Reland "Use C++ implementation of Object.definePropert{y,ies}"

src/objects.cc

Index: src/objects.cc
diff --git a/src/objects.cc b/src/objects.cc
index 39c30336ea755b86a1c9a25fccbba19d76adb284..91fd624f54df229c9ecc435d18b0a5f43ed3d754 100644
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -6024,6 +6024,17 @@ bool JSReceiver::OrdinaryDefineOwnProperty(Isolate* isolate,
   LookupIterator it = LookupIterator::PropertyOrElement(
       isolate, object, key, &success, LookupIterator::HIDDEN);
   DCHECK(success);  // ...so creating a LookupIterator can't fail.
+
+  // Deal with access checks first.
+  if (it.state() == LookupIterator::ACCESS_CHECK) {
+    if (!it.HasAccess()) {
+      isolate->ReportFailedAccessCheck(it.GetHolder<JSObject>());
+      RETURN_VALUE_IF_SCHEDULED_EXCEPTION(isolate, false);
+      return false;
+    }
+    it.Next();
+  }
+
   return OrdinaryDefineOwnProperty(&it, desc, should_throw);
 }
 
@@ -6063,6 +6074,13 @@ bool JSReceiver::OrdinaryDefineOwnProperty(LookupIterator* it,
       }
       return false;
     }
+    // We have to use a fresh LookupIterator to handle interceptors properly.
+    LookupIterator lookup_for_store =
+        it->IsElement() ? LookupIterator(isolate, it->GetReceiver(),
+                                         it->index(), LookupIterator::HIDDEN)
+                        : LookupIterator(it->GetReceiver(), it->name(),
+                                         LookupIterator::HIDDEN);
+
     // 2c. If IsGenericDescriptor(Desc) or IsDataDescriptor(Desc) is true, then:
     // (This is equivalent to !IsAccessorDescriptor(desc).)
     DCHECK((desc_is_generic_descriptor || desc_is_data_descriptor) ==
@@ -6082,8 +6100,9 @@ bool JSReceiver::OrdinaryDefineOwnProperty(LookupIterator* it,
                 ? desc->value()
                 : Handle<Object>::cast(isolate->factory()->undefined_value()));
         MaybeHandle<Object> result =
-            JSObject::DefineOwnPropertyIgnoreAttributes(it, value,
-                                                        desc->ToAttributes());
+            JSObject::DefineOwnPropertyIgnoreAttributes(
+                &lookup_for_store, value, desc->ToAttributes(),
+                JSObject::DONT_FORCE_FIELD);
         if (result.is_null()) return false;
       }
     } else {
@@ -6105,8 +6124,8 @@ bool JSReceiver::OrdinaryDefineOwnProperty(LookupIterator* it,
             desc->has_set()
                 ? desc->set()
                 : Handle<Object>::cast(isolate->factory()->undefined_value()));
-        MaybeHandle<Object> result =
-            JSObject::DefineAccessor(it, getter, setter, desc->ToAttributes());
+        MaybeHandle<Object> result = JSObject::DefineAccessor(
+            &lookup_for_store, getter, setter, desc->ToAttributes());
         if (result.is_null()) return false;
       }
     }
@@ -6515,7 +6534,7 @@ bool JSArray::ArraySetLength(Isolate* isolate, Handle<JSArray> a,
   if (!success && should_throw == THROW_ON_ERROR) {
     isolate->Throw(*isolate->factory()->NewTypeError(
         MessageTemplate::kStrictDeleteProperty,
-        isolate->factory()->NewNumberFromUint(actual_new_len - 1)));
+        isolate->factory()->NewNumberFromUint(actual_new_len - 1), a));
   }
   return success;
 }
@@ -7795,7 +7814,10 @@ MaybeHandle<FixedArray> JSReceiver::GetKeys(Handle<JSReceiver> object,
       DCHECK(filter == INCLUDE_SYMBOLS);
       PropertyAttributes attr_filter =
           static_cast<PropertyAttributes>(DONT_ENUM | PRIVATE_SYMBOL);
-      JSObject::CollectOwnElementKeys(current, &accumulator, attr_filter);
+      Handle<FixedArray> property_keys = isolate->factory()->NewFixedArray(
+          current->NumberOfOwnProperties(attr_filter));
+      current->GetOwnPropertyNames(*property_keys, 0, attr_filter);
+      accumulator.AddKeys(property_keys);
     }
 
     // Add the property keys from the interceptor.