Replace SetObjectProperty / DefineObjectProperty with less powerful alternatives where relevant.

src/runtime/runtime-object.cc

 // Copyright 2014 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #include "src/arguments.h"
 #include "src/bootstrapper.h"
 #include "src/debug.h"
 #include "src/messages.h"
@@ skipping 74 matching lines @@
                                                Handle<Object> key,
                                                Handle<Object> value,
                                                LanguageMode language_mode) {
   if (object->IsUndefined() || object->IsNull()) {
     THROW_NEW_ERROR(
         isolate,
         NewTypeError(MessageTemplate::kNonObjectPropertyStore, key, object),
         Object);
   }
 
-  if (object->IsJSProxy()) {
-    Handle<Object> name_object;
-    if (key->IsSymbol()) {
-      name_object = key;
-    } else {
-      ASSIGN_RETURN_ON_EXCEPTION(isolate, name_object,
-                                 Execution::ToString(isolate, key), Object);
-    }
-    Handle<Name> name = Handle<Name>::cast(name_object);
-    return Object::SetProperty(Handle<JSProxy>::cast(object), name, value,
-                               language_mode);
-  }
-
   // Check if the given key is an array index.
   uint32_t index = 0;
   if (key->ToArrayIndex(&index)) {
-    // TODO(verwaest): Support non-JSObject receivers.
-    if (!object->IsJSObject()) return value;
-    Handle<JSObject> js_object = Handle<JSObject>::cast(object);
-
-    // In Firefox/SpiderMonkey, Safari and Opera you can access the characters
-    // of a string using [] notation.  We need to support this too in
-    // JavaScript.
-    // In the case of a String object we just need to redirect the assignment to
-    // the underlying string if the index is in range.  Since the underlying
-    // string does nothing with the assignment then we can ignore such
-    // assignments.
-    if (js_object->IsStringObjectWithCharacterAt(index)) {
-      return value;
-    }
-
-    JSObject::ValidateElements(js_object);
-    if (js_object->HasExternalArrayElements() ||
-        js_object->HasFixedTypedArrayElements()) {
-      if (!value->IsNumber() && !value->IsUndefined()) {
-        ASSIGN_RETURN_ON_EXCEPTION(isolate, value,
-                                   Execution::ToNumber(isolate, value), Object);
-      }
-    }
-
-    MaybeHandle<Object> result =
-        JSObject::SetElement(js_object, index, value, language_mode);
-    JSObject::ValidateElements(js_object);
-
-    return result.is_null() ? result : value;
-  }
-
-  if (key->IsName()) {
-    Handle<Name> name = Handle<Name>::cast(key);
-    if (name->AsArrayIndex(&index)) {
-      // TODO(verwaest): Support non-JSObject receivers.
-      if (!object->IsJSObject()) return value;
-      Handle<JSObject> js_object = Handle<JSObject>::cast(object);
-      if (js_object->HasExternalArrayElements()) {
-        if (!value->IsNumber() && !value->IsUndefined()) {
-          ASSIGN_RETURN_ON_EXCEPTION(
-              isolate, value, Execution::ToNumber(isolate, value), Object);
-        }
-      }
-      return JSObject::SetElement(js_object, index, value, language_mode);
-    } else {
-      if (name->IsString()) name = String::Flatten(Handle<String>::cast(name));
-      return Object::SetProperty(object, name, value, language_mode);
-    }
-  }
-
-  // Call-back into JavaScript to convert the key to a string.
-  Handle<Object> converted;
-  ASSIGN_RETURN_ON_EXCEPTION(isolate, converted,
-                             Execution::ToString(isolate, key), Object);
-  Handle<String> name = Handle<String>::cast(converted);
-
-  if (name->AsArrayIndex(&index)) {
-    // TODO(verwaest): Support non-JSObject receivers.
-    if (!object->IsJSObject()) return value;
-    Handle<JSObject> js_object = Handle<JSObject>::cast(object);
-    return JSObject::SetElement(js_object, index, value, language_mode);
-  }
-  return Object::SetProperty(object, name, value, language_mode);
-}
-
-
-MaybeHandle<Object> Runtime::DefineObjectProperty(Handle<JSObject> js_object,
-                                                  Handle<Object> key,
-                                                  Handle<Object> value,
-                                                  PropertyAttributes attrs) {
-  Isolate* isolate = js_object->GetIsolate();
-  // Check if the given key is an array index.
-  uint32_t index = 0;
-  if (key->ToArrayIndex(&index)) {
-    return JSObject::SetOwnElementIgnoreAttributes(js_object, index, value,
-                                                   attrs);
+    // TODO(verwaest): Support other objects as well.
+    if (!object->IsJSReceiver()) return value;
+    return JSReceiver::SetElement(Handle<JSReceiver>::cast(object), index,
+                                  value, language_mode);
   }
 
   Handle<Name> name;
   if (key->IsName()) {
     name = Handle<Name>::cast(key);
   } else {
     // Call-back into JavaScript to convert the key to a string.
     Handle<Object> converted;
     ASSIGN_RETURN_ON_EXCEPTION(isolate, converted,
                                Execution::ToString(isolate, key), Object);
     name = Handle<String>::cast(converted);
   }
 
   if (name->AsArrayIndex(&index)) {
-    return JSObject::SetOwnElementIgnoreAttributes(js_object, index, value,
-                                                   attrs);
-  } else {
-    if (name->IsString()) name = String::Flatten(Handle<String>::cast(name));
-    return JSObject::SetOwnPropertyIgnoreAttributes(js_object, name, value,
-                                                    attrs);
+    // TODO(verwaest): Support other objects as well.
+    if (!object->IsJSReceiver()) return value;
+    return JSReceiver::SetElement(Handle<JSReceiver>::cast(object), index,
+                                  value, language_mode);
   }
+  return Object::SetProperty(object, name, value, language_mode);
 }
 
 
 MaybeHandle<Object> Runtime::GetPrototype(Isolate* isolate,
                                           Handle<Object> obj) {
   // We don't expect access checks to be needed on JSProxy objects.
   DCHECK(!obj->IsAccessCheckNeeded() || obj->IsJSObject());
   PrototypeIterator iter(isolate, obj, PrototypeIterator::START_AT_RECEIVER);
   do {
     if (PrototypeIterator::GetCurrent(iter)->IsAccessCheckNeeded() &&
@@ skipping 1130 matching lines @@
 
 // Implements part of 8.12.9 DefineOwnProperty.
 // There are 3 cases that lead here:
 // Step 4a - define a new data property.
 // Steps 9b & 12 - replace an existing accessor property with a data property.
 // Step 12 - update an existing data property with a data or generic
 //           descriptor.
 RUNTIME_FUNCTION(Runtime_DefineDataPropertyUnchecked) {
   HandleScope scope(isolate);
   DCHECK(args.length() == 4);
-  CONVERT_ARG_HANDLE_CHECKED(JSObject, js_object, 0);
+  CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
   CONVERT_ARG_HANDLE_CHECKED(Name, name, 1);
-  CONVERT_ARG_HANDLE_CHECKED(Object, obj_value, 2);
+  CONVERT_ARG_HANDLE_CHECKED(Object, value, 2);
   CONVERT_PROPERTY_ATTRIBUTES_CHECKED(attrs, 3);
 
-  LookupIterator it(js_object, name, LookupIterator::OWN_SKIP_INTERCEPTOR);
-  if (it.IsFound() && it.state() == LookupIterator::ACCESS_CHECK) {
-    if (!isolate->MayAccess(js_object)) {
-      return isolate->heap()->undefined_value();
-    }
-    it.Next();
+  uint32_t index = 0;
+  LookupIterator::Configuration c = LookupIterator::OWN_SKIP_INTERCEPTOR;
+  LookupIterator it = name->AsArrayIndex(&index)
+                          ? LookupIterator(isolate, object, index, c)
+                          : LookupIterator(object, name, c);
+  if (it.state() == LookupIterator::ACCESS_CHECK && !it.HasAccess()) {
+    return isolate->heap()->undefined_value();
   }
 
   Handle<Object> result;
-  ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
-      isolate, result,
-      Runtime::DefineObjectProperty(js_object, name, obj_value, attrs));
+  MaybeHandle<Object> maybe_result =
+      it.IsElement()
+          ? JSObject::SetOwnElementIgnoreAttributes(object, index, value, attrs)
+          : JSObject::SetOwnPropertyIgnoreAttributes(object, name, value,
+                                                     attrs);
+  ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, result, maybe_result);
   return *result;
 }
 
 
 // Return property without being observable by accessors or interceptors.
 RUNTIME_FUNCTION(Runtime_GetDataProperty) {
   HandleScope scope(isolate);
   DCHECK(args.length() == 2);
   CONVERT_ARG_HANDLE_CHECKED(JSReceiver, object, 0);
-  CONVERT_ARG_HANDLE_CHECKED(Name, key, 1);
-  return *JSReceiver::GetDataProperty(object, key);
+  CONVERT_ARG_HANDLE_CHECKED(Name, name, 1);
+  return *JSReceiver::GetDataProperty(object, name);
 }
 
 
 RUNTIME_FUNCTION(Runtime_HasFastPackedElements) {
   SealHandleScope shs(isolate);
   DCHECK(args.length() == 1);
   CONVERT_ARG_CHECKED(HeapObject, obj, 0);
   return isolate->heap()->ToBoolean(
       IsFastPackedElementsKind(obj->map()->elements_kind()));
 }
@@ skipping 126 matching lines @@
   CONVERT_PROPERTY_ATTRIBUTES_CHECKED(attrs, 3);
 
   RETURN_FAILURE_ON_EXCEPTION(
       isolate,
       JSObject::DefineAccessor(object, name, isolate->factory()->null_value(),
                                setter, attrs));
   return isolate->heap()->undefined_value();
 }
 }  // namespace internal
 }  // namespace v8