| OLD | NEW |
|---|
| 1 // Copyright 2014 the V8 project authors. All rights reserved. | 1 // Copyright 2014 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/bootstrapper.h" | 5 #include "src/bootstrapper.h" |
| 6 | 6 |
| 7 #include "src/accessors.h" | 7 #include "src/accessors.h" |
| 8 #include "src/api-natives.h" | 8 #include "src/api-natives.h" |
| 9 #include "src/base/ieee754.h" | 9 #include "src/base/ieee754.h" |
| 10 #include "src/code-stubs.h" | 10 #include "src/code-stubs.h" |
| (...skipping 581 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 592 object_function_map->set_unused_property_fields(unused); | 592 object_function_map->set_unused_property_fields(unused); |
| 593 | 593 |
| 594 native_context()->set_object_function(*object_fun); | 594 native_context()->set_object_function(*object_fun); |
| 595 | 595 |
| 596 // Allocate a new prototype for the object function. | 596 // Allocate a new prototype for the object function. |
| 597 object_function_prototype = | 597 object_function_prototype = |
| 598 factory->NewJSObject(isolate->object_function(), TENURED); | 598 factory->NewJSObject(isolate->object_function(), TENURED); |
| 599 Handle<Map> map = Map::Copy(handle(object_function_prototype->map()), | 599 Handle<Map> map = Map::Copy(handle(object_function_prototype->map()), |
| 600 "EmptyObjectPrototype"); | 600 "EmptyObjectPrototype"); |
| 601 map->set_is_prototype_map(true); | 601 map->set_is_prototype_map(true); |
| 602 // Ban re-setting Object.prototype.__proto__ to prevent Proxy security bug |
| 603 map->set_immutable_proto(true); |
| 602 object_function_prototype->set_map(*map); | 604 object_function_prototype->set_map(*map); |
| 603 | 605 |
| 604 native_context()->set_initial_object_prototype(*object_function_prototype); | 606 native_context()->set_initial_object_prototype(*object_function_prototype); |
| 605 // For bootstrapping set the array prototype to be the same as the object | 607 // For bootstrapping set the array prototype to be the same as the object |
| 606 // prototype, otherwise the missing initial_array_prototype will cause | 608 // prototype, otherwise the missing initial_array_prototype will cause |
| 607 // assertions during startup. | 609 // assertions during startup. |
| 608 native_context()->set_initial_array_prototype(*object_function_prototype); | 610 native_context()->set_initial_array_prototype(*object_function_prototype); |
| 609 Accessors::FunctionSetPrototype(object_fun, object_function_prototype) | 611 Accessors::FunctionSetPrototype(object_fun, object_function_prototype) |
| 610 .Assert(); | 612 .Assert(); |
| 611 } | 613 } |
| (...skipping 3335 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3947 } | 3949 } |
| 3948 | 3950 |
| 3949 | 3951 |
| 3950 // Called when the top-level V8 mutex is destroyed. | 3952 // Called when the top-level V8 mutex is destroyed. |
| 3951 void Bootstrapper::FreeThreadResources() { | 3953 void Bootstrapper::FreeThreadResources() { |
| 3952 DCHECK(!IsActive()); | 3954 DCHECK(!IsActive()); |
| 3953 } | 3955 } |
| 3954 | 3956 |
| 3955 } // namespace internal | 3957 } // namespace internal |
| 3956 } // namespace v8 | 3958 } // namespace v8 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2108203002:
Implement immutable prototype chains (Closed)
Base URL: https://chromium.googlesource.com/v8/v8.git@master