Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/objects.cc

Issue 1241953010: Properly fix enumerate / Object.keys wrt access checked objects (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | src/runtime/runtime-object.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 the V8 project authors. All rights reserved. 1 // Copyright 2013 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <iomanip> 5 #include <iomanip>
6 #include <sstream> 6 #include <sstream>
7 7
8 #include "src/v8.h" 8 #include "src/v8.h"
9 9
10 #include "src/accessors.h" 10 #include "src/accessors.h"
(...skipping 6129 matching lines...) Expand 10 before | Expand all | Expand 10 after
6140 6140
6141 6141
6142 MaybeHandle<FixedArray> JSReceiver::GetKeys(Handle<JSReceiver> object, 6142 MaybeHandle<FixedArray> JSReceiver::GetKeys(Handle<JSReceiver> object,
6143 KeyCollectionType type) { 6143 KeyCollectionType type) {
6144 USE(ContainsOnlyValidKeys); 6144 USE(ContainsOnlyValidKeys);
6145 Isolate* isolate = object->GetIsolate(); 6145 Isolate* isolate = object->GetIsolate();
6146 Handle<FixedArray> content = isolate->factory()->empty_fixed_array(); 6146 Handle<FixedArray> content = isolate->factory()->empty_fixed_array();
6147 Handle<JSFunction> arguments_function( 6147 Handle<JSFunction> arguments_function(
6148 JSFunction::cast(isolate->sloppy_arguments_map()->GetConstructor())); 6148 JSFunction::cast(isolate->sloppy_arguments_map()->GetConstructor()));
6149 6149
6150 PrototypeIterator::WhereToEnd end = type == OWN_ONLY
6151 ? PrototypeIterator::END_AT_NON_HIDDEN
6152 : PrototypeIterator::END_AT_NULL;
6150 // Only collect keys if access is permitted. 6153 // Only collect keys if access is permitted.
6151 for (PrototypeIterator iter(isolate, object, 6154 for (PrototypeIterator iter(isolate, object,
6152 PrototypeIterator::START_AT_RECEIVER); 6155 PrototypeIterator::START_AT_RECEIVER);
6153 !iter.IsAtEnd(); iter.Advance()) { 6156 !iter.IsAtEnd(end); iter.Advance()) {
6154 if (PrototypeIterator::GetCurrent(iter)->IsJSProxy()) { 6157 if (PrototypeIterator::GetCurrent(iter)->IsJSProxy()) {
6155 Handle<JSProxy> proxy(JSProxy::cast(*PrototypeIterator::GetCurrent(iter)), 6158 Handle<JSProxy> proxy(JSProxy::cast(*PrototypeIterator::GetCurrent(iter)),
6156 isolate); 6159 isolate);
6157 Handle<Object> args[] = { proxy }; 6160 Handle<Object> args[] = { proxy };
6158 Handle<Object> names; 6161 Handle<Object> names;
6159 ASSIGN_RETURN_ON_EXCEPTION( 6162 ASSIGN_RETURN_ON_EXCEPTION(
6160 isolate, names, 6163 isolate, names,
6161 Execution::Call(isolate, 6164 Execution::Call(isolate,
6162 isolate->proxy_enumerate(), 6165 isolate->proxy_enumerate(),
6163 object, 6166 object,
6164 arraysize(args), 6167 arraysize(args),
6165 args), 6168 args),
6166 FixedArray); 6169 FixedArray);
6167 ASSIGN_RETURN_ON_EXCEPTION( 6170 ASSIGN_RETURN_ON_EXCEPTION(
6168 isolate, content, 6171 isolate, content,
6169 FixedArray::AddKeysFromArrayLike( 6172 FixedArray::AddKeysFromArrayLike(
6170 content, Handle<JSObject>::cast(names)), 6173 content, Handle<JSObject>::cast(names)),
6171 FixedArray); 6174 FixedArray);
6172 break; 6175 break;
6173 } 6176 }
6174 6177
6175 Handle<JSObject> current = 6178 Handle<JSObject> current =
6176 Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter)); 6179 Handle<JSObject>::cast(PrototypeIterator::GetCurrent(iter));
6177 6180
6178 // Check access rights if required. 6181 // Check access rights if required.
6179 if (current->IsAccessCheckNeeded() && !isolate->MayAccess(current)) { 6182 if (current->IsAccessCheckNeeded() && !isolate->MayAccess(current)) {
6180 return content; 6183 if (iter.IsAtEnd(PrototypeIterator::END_AT_NON_HIDDEN)) {
6184 isolate->ReportFailedAccessCheck(current);
6185 RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, FixedArray);
6186 }
6187 break;
6181 } 6188 }
6182 6189
6183 // Compute the element keys. 6190 // Compute the element keys.
6184 Handle<FixedArray> element_keys = 6191 Handle<FixedArray> element_keys =
6185 isolate->factory()->NewFixedArray(current->NumberOfEnumElements()); 6192 isolate->factory()->NewFixedArray(current->NumberOfEnumElements());
6186 current->GetEnumElementKeys(*element_keys); 6193 current->GetEnumElementKeys(*element_keys);
6187 ASSIGN_RETURN_ON_EXCEPTION( 6194 ASSIGN_RETURN_ON_EXCEPTION(
6188 isolate, content, 6195 isolate, content,
6189 FixedArray::UnionOfKeys(content, element_keys), 6196 FixedArray::UnionOfKeys(content, element_keys),
6190 FixedArray); 6197 FixedArray);
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
6230 Handle<JSObject> result; 6237 Handle<JSObject> result;
6231 if (JSObject::GetKeysForNamedInterceptor( 6238 if (JSObject::GetKeysForNamedInterceptor(
6232 current, object).ToHandle(&result)) { 6239 current, object).ToHandle(&result)) {
6233 ASSIGN_RETURN_ON_EXCEPTION( 6240 ASSIGN_RETURN_ON_EXCEPTION(
6234 isolate, content, FixedArray::AddKeysFromArrayLike( 6241 isolate, content, FixedArray::AddKeysFromArrayLike(
6235 content, result, FixedArray::NON_SYMBOL_KEYS), 6242 content, result, FixedArray::NON_SYMBOL_KEYS),
6236 FixedArray); 6243 FixedArray);
6237 } 6244 }
6238 DCHECK(ContainsOnlyValidKeys(content)); 6245 DCHECK(ContainsOnlyValidKeys(content));
6239 } 6246 }
6240
6241 // If we only want own properties we bail out after the first
6242 // iteration.
6243 if (type == OWN_ONLY) break;
6244 } 6247 }
6245 return content; 6248 return content;
6246 } 6249 }
6247 6250
6248 6251
6249 bool Map::DictionaryElementsInPrototypeChainOnly() { 6252 bool Map::DictionaryElementsInPrototypeChainOnly() {
6250 if (IsDictionaryElementsKind(elements_kind())) { 6253 if (IsDictionaryElementsKind(elements_kind())) {
6251 return false; 6254 return false;
6252 } 6255 }
6253 6256
(...skipping 9642 matching lines...) Expand 10 before | Expand all | Expand 10 after
15896 Handle<Object> new_value) { 15899 Handle<Object> new_value) {
15897 if (cell->value() != *new_value) { 15900 if (cell->value() != *new_value) {
15898 cell->set_value(*new_value); 15901 cell->set_value(*new_value);
15899 Isolate* isolate = cell->GetIsolate(); 15902 Isolate* isolate = cell->GetIsolate();
15900 cell->dependent_code()->DeoptimizeDependentCodeGroup( 15903 cell->dependent_code()->DeoptimizeDependentCodeGroup(
15901 isolate, DependentCode::kPropertyCellChangedGroup); 15904 isolate, DependentCode::kPropertyCellChangedGroup);
15902 } 15905 }
15903 } 15906 }
15904 } // namespace internal 15907 } // namespace internal
15905 } // namespace v8 15908 } // namespace v8
OLDNEW
« no previous file with comments | « no previous file | src/runtime/runtime-object.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698