Introduce v8::Object::CreateDataProperty

src/api.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/api.h"
 
 #include <string.h>  // For memcpy, strlen.
 #ifdef V8_USE_ADDRESS_SANITIZER
 #include <sanitizer/asan_interface.h>
 #endif  // V8_USE_ADDRESS_SANITIZER
@@ skipping 3443 matching lines @@
   return Just(true);
 }
 
 
 bool v8::Object::Set(uint32_t index, v8::Handle<Value> value) {
   auto context = ContextFromHeapObject(Utils::OpenHandle(this));
   return Set(context, index, value).FromMaybe(false);
 }
 
 
+Maybe<bool> v8::Object::CreateDataProperty(v8::Local<v8::Context> context,
+                                           v8::Local<Name> key,
+                                           v8::Local<Value> value) {
+  PREPARE_FOR_EXECUTION_PRIMITIVE(context, "v8::Object::CreateDataProperty()",

[Toon Verwaest, 2015/05/26 19:40:55]

It seems like this is more of a DefineDataProperty or AddDataProperty than
CreateDataProperty. I wouldn't even know what that would mean in JS...

Can we just expose methods that have a JS equivalent? Doing the alternative is
bringing us trouble as it is; which is why you are replacing ForceSet.

[jochen (gone - plz use gerrit), 2015/05/27 07:28:30]

it's the name of the JS method.

+                                  bool);
+  auto self = Utils::OpenHandle(this);

[Toon Verwaest, 2015/05/26 19:40:55]

Note that I'm in the process of merging all named property and element handing.
This introduces duplication again...

+  auto key_obj = Utils::OpenHandle(*key);
+  auto value_obj = Utils::OpenHandle(*value);
+  if (!self->IsExtensible()) return Just(false);
+
+  uint32_t index = 0;
+  if (key_obj->AsArrayIndex(&index)) {
+    return CreateDataProperty(context, index, value);
+  }
+
+  // Special case for Array.length.

[jochen (gone - plz use gerrit), 2015/05/26 16:49:44]

Array.prototype.length is not configurable, so this just throws :-/

[Toon Verwaest, 2015/05/26 19:40:55]

Shouldn't this be allowed to modify the value of the length of nothing else is
"reconfigured"? Why is there a special path for this one property? I wouldn't be
surprised if that means that either this property, or all the others of its
class are wrongly handled.

[jochen (gone - plz use gerrit), 2015/05/27 07:28:29]

see v8natives.js

+  if (self->IsJSArray() &&
+      key->StrictEquals(Utils::ToLocal(
+          isolate->factory()->NewStringFromStaticChars("length")))) {
+    i::Handle<i::Object> args[] = {self, key_obj, value_obj};
+    i::Handle<i::Object> result;
+    has_pending_exception =
+        !CallV8HeapFunction(isolate, "$objectDefineArrayProperty",
+                            isolate->factory()->undefined_value(),
+                            arraysize(args), args).ToHandle(&result);
+    RETURN_ON_FAILED_EXECUTION_PRIMITIVE(bool);
+    return Just(true);
+  }
+
+  i::LookupIterator it(self, key_obj, i::LookupIterator::OWN_SKIP_INTERCEPTOR);
+  if (it.IsFound() && it.state() == i::LookupIterator::ACCESS_CHECK) {
+    if (isolate->MayAccess(self)) return Just(false);

[noordhuis, 2015/05/26 17:22:27]

Should this be `if (!isolate->MayAccess(self)) ...`?

[Toon Verwaest, 2015/05/26 19:40:55]

Yes. Seems like a missing test.

[jochen (gone - plz use gerrit), 2015/05/27 07:28:30]

done

+    it.Next();
+  }
+
+  if (it.state() == i::LookupIterator::DATA ||
+      it.state() == i::LookupIterator::ACCESSOR) {
+    if (it.property_details().attributes() & DONT_DELETE) return Just(false);
+
+    if (it.state() == i::LookupIterator::ACCESSOR) {
+      has_pending_exception = i::JSObject::SetOwnPropertyIgnoreAttributes(
+                                  self, key_obj, value_obj, NONE,
+                                  i::JSObject::DONT_FORCE_FIELD).is_null();
+      RETURN_ON_FAILED_EXECUTION_PRIMITIVE(bool);
+      return Just(true);
+    }
+  }
+
+
+  has_pending_exception = i::Runtime::DefineObjectProperty(
+                              self, key_obj, value_obj, NONE).is_null();
+  RETURN_ON_FAILED_EXECUTION_PRIMITIVE(bool);
+  return Just(true);
+}
+
+
+Maybe<bool> v8::Object::CreateDataProperty(v8::Local<v8::Context> context,
+                                           uint32_t index,
+                                           v8::Local<Value> value) {
+  PREPARE_FOR_EXECUTION_PRIMITIVE(context, "v8::Object::CreateDataProperty()",
+                                  bool);
+  auto self = Utils::OpenHandle(this);
+  auto value_obj = Utils::OpenHandle(*value);
+  if (!self->IsExtensible()) return Just(false);
+
+  if (self->IsJSArray()) {
+    size_t length =
+        i::NumberToSize(isolate, i::Handle<i::JSArray>::cast(self)->length());
+    if (index >= length) {
+      i::Handle<i::Object> args[] = {
+          self, isolate->factory()->Uint32ToString(index), value_obj};
+      i::Handle<i::Object> result;
+      has_pending_exception =
+          !CallV8HeapFunction(isolate, "$objectDefineArrayProperty",
+                              isolate->factory()->undefined_value(),
+                              arraysize(args), args).ToHandle(&result);
+      RETURN_ON_FAILED_EXECUTION_PRIMITIVE(bool);
+      return Just(true);
+    }
+  }
+
+  if (self->IsAccessCheckNeeded() && !isolate->MayAccess(self))
+    return Just(false);

[Toon Verwaest, 2015/05/26 19:40:55]

Add {} if on new line

[jochen (gone - plz use gerrit), 2015/05/27 07:28:29]

done

+
+  Maybe<PropertyAttributes> attributes =
+      i::JSObject::GetElementAttributeWithReceiver(self, self, index, false);
+  if (attributes.IsJust() && attributes.FromJust() != ABSENT) {
+    if (attributes.FromJust() & DONT_DELETE) return Just(false);
+
+
+    has_pending_exception =
+        i::JSObject::SetOwnPropertyIgnoreAttributes(
+            self, isolate->factory()->Uint32ToString(index), value_obj, NONE,

[Toon Verwaest, 2015/05/26 19:40:55]

You cannot use SetOwn... For elements at this moment. This will do something
entirely random and broken. Add a test and you'll see...

[jochen (gone - plz use gerrit), 2015/05/27 07:28:29]

this code path is covered by the test that sets arr[0] = 42 and arr[1] = 23

it's also what DefineObjectProperty does...

[Toon Verwaest, 2015/05/27 08:03:57]

I can guarantee you that that code path doesn't work. I wrote it.

+            i::JSObject::DONT_FORCE_FIELD).is_null();
+    RETURN_ON_FAILED_EXECUTION_PRIMITIVE(bool);
+    return Just(true);
+  }
+
+
+  has_pending_exception = i::Runtime::DefineObjectProperty(
+                              self, isolate->factory()->Uint32ToString(index),
+                              value_obj, NONE).is_null();
+  RETURN_ON_FAILED_EXECUTION_PRIMITIVE(bool);
+  return Just(true);
+}
+
+
 Maybe<bool> v8::Object::ForceSet(v8::Local<v8::Context> context,
                                  v8::Local<Value> key, v8::Local<Value> value,
                                  v8::PropertyAttribute attribs) {
   PREPARE_FOR_EXECUTION_PRIMITIVE(context, "v8::Object::Set()", bool);
   auto self = Utils::OpenHandle(this);
   auto key_obj = Utils::OpenHandle(*key);
   auto value_obj = Utils::OpenHandle(*value);
   has_pending_exception = i::Runtime::DefineObjectProperty(
       self,
       key_obj,
@@ skipping 4635 matching lines @@
   Isolate* isolate = reinterpret_cast<Isolate*>(info.GetIsolate());
   Address callback_address =
       reinterpret_cast<Address>(reinterpret_cast<intptr_t>(callback));
   VMState<EXTERNAL> state(isolate);
   ExternalCallbackScope call_scope(isolate, callback_address);
   callback(info);
 }
 
 
 } }  // namespace v8::internal