Enable visibility and security checks for builtin exit frames

src/isolate.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/isolate.h"
 
 #include <stdlib.h>
 
 #include <fstream>  // NOLINT(readability/streams)
 #include <sstream>
@@ skipping 294 matching lines @@
   uint8_t buffer[kMaxStackTraceSize];
   int length = Min(kMaxStackTraceSize - 1, trace->length());
   String::WriteToFlat(*trace, buffer, 0, length);
   buffer[length] = '\0';
   // TODO(dcarney): convert buffer to utf8?
   base::OS::PrintError("Stacktrace (%x-%x) %p %p: %s\n", magic, magic2, ptr1,
                        ptr2, reinterpret_cast<char*>(buffer));
   base::OS::Abort();
 }
 
-
-// Determines whether the given stack frame should be displayed in
-// a stack trace.  The caller is the error constructor that asked
-// for the stack trace to be collected.  The first time a construct
-// call to this function is encountered it is skipped.  The seen_caller
-// in/out parameter is used to remember if the caller has been seen
-// yet.
-static bool IsVisibleInStackTrace(JSFunction* fun,
-                                  Object* caller,
-                                  bool* seen_caller) {
-  if ((fun == caller) && !(*seen_caller)) {
-    *seen_caller = true;
-    return false;
-  }
-  // Skip all frames until we've seen the caller.
-  if (!(*seen_caller)) return false;
-  // Functions defined in native scripts are not visible unless directly
-  // exposed, in which case the native flag is set.
-  // The --builtins-in-stack-traces command line flag allows including
-  // internal call sites in the stack trace for debugging purposes.
-  if (!FLAG_builtins_in_stack_traces && fun->shared()->IsBuiltin()) {
-    return fun->shared()->native();
-  }
-  return true;
-}
-
 static Handle<FixedArray> MaybeGrow(Isolate* isolate,
                                     Handle<FixedArray> elements,
                                     int cur_position, int new_size) {
   if (new_size > elements->length()) {
     int new_capacity = JSObject::NewElementsCapacity(elements->length());
     Handle<FixedArray> new_elements =
         isolate->factory()->NewFixedArrayWithHoles(new_capacity);
     for (int i = 0; i < cur_position; i++) {
       new_elements->set(i, elements->get(i));
     }
     elements = new_elements;
   }
   DCHECK(new_size <= elements->length());
   return elements;
 }
 
+class StackTraceHelper {
+ public:
+  StackTraceHelper(Isolate* isolate, Handle<Object> caller)
+      : isolate_(isolate), caller_(caller) {
+    // If the caller parameter is a function we skip frames until we're
+    // under it before starting to collect.
+    seen_caller_ = !caller->IsJSFunction();
+    encountered_strict_function_ = false;
+    sloppy_frames_ = 0;
+  }
+
+  // The stack trace API should not expose receivers and function
+  // objects on frames deeper than the top-most one with a strict mode
+  // function. The number of sloppy frames is stored as first element in
+  // the result array.
+  void CountSloppyFrames(JSFunction* fun) {
+    if (!encountered_strict_function_) {
+      if (is_strict(fun->shared()->language_mode())) {
+        encountered_strict_function_ = true;
+      } else {
+        sloppy_frames_++;
+      }
+    }
+  }
+
+  // Determines whether the given stack frame should be displayed in a stack
+  // trace.
+  bool IsVisibleInStackTrace(JSFunction* fun) {
+    return IsAfterCaller(fun) && IsNotInNativeScript(fun) &&
+           IsInSameSecurityContext(fun);
+  }
+
+  int sloppy_frames() const { return sloppy_frames_; }
+
+ private:
+  // The caller is the error constructor that asked
+  // for the stack trace to be collected.  The first time a construct
+  // call to this function is encountered it is skipped.  The seen_caller
+  // in/out parameter is used to remember if the caller has been seen
+  // yet.
+  bool IsAfterCaller(JSFunction* fun) {
+    if ((fun == *caller_) && !(seen_caller_)) {
+      seen_caller_ = true;
+      return false;
+    }
+    // Skip all frames until we've seen the caller.
+    if (!seen_caller_) return false;
+    return true;
+  }
+
+  bool IsNotInNativeScript(JSFunction* fun) {
+    // Functions defined in native scripts are not visible unless directly
+    // exposed, in which case the native flag is set.
+    // The --builtins-in-stack-traces command line flag allows including
+    // internal call sites in the stack trace for debugging purposes.
+    if (!FLAG_builtins_in_stack_traces && fun->shared()->IsBuiltin()) {
+      return fun->shared()->native();
+    }
+    return true;
+  }
+
+  bool IsInSameSecurityContext(JSFunction* fun) {
+    return isolate_->context()->HasSameSecurityTokenAs(fun->context());
+  }
+
+  Isolate* isolate_;
+  Handle<Object> caller_;
+
+  bool seen_caller_;
+  int sloppy_frames_;
+  bool encountered_strict_function_;
+};
+
 Handle<Object> Isolate::CaptureSimpleStackTrace(Handle<JSReceiver> error_object,
                                                 Handle<Object> caller) {
   // Get stack trace limit.
   Handle<JSObject> error = error_function();
   Handle<String> stackTraceLimit =
       factory()->InternalizeUtf8String("stackTraceLimit");
   DCHECK(!stackTraceLimit.is_null());
   Handle<Object> stack_trace_limit =
       JSReceiver::GetDataProperty(error, stackTraceLimit);
   if (!stack_trace_limit->IsNumber()) return factory()->undefined_value();
   int limit = FastD2IChecked(stack_trace_limit->Number());
   limit = Max(limit, 0);  // Ensure that limit is not negative.
 
   int initial_size = Min(limit, 10);
   Handle<FixedArray> elements =
       factory()->NewFixedArrayWithHoles(initial_size * 4 + 1);
 
-  // If the caller parameter is a function we skip frames until we're
-  // under it before starting to collect.
-  bool seen_caller = !caller->IsJSFunction();
+  StackTraceHelper helper(this, caller);
+
   // First element is reserved to store the number of sloppy frames.
   int cursor = 1;
   int frames_seen = 0;
-  int sloppy_frames = 0;
-  bool encountered_strict_function = false;
   for (StackFrameIterator iter(this); !iter.done() && frames_seen < limit;
        iter.Advance()) {
     StackFrame* frame = iter.frame();
 
     switch (frame->type()) {
       case StackFrame::JAVA_SCRIPT:
       case StackFrame::OPTIMIZED:
       case StackFrame::INTERPRETED:
       case StackFrame::BUILTIN: {
         JavaScriptFrame* js_frame = JavaScriptFrame::cast(frame);
         // Set initial size to the maximum inlining level + 1 for the outermost
         // function.
         List<FrameSummary> frames(FLAG_max_inlining_levels + 1);
         js_frame->Summarize(&frames);
         for (int i = frames.length() - 1; i >= 0; i--) {
           Handle<JSFunction> fun = frames[i].function();
+
+          // Filter out internal frames that we do not want to show.
+          if (!helper.IsVisibleInStackTrace(*fun)) continue;
+          helper.CountSloppyFrames(*fun);
+
           Handle<Object> recv = frames[i].receiver();
-          // Filter out internal frames that we do not want to show.
-          if (!IsVisibleInStackTrace(*fun, *caller, &seen_caller)) continue;
-          // Filter out frames from other security contexts.
-          if (!this->context()->HasSameSecurityTokenAs(fun->context())) {
-            continue;
-          }
+          Handle<AbstractCode> abstract_code = frames[i].abstract_code();
+          Handle<Smi> offset(Smi::FromInt(frames[i].code_offset()), this);
+
           elements = MaybeGrow(this, elements, cursor, cursor + 4);
-
-          Handle<AbstractCode> abstract_code = frames[i].abstract_code();
-
-          Handle<Smi> offset(Smi::FromInt(frames[i].code_offset()), this);
-          // The stack trace API should not expose receivers and function
-          // objects on frames deeper than the top-most one with a strict mode
-          // function. The number of sloppy frames is stored as first element in
-          // the result array.
-          if (!encountered_strict_function) {
-            if (is_strict(fun->shared()->language_mode())) {
-              encountered_strict_function = true;
-            } else {
-              sloppy_frames++;
-            }
-          }
           elements->set(cursor++, *recv);
           elements->set(cursor++, *fun);
           elements->set(cursor++, *abstract_code);
           elements->set(cursor++, *offset);
           frames_seen++;
         }
       } break;
 
       case StackFrame::BUILTIN_EXIT: {
         BuiltinExitFrame* exit_frame = BuiltinExitFrame::cast(frame);
         Handle<JSFunction> fun = handle(exit_frame->function(), this);
+
+        // Filter out internal frames that we do not want to show.
+        if (!helper.IsVisibleInStackTrace(*fun)) continue;
+        helper.CountSloppyFrames(*fun);
+
         Handle<Code> code = handle(exit_frame->LookupCode(), this);
         int offset =
             static_cast<int>(exit_frame->pc() - code->instruction_start());
 
         // In order to help CallSite::IsConstructor detect builtin constructors,
         // we reuse the receiver field to pass along a special symbol.
         Handle<Object> recv;
         if (exit_frame->IsConstructor()) {
           recv = handle(heap()->call_site_constructor_symbol(), this);
         } else {
@@ skipping 20 matching lines @@
         elements->set(cursor++, Smi::FromInt(wasm_frame->function_index()));
         elements->set(cursor++, *abstract_code);
         elements->set(cursor++, Smi::FromInt(offset));
         frames_seen++;
       } break;
 
       default:
         break;
     }
   }
-  elements->set(0, Smi::FromInt(sloppy_frames));
+  elements->set(0, Smi::FromInt(helper.sloppy_frames()));
   elements->Shrink(cursor);
   Handle<JSArray> result = factory()->NewJSArrayWithElements(elements);
   result->set_length(Smi::FromInt(cursor));
   // TODO(yangguo): Queue this structured stack trace for preprocessing on GC.
   return result;
 }
 
 MaybeHandle<JSReceiver> Isolate::CaptureAndSetDetailedStackTrace(
     Handle<JSReceiver> error_object) {
   if (capture_stack_trace_for_uncaught_exceptions_) {
@@ skipping 2604 matching lines @@
   // Then check whether this scope intercepts.
   if ((flag & intercept_mask_)) {
     intercepted_flags_ |= flag;
     return true;
   }
   return false;
 }
 
 }  // namespace internal
 }  // namespace v8