| Index: src/runtime.cc
|
| diff --git a/src/runtime.cc b/src/runtime.cc
|
| index 87cc0317be54c6b9de944d676a0ec03f1f1b5e47..87c29cc91626658729c56218ebe5d0e2125dcde9 100644
|
| --- a/src/runtime.cc
|
| +++ b/src/runtime.cc
|
| @@ -1456,6 +1456,7 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_GetPrototype) {
|
| isolate->heap()->proto_string(),
|
| v8::ACCESS_GET)) {
|
| isolate->ReportFailedAccessCheck(JSObject::cast(obj), v8::ACCESS_GET);
|
| + RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
| return isolate->heap()->undefined_value();
|
| }
|
| obj = obj->GetPrototype(isolate);
|
| @@ -1560,28 +1561,20 @@ enum AccessCheckResult {
|
| };
|
|
|
|
|
| -static AccessCheckResult CheckElementAccess(
|
| - JSObject* obj,
|
| - uint32_t index,
|
| - v8::AccessType access_type) {
|
| - // TODO(1095): we should traverse hidden prototype hierachy as well.
|
| - if (CheckGenericAccess(
|
| - obj, obj, index, access_type, &Isolate::MayIndexedAccess)) {
|
| - return ACCESS_ALLOWED;
|
| - }
|
| -
|
| - obj->GetIsolate()->ReportFailedAccessCheck(obj, access_type);
|
| - return ACCESS_FORBIDDEN;
|
| -}
|
| -
|
| -
|
| static AccessCheckResult CheckPropertyAccess(
|
| JSObject* obj,
|
| Name* name,
|
| v8::AccessType access_type) {
|
| uint32_t index;
|
| if (name->AsArrayIndex(&index)) {
|
| - return CheckElementAccess(obj, index, access_type);
|
| + // TODO(1095): we should traverse hidden prototype hierachy as well.
|
| + if (CheckGenericAccess(
|
| + obj, obj, index, access_type, &Isolate::MayIndexedAccess)) {
|
| + return ACCESS_ALLOWED;
|
| + }
|
| +
|
| + obj->GetIsolate()->ReportFailedAccessCheck(obj, access_type);
|
| + return ACCESS_FORBIDDEN;
|
| }
|
|
|
| LookupResult lookup(obj->GetIsolate());
|
| @@ -1641,14 +1634,20 @@ static MaybeObject* GetOwnProperty(Isolate* isolate,
|
| Heap* heap = isolate->heap();
|
| // Due to some WebKit tests, we want to make sure that we do not log
|
| // more than one access failure here.
|
| - switch (CheckPropertyAccess(*obj, *name, v8::ACCESS_HAS)) {
|
| + AccessCheckResult access_check_result =
|
| + CheckPropertyAccess(*obj, *name, v8::ACCESS_HAS);
|
| + RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
| + switch (access_check_result) {
|
| case ACCESS_FORBIDDEN: return heap->false_value();
|
| case ACCESS_ALLOWED: break;
|
| case ACCESS_ABSENT: return heap->undefined_value();
|
| }
|
|
|
| PropertyAttributes attrs = obj->GetLocalPropertyAttribute(*name);
|
| - if (attrs == ABSENT) return heap->undefined_value();
|
| + if (attrs == ABSENT) {
|
| + RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
| + return heap->undefined_value();
|
| + }
|
| AccessorPair* raw_accessors = obj->GetLocalPropertyAccessorPair(*name);
|
| Handle<AccessorPair> accessors(raw_accessors, isolate);
|
|
|
| @@ -1670,9 +1669,13 @@ static MaybeObject* GetOwnProperty(Isolate* isolate,
|
| Object* setter = accessors->GetComponent(ACCESSOR_SETTER);
|
| if (!getter->IsMap() && CheckPropertyAccess(*obj, *name, v8::ACCESS_GET)) {
|
| elms->set(GETTER_INDEX, getter);
|
| + } else {
|
| + RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
| }
|
| if (!setter->IsMap() && CheckPropertyAccess(*obj, *name, v8::ACCESS_SET)) {
|
| elms->set(SETTER_INDEX, setter);
|
| + } else {
|
| + RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
| }
|
| }
|
|
|
| @@ -4813,6 +4816,7 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_DefineOrRedefineAccessorProperty) {
|
|
|
| bool fast = obj->HasFastProperties();
|
| JSObject::DefineAccessor(obj, name, getter, setter, attr);
|
| + RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
| if (fast) JSObject::TransformToFastProperties(obj, 0);
|
| return isolate->heap()->undefined_value();
|
| }
|
| @@ -5339,9 +5343,9 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_DeleteProperty) {
|
| }
|
|
|
|
|
| -static Object* HasLocalPropertyImplementation(Isolate* isolate,
|
| - Handle<JSObject> object,
|
| - Handle<Name> key) {
|
| +static MaybeObject* HasLocalPropertyImplementation(Isolate* isolate,
|
| + Handle<JSObject> object,
|
| + Handle<Name> key) {
|
| if (object->HasLocalProperty(*key)) return isolate->heap()->true_value();
|
| // Handle hidden prototypes. If there's a hidden prototype above this thing
|
| // then we have to check it for properties, because they are supposed to
|
| @@ -5353,6 +5357,7 @@ static Object* HasLocalPropertyImplementation(Isolate* isolate,
|
| Handle<JSObject>::cast(proto),
|
| key);
|
| }
|
| + RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
| return isolate->heap()->false_value();
|
| }
|
|
|
| @@ -5372,8 +5377,11 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_HasLocalProperty) {
|
| // Fast case: either the key is a real named property or it is not
|
| // an array index and there are no interceptors or hidden
|
| // prototypes.
|
| - if (object->HasRealNamedProperty(isolate, key))
|
| + if (object->HasRealNamedProperty(isolate, key)) {
|
| return isolate->heap()->true_value();
|
| + } else {
|
| + RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
| + }
|
| Map* map = object->map();
|
| if (!key_is_array_index &&
|
| !map->has_named_interceptor() &&
|
| @@ -5403,6 +5411,7 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_HasProperty) {
|
| CONVERT_ARG_CHECKED(Name, key, 1);
|
|
|
| bool result = receiver->HasProperty(key);
|
| + RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
| if (isolate->has_pending_exception()) return Failure::Exception();
|
| return isolate->heap()->ToBoolean(result);
|
| }
|
| @@ -5415,6 +5424,7 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_HasElement) {
|
| CONVERT_SMI_ARG_CHECKED(index, 1);
|
|
|
| bool result = receiver->HasElement(index);
|
| + RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
| if (isolate->has_pending_exception()) return Failure::Exception();
|
| return isolate->heap()->ToBoolean(result);
|
| }
|
| @@ -5428,7 +5438,11 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_IsPropertyEnumerable) {
|
| CONVERT_ARG_CHECKED(Name, key, 1);
|
|
|
| PropertyAttributes att = object->GetLocalPropertyAttribute(key);
|
| - return isolate->heap()->ToBoolean(att != ABSENT && (att & DONT_ENUM) == 0);
|
| + if (att == ABSENT || (att & DONT_ENUM) != 0) {
|
| + RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
| + return isolate->heap()->false_value();
|
| + }
|
| + return isolate->heap()->true_value();
|
| }
|
|
|
|
|
| @@ -5506,6 +5520,7 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_GetLocalPropertyNames) {
|
| isolate->heap()->undefined_value(),
|
| v8::ACCESS_KEYS)) {
|
| isolate->ReportFailedAccessCheck(*obj, v8::ACCESS_KEYS);
|
| + RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
| return *isolate->factory()->NewJSArray(0);
|
| }
|
| obj = Handle<JSObject>(JSObject::cast(obj->GetPrototype()));
|
| @@ -5525,6 +5540,7 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_GetLocalPropertyNames) {
|
| isolate->heap()->undefined_value(),
|
| v8::ACCESS_KEYS)) {
|
| isolate->ReportFailedAccessCheck(*jsproto, v8::ACCESS_KEYS);
|
| + RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
| return *isolate->factory()->NewJSArray(0);
|
| }
|
| int n;
|
| @@ -5651,6 +5667,7 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_LocalKeys) {
|
| !isolate->MayNamedAccess(*object, isolate->heap()->undefined_value(),
|
| v8::ACCESS_KEYS)) {
|
| isolate->ReportFailedAccessCheck(*object, v8::ACCESS_KEYS);
|
| + RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
| return *isolate->factory()->NewJSArray(0);
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 19053002:
Promote exceptions thrown inside failed-access-check callback. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge