| OLD | NEW |
|---|
| 1 // Copyright 2013 the V8 project authors. All rights reserved. | 1 // Copyright 2013 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/objects.h" | 5 #include "src/objects.h" |
| 6 | 6 |
| 7 #include <cmath> | 7 #include <cmath> |
| 8 #include <iomanip> | 8 #include <iomanip> |
| 9 #include <sstream> | 9 #include <sstream> |
| 10 | 10 |
| (...skipping 11490 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 11501 Handle<Map> current_user = user; | 11501 Handle<Map> current_user = user; |
| 11502 Handle<PrototypeInfo> current_user_info = | 11502 Handle<PrototypeInfo> current_user_info = |
| 11503 Map::GetOrCreatePrototypeInfo(user, isolate); | 11503 Map::GetOrCreatePrototypeInfo(user, isolate); |
| 11504 for (PrototypeIterator iter(user); !iter.IsAtEnd(); iter.Advance()) { | 11504 for (PrototypeIterator iter(user); !iter.IsAtEnd(); iter.Advance()) { |
| 11505 // Walk up the prototype chain as far as links haven't been registered yet. | 11505 // Walk up the prototype chain as far as links haven't been registered yet. |
| 11506 if (current_user_info->registry_slot() != PrototypeInfo::UNREGISTERED) { | 11506 if (current_user_info->registry_slot() != PrototypeInfo::UNREGISTERED) { |
| 11507 break; | 11507 break; |
| 11508 } | 11508 } |
| 11509 Handle<Object> maybe_proto = PrototypeIterator::GetCurrent(iter); | 11509 Handle<Object> maybe_proto = PrototypeIterator::GetCurrent(iter); |
| 11510 if (maybe_proto->IsJSGlobalProxy()) continue; | 11510 if (maybe_proto->IsJSGlobalProxy()) continue; |
| 11511 // Proxies on the prototype chain are not supported. | 11511 // Proxies on the prototype chain are not supported. They make it |
| 11512 // impossible to make any assumptions about the prototype chain anyway. |
| 11512 if (maybe_proto->IsJSProxy()) return; | 11513 if (maybe_proto->IsJSProxy()) return; |
| 11513 Handle<JSObject> proto = Handle<JSObject>::cast(maybe_proto); | 11514 Handle<JSObject> proto = Handle<JSObject>::cast(maybe_proto); |
| 11514 Handle<PrototypeInfo> proto_info = | 11515 Handle<PrototypeInfo> proto_info = |
| 11515 Map::GetOrCreatePrototypeInfo(proto, isolate); | 11516 Map::GetOrCreatePrototypeInfo(proto, isolate); |
| 11516 Handle<Object> maybe_registry(proto_info->prototype_users(), isolate); | 11517 Handle<Object> maybe_registry(proto_info->prototype_users(), isolate); |
| 11517 int slot = 0; | 11518 int slot = 0; |
| 11518 Handle<WeakFixedArray> new_array = | 11519 Handle<WeakFixedArray> new_array = |
| 11519 WeakFixedArray::Add(maybe_registry, current_user, &slot); | 11520 WeakFixedArray::Add(maybe_registry, current_user, &slot); |
| 11520 current_user_info->set_registry_slot(slot); | 11521 current_user_info->set_registry_slot(slot); |
| 11521 if (!maybe_registry.is_identical_to(new_array)) { | 11522 if (!maybe_registry.is_identical_to(new_array)) { |
| (...skipping 2543 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 14065 bool dictionary_elements_in_chain = | 14066 bool dictionary_elements_in_chain = |
| 14066 object->map()->DictionaryElementsInPrototypeChainOnly(); | 14067 object->map()->DictionaryElementsInPrototypeChainOnly(); |
| 14067 | 14068 |
| 14068 bool all_extensible = object->map()->is_extensible(); | 14069 bool all_extensible = object->map()->is_extensible(); |
| 14069 Handle<JSObject> real_receiver = object; | 14070 Handle<JSObject> real_receiver = object; |
| 14070 if (from_javascript) { | 14071 if (from_javascript) { |
| 14071 // Find the first object in the chain whose prototype object is not | 14072 // Find the first object in the chain whose prototype object is not |
| 14072 // hidden. | 14073 // hidden. |
| 14073 PrototypeIterator iter(isolate, real_receiver); | 14074 PrototypeIterator iter(isolate, real_receiver); |
| 14074 while (!iter.IsAtEnd(PrototypeIterator::END_AT_NON_HIDDEN)) { | 14075 while (!iter.IsAtEnd(PrototypeIterator::END_AT_NON_HIDDEN)) { |
| 14076 // Casting to JSObject is fine because hidden prototypes are never |
| 14077 // JSProxies. |
| 14075 real_receiver = PrototypeIterator::GetCurrent<JSObject>(iter); | 14078 real_receiver = PrototypeIterator::GetCurrent<JSObject>(iter); |
| 14076 iter.Advance(); | 14079 iter.Advance(); |
| 14077 all_extensible = all_extensible && real_receiver->map()->is_extensible(); | 14080 all_extensible = all_extensible && real_receiver->map()->is_extensible(); |
| 14078 } | 14081 } |
| 14079 } | 14082 } |
| 14080 Handle<Map> map(real_receiver->map()); | 14083 Handle<Map> map(real_receiver->map()); |
| 14081 | 14084 |
| 14082 // Nothing to do if prototype is already set. | 14085 // Nothing to do if prototype is already set. |
| 14083 if (map->prototype() == *value) return Just(true); | 14086 if (map->prototype() == *value) return Just(true); |
| 14084 | 14087 |
| (...skipping 3846 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 17931 if (cell->value() != *new_value) { | 17934 if (cell->value() != *new_value) { |
| 17932 cell->set_value(*new_value); | 17935 cell->set_value(*new_value); |
| 17933 Isolate* isolate = cell->GetIsolate(); | 17936 Isolate* isolate = cell->GetIsolate(); |
| 17934 cell->dependent_code()->DeoptimizeDependentCodeGroup( | 17937 cell->dependent_code()->DeoptimizeDependentCodeGroup( |
| 17935 isolate, DependentCode::kPropertyCellChangedGroup); | 17938 isolate, DependentCode::kPropertyCellChangedGroup); |
| 17936 } | 17939 } |
| 17937 } | 17940 } |
| 17938 | 17941 |
| 17939 } // namespace internal | 17942 } // namespace internal |
| 17940 } // namespace v8 | 17943 } // namespace v8 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1402393003:
Ensure JSProxy correctness for PrototypeIterator uses (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master