| OLD | NEW |
|---|
| 1 // Copyright 2012 the V8 project authors. All rights reserved. | 1 // Copyright 2012 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/builtins.h" | 5 #include "src/builtins.h" |
| 6 | 6 |
| 7 #include "src/api.h" | 7 #include "src/api.h" |
| 8 #include "src/api-natives.h" | 8 #include "src/api-natives.h" |
| 9 #include "src/arguments.h" | 9 #include "src/arguments.h" |
| 10 #include "src/base/once.h" | 10 #include "src/base/once.h" |
| (...skipping 1065 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1076 ASSIGN_RETURN_ON_EXCEPTION_VALUE( | 1076 ASSIGN_RETURN_ON_EXCEPTION_VALUE( |
| 1077 isolate, element_value, | 1077 isolate, element_value, |
| 1078 Object::GetElement(isolate, receiver, j), false); | 1078 Object::GetElement(isolate, receiver, j), false); |
| 1079 visitor->visit(j, element_value); | 1079 visitor->visit(j, element_value); |
| 1080 } | 1080 } |
| 1081 } | 1081 } |
| 1082 } | 1082 } |
| 1083 break; | 1083 break; |
| 1084 } | 1084 } |
| 1085 case DICTIONARY_ELEMENTS: { | 1085 case DICTIONARY_ELEMENTS: { |
| 1086 // CollectElementIndices() can't be called when there's a JSProxy |
| 1087 // on the prototype chain. |
| 1088 for (PrototypeIterator iter(isolate, receiver); !iter.IsAtEnd(); |
| 1089 iter.Advance()) { |
| 1090 if (PrototypeIterator::GetCurrent(iter)->IsJSProxy()) { |
| 1091 return IterateElementsSlow(isolate, receiver, length, visitor); |
| 1092 } |
| 1093 } |
| 1086 Handle<SeededNumberDictionary> dict(receiver->element_dictionary()); | 1094 Handle<SeededNumberDictionary> dict(receiver->element_dictionary()); |
| 1087 List<uint32_t> indices(dict->Capacity() / 2); | 1095 List<uint32_t> indices(dict->Capacity() / 2); |
| 1088 // Collect all indices in the object and the prototypes less | 1096 // Collect all indices in the object and the prototypes less |
| 1089 // than length. This might introduce duplicates in the indices list. | 1097 // than length. This might introduce duplicates in the indices list. |
| 1090 CollectElementIndices(receiver, length, &indices); | 1098 CollectElementIndices(receiver, length, &indices); |
| 1091 indices.Sort(&compareUInt32); | 1099 indices.Sort(&compareUInt32); |
| 1092 int j = 0; | 1100 int j = 0; |
| 1093 int n = indices.length(); | 1101 int n = indices.length(); |
| 1094 while (j < n) { | 1102 while (j < n) { |
| 1095 HandleScope loop_scope(isolate); | 1103 HandleScope loop_scope(isolate); |
| (...skipping 1203 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2299 BUILTIN_LIST_C(DEFINE_BUILTIN_ACCESSOR_C) | 2307 BUILTIN_LIST_C(DEFINE_BUILTIN_ACCESSOR_C) |
| 2300 BUILTIN_LIST_A(DEFINE_BUILTIN_ACCESSOR_A) | 2308 BUILTIN_LIST_A(DEFINE_BUILTIN_ACCESSOR_A) |
| 2301 BUILTIN_LIST_H(DEFINE_BUILTIN_ACCESSOR_H) | 2309 BUILTIN_LIST_H(DEFINE_BUILTIN_ACCESSOR_H) |
| 2302 BUILTIN_LIST_DEBUG_A(DEFINE_BUILTIN_ACCESSOR_A) | 2310 BUILTIN_LIST_DEBUG_A(DEFINE_BUILTIN_ACCESSOR_A) |
| 2303 #undef DEFINE_BUILTIN_ACCESSOR_C | 2311 #undef DEFINE_BUILTIN_ACCESSOR_C |
| 2304 #undef DEFINE_BUILTIN_ACCESSOR_A | 2312 #undef DEFINE_BUILTIN_ACCESSOR_A |
| 2305 | 2313 |
| 2306 | 2314 |
| 2307 } // namespace internal | 2315 } // namespace internal |
| 2308 } // namespace v8 | 2316 } // namespace v8 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1402393003:
Ensure JSProxy correctness for PrototypeIterator uses (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master