| 16649 { | |
| 16650 v8::HandleScope scope(isolate1); | |
| 16651 context1.Reset(isolate1, Context::New(isolate1)); | |
| 16652 } | |
| 16653 | |
| 16654 { | |
| 16655 v8::HandleScope scope(isolate1); | |
| 16656 v8::Local<v8::Context> context = | |
| 16657 v8::Local<v8::Context>::New(isolate1, context1); | |
| 16658 v8::Context::Scope context_scope(context); | |
| 16659 v8::internal::Isolate* i_isolate = | |
| 16660 reinterpret_cast<v8::internal::Isolate*>(isolate1); | |
| 16661 DCHECK_EQ(true, i_isolate->IsFastArrayConstructorPrototypeChainIntact()); | |
|
Jakob Kummerow
2015/04/21 15:41:49
s/DCHECK/CHECK/, and again below?
mvstanton
2015/04/22 07:22:33
Done.
| |
| 16662 // Run something in new isolate. | |
| 16663 CompileRun(script); | |
| 16664 DCHECK_EQ(false, i_isolate->IsFastArrayConstructorPrototypeChainIntact()); | |
| 16665 } | |
| 16666 isolate1->Exit(); | |
| 16667 isolate1->Dispose(); | |
| 16668 } | |
| 16669 | |
| 16670 | |
| 16671 TEST(VerifyArrayPrototypeGuarantees) { | |
| 16672 // Break fast array hole handling by element changes. | |
| 16673 BreakArrayGuarantees("[].__proto__[1] = 3;"); | |
| 16674 BreakArrayGuarantees("Object.prototype[3] = 'three';"); | |
| 16675 BreakArrayGuarantees("Array.prototype.push(1);"); | |
| 16676 BreakArrayGuarantees("Array.prototype.unshift(1);"); | |
| 16677 // Break fast array hole handling by prototype structure changes. | |
| 16678 BreakArrayGuarantees("[].__proto__.__proto__ = { funny: true };"); | |
| 16679 // By sending elements to dictionary mode. | |
| 16680 BreakArrayGuarantees("Object.freeze(Array.prototype);"); | |
| 16681 BreakArrayGuarantees("Object.freeze(Object.prototype);"); | |
| 16682 BreakArrayGuarantees( | |
| 16683 "Object.defineProperty(Array.prototype, 0, {" | |
| 16684 " get: function() { return 3; }});"); | |
| 16685 BreakArrayGuarantees( | |
| 16686 "Object.defineProperty(Object.prototype, 0, {" | |
| 16687 " get: function() { return 3; }});"); | |
| 16688 } | |
| 16689 | |
| 16690 | |
| 16644 TEST(RunTwoIsolatesOnSingleThread) { | 16691 TEST(RunTwoIsolatesOnSingleThread) { |
| 16645 // Run isolate 1. | 16692 // Run isolate 1. |
| 16646 v8::Isolate* isolate1 = v8::Isolate::New(); | 16693 v8::Isolate* isolate1 = v8::Isolate::New(); |
| 16647 isolate1->Enter(); | 16694 isolate1->Enter(); |
| 16648 v8::Persistent<v8::Context> context1; | 16695 v8::Persistent<v8::Context> context1; |
| 16649 { | 16696 { |
| 16650 v8::HandleScope scope(isolate1); | 16697 v8::HandleScope scope(isolate1); |
| 16651 context1.Reset(isolate1, Context::New(isolate1)); | 16698 context1.Reset(isolate1, Context::New(isolate1)); |
| 16652 } | 16699 } |
| 16653 | 16700 |
| (...skipping 4364 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 21018 | 21065 |
| 21019 { | 21066 { |
| 21020 v8::HandleScope handle_scope(isolate); | 21067 v8::HandleScope handle_scope(isolate); |
| 21021 | 21068 |
| 21022 // Should work | 21069 // Should work |
| 21023 v8::Local<v8::Object> obj = v8::Object::New(isolate); | 21070 v8::Local<v8::Object> obj = v8::Object::New(isolate); |
| 21024 | 21071 |
| 21025 USE(obj); | 21072 USE(obj); |
| 21026 } | 21073 } |
| 21027 } | 21074 } |
| OLD | NEW |
