Chromium Code Reviews Chromium Code Reviews
Issue 2082633002:
Make sure api interceptors don't change the store target w/o storing (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2015 the V8 project authors. All rights reserved. | 1 // Copyright 2015 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/objects.h" | 5 #include "src/objects.h" |
| 6 | 6 |
| 7 #include <cmath> | 7 #include <cmath> |
| 8 #include <iomanip> | 8 #include <iomanip> |
| 9 #include <sstream> | 9 #include <sstream> |
| 10 | 10 |
| (...skipping 4289 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 4300 if (it->HasAccess()) break; | 4300 if (it->HasAccess()) break; |
| 4301 // Check whether it makes sense to reuse the lookup iterator. Here it | 4301 // Check whether it makes sense to reuse the lookup iterator. Here it |
| 4302 // might still call into setters up the prototype chain. | 4302 // might still call into setters up the prototype chain. |
| 4303 return JSObject::SetPropertyWithFailedAccessCheck(it, value, | 4303 return JSObject::SetPropertyWithFailedAccessCheck(it, value, |
| 4304 should_throw); | 4304 should_throw); |
| 4305 | 4305 |
| 4306 case LookupIterator::JSPROXY: | 4306 case LookupIterator::JSPROXY: |
| 4307 return JSProxy::SetProperty(it->GetHolder<JSProxy>(), it->GetName(), | 4307 return JSProxy::SetProperty(it->GetHolder<JSProxy>(), it->GetName(), |
| 4308 value, it->GetReceiver(), language_mode); | 4308 value, it->GetReceiver(), language_mode); |
| 4309 | 4309 |
| 4310 case LookupIterator::INTERCEPTOR: | 4310 case LookupIterator::INTERCEPTOR: { |
| 4311 Handle<Map> store_target_map = | |
| 4312 handle(it->GetStoreTarget()->map(), it->isolate()); | |
| 4311 if (it->HolderIsReceiverOrHiddenPrototype()) { | 4313 if (it->HolderIsReceiverOrHiddenPrototype()) { |
| 4312 Maybe<bool> result = | 4314 Maybe<bool> result = |
| 4313 JSObject::SetPropertyWithInterceptor(it, should_throw, value); | 4315 JSObject::SetPropertyWithInterceptor(it, should_throw, value); |
| 4314 if (result.IsNothing() || result.FromJust()) return result; | 4316 if (result.IsNothing() || result.FromJust()) return result; |
| 4317 // Interceptor modified the store target but failed to set the | |
| 4318 // property. | |
| 4319 Utils::ApiCheck(*store_target_map == it->GetStoreTarget()->map(), | |
| 4320 it->IsElement() ? "v8::IndexedPropertySetterCallback" | |
| 4321 : "v8::NamedPropertySetterCallback", | |
| 4322 "Interceptor silently changed store target."); | |
| 4315 } else { | 4323 } else { |
| 4316 Maybe<PropertyAttributes> maybe_attributes = | 4324 Maybe<PropertyAttributes> maybe_attributes = |
| 4317 JSObject::GetPropertyAttributesWithInterceptor(it); | 4325 JSObject::GetPropertyAttributesWithInterceptor(it); |
| 4318 if (!maybe_attributes.IsJust()) return Nothing<bool>(); | 4326 if (!maybe_attributes.IsJust()) return Nothing<bool>(); |
| 4319 if (maybe_attributes.FromJust() == ABSENT) break; | 4327 if (maybe_attributes.FromJust() == ABSENT) break; |
|
Toon Verwaest
2016/06/21 14:48:15
You break out here already if it's absent. The che
| |
| 4320 if ((maybe_attributes.FromJust() & READ_ONLY) != 0) { | 4328 if ((maybe_attributes.FromJust() & READ_ONLY) != 0) { |
| 4321 return WriteToReadOnlyProperty(it, value, should_throw); | 4329 return WriteToReadOnlyProperty(it, value, should_throw); |
| 4322 } | 4330 } |
| 4331 // Interceptor modified the store target but failed to set the | |
| 4332 // property. | |
| 4333 Utils::ApiCheck(*store_target_map == it->GetStoreTarget()->map(), | |
| 4334 it->IsElement() ? "v8::IndexedPropertySetterCallback" | |
| 4335 : "v8::NamedPropertySetterCallback", | |
| 4336 "Interceptor silently changed store target."); | |
| 4323 *found = false; | 4337 *found = false; |
| 4324 return Nothing<bool>(); | 4338 return Nothing<bool>(); |
| 4325 } | 4339 } |
| 4326 break; | 4340 break; |
| 4341 } | |
| 4327 | 4342 |
| 4328 case LookupIterator::ACCESSOR: { | 4343 case LookupIterator::ACCESSOR: { |
| 4329 if (it->IsReadOnly()) { | 4344 if (it->IsReadOnly()) { |
| 4330 return WriteToReadOnlyProperty(it, value, should_throw); | 4345 return WriteToReadOnlyProperty(it, value, should_throw); |
| 4331 } | 4346 } |
| 4332 Handle<Object> accessors = it->GetAccessors(); | 4347 Handle<Object> accessors = it->GetAccessors(); |
| 4333 if (accessors->IsAccessorInfo() && | 4348 if (accessors->IsAccessorInfo() && |
| 4334 !it->HolderIsReceiverOrHiddenPrototype() && | 4349 !it->HolderIsReceiverOrHiddenPrototype() && |
| 4335 AccessorInfo::cast(*accessors)->is_special_data_property()) { | 4350 AccessorInfo::cast(*accessors)->is_special_data_property()) { |
| 4336 *found = false; | 4351 *found = false; |
| (...skipping 14521 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 18858 if (cell->value() != *new_value) { | 18873 if (cell->value() != *new_value) { |
| 18859 cell->set_value(*new_value); | 18874 cell->set_value(*new_value); |
| 18860 Isolate* isolate = cell->GetIsolate(); | 18875 Isolate* isolate = cell->GetIsolate(); |
| 18861 cell->dependent_code()->DeoptimizeDependentCodeGroup( | 18876 cell->dependent_code()->DeoptimizeDependentCodeGroup( |
| 18862 isolate, DependentCode::kPropertyCellChangedGroup); | 18877 isolate, DependentCode::kPropertyCellChangedGroup); |
| 18863 } | 18878 } |
| 18864 } | 18879 } |
| 18865 | 18880 |
| 18866 } // namespace internal | 18881 } // namespace internal |
| 18867 } // namespace v8 | 18882 } // namespace v8 |
| OLD | NEW |
