Chromium Code Reviews Chromium Code Reviews
Issue 234913003:
Allow allocation and GC in access check callbacks. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge| OLD | NEW |
|---|---|
| 1 // Copyright 2013 the V8 project authors. All rights reserved. | 1 // Copyright 2013 the V8 project authors. All rights reserved. |
| 2 // Redistribution and use in source and binary forms, with or without | 2 // Redistribution and use in source and binary forms, with or without |
| 3 // modification, are permitted provided that the following conditions are | 3 // modification, are permitted provided that the following conditions are |
| 4 // met: | 4 // met: |
| 5 // | 5 // |
| 6 // * Redistributions of source code must retain the above copyright | 6 // * Redistributions of source code must retain the above copyright |
| 7 // notice, this list of conditions and the following disclaimer. | 7 // notice, this list of conditions and the following disclaimer. |
| 8 // * Redistributions in binary form must reproduce the above | 8 // * Redistributions in binary form must reproduce the above |
| 9 // copyright notice, this list of conditions and the following | 9 // copyright notice, this list of conditions and the following |
| 10 // disclaimer in the documentation and/or other materials provided | 10 // disclaimer in the documentation and/or other materials provided |
| (...skipping 534 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 545 } | 545 } |
| 546 break; | 546 break; |
| 547 } | 547 } |
| 548 default: | 548 default: |
| 549 UNREACHABLE(); | 549 UNREACHABLE(); |
| 550 } | 550 } |
| 551 } | 551 } |
| 552 | 552 |
| 553 // No accessible property found. | 553 // No accessible property found. |
| 554 *attributes = ABSENT; | 554 *attributes = ABSENT; |
| 555 isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_GET); | 555 isolate->ReportFailedAccessCheck(object, v8::ACCESS_GET); |
| 556 RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); | 556 RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); |
| 557 return isolate->factory()->undefined_value(); | 557 return isolate->factory()->undefined_value(); |
| 558 } | 558 } |
| 559 | 559 |
| 560 | 560 |
| 561 PropertyAttributes JSObject::GetPropertyAttributeWithFailedAccessCheck( | 561 PropertyAttributes JSObject::GetPropertyAttributeWithFailedAccessCheck( |
| 562 Handle<JSObject> object, | 562 Handle<JSObject> object, |
| 563 LookupResult* result, | 563 LookupResult* result, |
| 564 Handle<Name> name, | 564 Handle<Name> name, |
| 565 bool continue_search) { | 565 bool continue_search) { |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 609 return GetPropertyAttributeWithFailedAccessCheck( | 609 return GetPropertyAttributeWithFailedAccessCheck( |
| 610 object, &r, name, continue_search); | 610 object, &r, name, continue_search); |
| 611 } | 611 } |
| 612 | 612 |
| 613 case HANDLER: | 613 case HANDLER: |
| 614 case NONEXISTENT: | 614 case NONEXISTENT: |
| 615 UNREACHABLE(); | 615 UNREACHABLE(); |
| 616 } | 616 } |
| 617 } | 617 } |
| 618 | 618 |
| 619 object->GetIsolate()->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS); | 619 object->GetIsolate()->ReportFailedAccessCheck(object, v8::ACCESS_HAS); |
| 620 return ABSENT; | 620 return ABSENT; |
| 621 } | 621 } |
| 622 | 622 |
| 623 | 623 |
| 624 Object* JSObject::GetNormalizedProperty(const LookupResult* result) { | 624 Object* JSObject::GetNormalizedProperty(const LookupResult* result) { |
| 625 ASSERT(!HasFastProperties()); | 625 ASSERT(!HasFastProperties()); |
| 626 Object* value = property_dictionary()->ValueAt(result->GetDictionaryEntry()); | 626 Object* value = property_dictionary()->ValueAt(result->GetDictionaryEntry()); |
| 627 if (IsGlobalObject()) { | 627 if (IsGlobalObject()) { |
| 628 value = PropertyCell::cast(value)->value(); | 628 value = PropertyCell::cast(value)->value(); |
| 629 } | 629 } |
| (...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 796 : Handle<Object>::cast(factory->null_value()); | 796 : Handle<Object>::cast(factory->null_value()); |
| 797 for (Handle<Object> current = object; | 797 for (Handle<Object> current = object; |
| 798 true; | 798 true; |
| 799 current = Handle<Object>(current->GetPrototype(isolate), isolate)) { | 799 current = Handle<Object>(current->GetPrototype(isolate), isolate)) { |
| 800 if (current->IsAccessCheckNeeded()) { | 800 if (current->IsAccessCheckNeeded()) { |
| 801 // Check if we're allowed to read from the current object. Note | 801 // Check if we're allowed to read from the current object. Note |
| 802 // that even though we may not actually end up loading the named | 802 // that even though we may not actually end up loading the named |
| 803 // property from the current object, we still check that we have | 803 // property from the current object, we still check that we have |
| 804 // access to it. | 804 // access to it. |
| 805 Handle<JSObject> checked = Handle<JSObject>::cast(current); | 805 Handle<JSObject> checked = Handle<JSObject>::cast(current); |
| 806 if (!isolate->MayNamedAccessWrapper(checked, name, v8::ACCESS_GET)) { | 806 if (!isolate->MayNamedAccess(checked, name, v8::ACCESS_GET)) { |
| 807 return JSObject::GetPropertyWithFailedAccessCheck( | 807 return JSObject::GetPropertyWithFailedAccessCheck( |
| 808 checked, receiver, result, name, attributes); | 808 checked, receiver, result, name, attributes); |
| 809 } | 809 } |
| 810 } | 810 } |
| 811 // Stop traversing the chain once we reach the last object in the | 811 // Stop traversing the chain once we reach the last object in the |
| 812 // chain; either the holder of the result or null in case of an | 812 // chain; either the holder of the result or null in case of an |
| 813 // absent property. | 813 // absent property. |
| 814 if (current.is_identical_to(last)) break; | 814 if (current.is_identical_to(last)) break; |
| 815 } | 815 } |
| 816 } | 816 } |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 892 } | 892 } |
| 893 } | 893 } |
| 894 | 894 |
| 895 // Inline the case for JSObjects. Doing so significantly improves the | 895 // Inline the case for JSObjects. Doing so significantly improves the |
| 896 // performance of fetching elements where checking the prototype chain is | 896 // performance of fetching elements where checking the prototype chain is |
| 897 // necessary. | 897 // necessary. |
| 898 Handle<JSObject> js_object = Handle<JSObject>::cast(holder); | 898 Handle<JSObject> js_object = Handle<JSObject>::cast(holder); |
| 899 | 899 |
| 900 // Check access rights if needed. | 900 // Check access rights if needed. |
| 901 if (js_object->IsAccessCheckNeeded()) { | 901 if (js_object->IsAccessCheckNeeded()) { |
| 902 if (!isolate->MayIndexedAccessWrapper(js_object, index, v8::ACCESS_GET)) { | 902 if (!isolate->MayIndexedAccess(js_object, index, v8::ACCESS_GET)) { |
| 903 isolate->ReportFailedAccessCheckWrapper(js_object, v8::ACCESS_GET); | 903 isolate->ReportFailedAccessCheck(js_object, v8::ACCESS_GET); |
| 904 RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); | 904 RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); |
| 905 return isolate->factory()->undefined_value(); | 905 return isolate->factory()->undefined_value(); |
| 906 } | 906 } |
| 907 } | 907 } |
| 908 | 908 |
| 909 if (js_object->HasIndexedInterceptor()) { | 909 if (js_object->HasIndexedInterceptor()) { |
| 910 return JSObject::GetElementWithInterceptor(js_object, receiver, index); | 910 return JSObject::GetElementWithInterceptor(js_object, receiver, index); |
| 911 } | 911 } |
| 912 | 912 |
| 913 if (js_object->elements() != isolate->heap()->empty_fixed_array()) { | 913 if (js_object->elements() != isolate->heap()->empty_fixed_array()) { |
| (...skipping 2474 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3388 break; | 3388 break; |
| 3389 } | 3389 } |
| 3390 default: { | 3390 default: { |
| 3391 break; | 3391 break; |
| 3392 } | 3392 } |
| 3393 } | 3393 } |
| 3394 } | 3394 } |
| 3395 } | 3395 } |
| 3396 | 3396 |
| 3397 Isolate* isolate = object->GetIsolate(); | 3397 Isolate* isolate = object->GetIsolate(); |
| 3398 isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_SET); | 3398 isolate->ReportFailedAccessCheck(object, v8::ACCESS_SET); |
| 3399 RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object); | 3399 RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object); |
| 3400 return value; | 3400 return value; |
| 3401 } | 3401 } |
| 3402 | 3402 |
| 3403 | 3403 |
| 3404 MaybeHandle<Object> JSReceiver::SetProperty(Handle<JSReceiver> object, | 3404 MaybeHandle<Object> JSReceiver::SetProperty(Handle<JSReceiver> object, |
| 3405 LookupResult* result, | 3405 LookupResult* result, |
| 3406 Handle<Name> key, | 3406 Handle<Name> key, |
| 3407 Handle<Object> value, | 3407 Handle<Object> value, |
| 3408 PropertyAttributes attributes, | 3408 PropertyAttributes attributes, |
| (...skipping 529 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3938 // Optimization for 2-byte strings often used as keys in a decompression | 3938 // Optimization for 2-byte strings often used as keys in a decompression |
| 3939 // dictionary. We internalize these short keys to avoid constantly | 3939 // dictionary. We internalize these short keys to avoid constantly |
| 3940 // reallocating them. | 3940 // reallocating them. |
| 3941 if (name->IsString() && !name->IsInternalizedString() && | 3941 if (name->IsString() && !name->IsInternalizedString() && |
| 3942 Handle<String>::cast(name)->length() <= 2) { | 3942 Handle<String>::cast(name)->length() <= 2) { |
| 3943 name = isolate->factory()->InternalizeString(Handle<String>::cast(name)); | 3943 name = isolate->factory()->InternalizeString(Handle<String>::cast(name)); |
| 3944 } | 3944 } |
| 3945 | 3945 |
| 3946 // Check access rights if needed. | 3946 // Check access rights if needed. |
| 3947 if (object->IsAccessCheckNeeded()) { | 3947 if (object->IsAccessCheckNeeded()) { |
| 3948 if (!isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)) { | 3948 if (!isolate->MayNamedAccess(object, name, v8::ACCESS_SET)) { |
| 3949 return SetPropertyWithFailedAccessCheck(object, lookup, name, value, | 3949 return SetPropertyWithFailedAccessCheck(object, lookup, name, value, |
| 3950 true, strict_mode); | 3950 true, strict_mode); |
| 3951 } | 3951 } |
| 3952 } | 3952 } |
| 3953 | 3953 |
| 3954 if (object->IsJSGlobalProxy()) { | 3954 if (object->IsJSGlobalProxy()) { |
| 3955 Handle<Object> proto(object->GetPrototype(), isolate); | 3955 Handle<Object> proto(object->GetPrototype(), isolate); |
| 3956 if (proto->IsNull()) return value; | 3956 if (proto->IsNull()) return value; |
| 3957 ASSERT(proto->IsJSGlobalObject()); | 3957 ASSERT(proto->IsJSGlobalObject()); |
| 3958 return SetPropertyForResult(Handle<JSObject>::cast(proto), | 3958 return SetPropertyForResult(Handle<JSObject>::cast(proto), |
| (...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 4078 AssertNoContextChange ncc(isolate); | 4078 AssertNoContextChange ncc(isolate); |
| 4079 | 4079 |
| 4080 LookupResult lookup(isolate); | 4080 LookupResult lookup(isolate); |
| 4081 object->LocalLookup(*name, &lookup, true); | 4081 object->LocalLookup(*name, &lookup, true); |
| 4082 if (!lookup.IsFound()) { | 4082 if (!lookup.IsFound()) { |
| 4083 object->map()->LookupTransition(*object, *name, &lookup); | 4083 object->map()->LookupTransition(*object, *name, &lookup); |
| 4084 } | 4084 } |
| 4085 | 4085 |
| 4086 // Check access rights if needed. | 4086 // Check access rights if needed. |
| 4087 if (object->IsAccessCheckNeeded()) { | 4087 if (object->IsAccessCheckNeeded()) { |
| 4088 if (!isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)) { | 4088 if (!isolate->MayNamedAccess(object, name, v8::ACCESS_SET)) { |
| 4089 return SetPropertyWithFailedAccessCheck(object, &lookup, name, value, | 4089 return SetPropertyWithFailedAccessCheck(object, &lookup, name, value, |
| 4090 false, SLOPPY); | 4090 false, SLOPPY); |
| 4091 } | 4091 } |
| 4092 } | 4092 } |
| 4093 | 4093 |
| 4094 if (object->IsJSGlobalProxy()) { | 4094 if (object->IsJSGlobalProxy()) { |
| 4095 Handle<Object> proto(object->GetPrototype(), isolate); | 4095 Handle<Object> proto(object->GetPrototype(), isolate); |
| 4096 if (proto->IsNull()) return value; | 4096 if (proto->IsNull()) return value; |
| 4097 ASSERT(proto->IsJSGlobalObject()); | 4097 ASSERT(proto->IsJSGlobalObject()); |
| 4098 return SetLocalPropertyIgnoreAttributes(Handle<JSObject>::cast(proto), | 4098 return SetLocalPropertyIgnoreAttributes(Handle<JSObject>::cast(proto), |
| (...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 4270 PropertyAttributes JSReceiver::GetPropertyAttributeForResult( | 4270 PropertyAttributes JSReceiver::GetPropertyAttributeForResult( |
| 4271 Handle<JSReceiver> object, | 4271 Handle<JSReceiver> object, |
| 4272 Handle<JSReceiver> receiver, | 4272 Handle<JSReceiver> receiver, |
| 4273 LookupResult* lookup, | 4273 LookupResult* lookup, |
| 4274 Handle<Name> name, | 4274 Handle<Name> name, |
| 4275 bool continue_search) { | 4275 bool continue_search) { |
| 4276 // Check access rights if needed. | 4276 // Check access rights if needed. |
| 4277 if (object->IsAccessCheckNeeded()) { | 4277 if (object->IsAccessCheckNeeded()) { |
| 4278 Heap* heap = object->GetHeap(); | 4278 Heap* heap = object->GetHeap(); |
| 4279 Handle<JSObject> obj = Handle<JSObject>::cast(object); | 4279 Handle<JSObject> obj = Handle<JSObject>::cast(object); |
| 4280 if (!heap->isolate()->MayNamedAccessWrapper(obj, name, v8::ACCESS_HAS)) { | 4280 if (!heap->isolate()->MayNamedAccess(obj, name, v8::ACCESS_HAS)) { |
| 4281 return JSObject::GetPropertyAttributeWithFailedAccessCheck( | 4281 return JSObject::GetPropertyAttributeWithFailedAccessCheck( |
| 4282 obj, lookup, name, continue_search); | 4282 obj, lookup, name, continue_search); |
| 4283 } | 4283 } |
| 4284 } | 4284 } |
| 4285 if (lookup->IsFound()) { | 4285 if (lookup->IsFound()) { |
| 4286 switch (lookup->type()) { | 4286 switch (lookup->type()) { |
| 4287 case NORMAL: // fall through | 4287 case NORMAL: // fall through |
| 4288 case FIELD: | 4288 case FIELD: |
| 4289 case CONSTANT: | 4289 case CONSTANT: |
| 4290 case CALLBACKS: | 4290 case CALLBACKS: |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 4323 | 4323 |
| 4324 PropertyAttributes JSObject::GetElementAttributeWithReceiver( | 4324 PropertyAttributes JSObject::GetElementAttributeWithReceiver( |
| 4325 Handle<JSObject> object, | 4325 Handle<JSObject> object, |
| 4326 Handle<JSReceiver> receiver, | 4326 Handle<JSReceiver> receiver, |
| 4327 uint32_t index, | 4327 uint32_t index, |
| 4328 bool continue_search) { | 4328 bool continue_search) { |
| 4329 Isolate* isolate = object->GetIsolate(); | 4329 Isolate* isolate = object->GetIsolate(); |
| 4330 | 4330 |
| 4331 // Check access rights if needed. | 4331 // Check access rights if needed. |
| 4332 if (object->IsAccessCheckNeeded()) { | 4332 if (object->IsAccessCheckNeeded()) { |
| 4333 if (!isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_HAS)) { | 4333 if (!isolate->MayIndexedAccess(object, index, v8::ACCESS_HAS)) { |
| 4334 isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS); | 4334 isolate->ReportFailedAccessCheck(object, v8::ACCESS_HAS); |
| 4335 return ABSENT; | 4335 return ABSENT; |
| 4336 } | 4336 } |
| 4337 } | 4337 } |
| 4338 | 4338 |
| 4339 if (object->IsJSGlobalProxy()) { | 4339 if (object->IsJSGlobalProxy()) { |
| 4340 Handle<Object> proto(object->GetPrototype(), isolate); | 4340 Handle<Object> proto(object->GetPrototype(), isolate); |
| 4341 if (proto->IsNull()) return ABSENT; | 4341 if (proto->IsNull()) return ABSENT; |
| 4342 ASSERT(proto->IsJSGlobalObject()); | 4342 ASSERT(proto->IsJSGlobalObject()); |
| 4343 return JSObject::GetElementAttributeWithReceiver( | 4343 return JSObject::GetElementAttributeWithReceiver( |
| 4344 Handle<JSObject>::cast(proto), receiver, index, continue_search); | 4344 Handle<JSObject>::cast(proto), receiver, index, continue_search); |
| (...skipping 855 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 5200 | 5200 |
| 5201 | 5201 |
| 5202 MaybeHandle<Object> JSObject::DeleteElement(Handle<JSObject> object, | 5202 MaybeHandle<Object> JSObject::DeleteElement(Handle<JSObject> object, |
| 5203 uint32_t index, | 5203 uint32_t index, |
| 5204 DeleteMode mode) { | 5204 DeleteMode mode) { |
| 5205 Isolate* isolate = object->GetIsolate(); | 5205 Isolate* isolate = object->GetIsolate(); |
| 5206 Factory* factory = isolate->factory(); | 5206 Factory* factory = isolate->factory(); |
| 5207 | 5207 |
| 5208 // Check access rights if needed. | 5208 // Check access rights if needed. |
| 5209 if (object->IsAccessCheckNeeded() && | 5209 if (object->IsAccessCheckNeeded() && |
| 5210 !isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_DELETE)) { | 5210 !isolate->MayIndexedAccess(object, index, v8::ACCESS_DELETE)) { |
| 5211 isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_DELETE); | 5211 isolate->ReportFailedAccessCheck(object, v8::ACCESS_DELETE); |
| 5212 RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); | 5212 RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); |
| 5213 return factory->false_value(); | 5213 return factory->false_value(); |
| 5214 } | 5214 } |
| 5215 | 5215 |
| 5216 if (object->IsStringObjectWithCharacterAt(index)) { | 5216 if (object->IsStringObjectWithCharacterAt(index)) { |
| 5217 if (mode == STRICT_DELETION) { | 5217 if (mode == STRICT_DELETION) { |
| 5218 // Deleting a non-configurable property in strict mode. | 5218 // Deleting a non-configurable property in strict mode. |
| 5219 Handle<Object> name = factory->NewNumberFromUint(index); | 5219 Handle<Object> name = factory->NewNumberFromUint(index); |
| 5220 Handle<Object> args[2] = { name, object }; | 5220 Handle<Object> args[2] = { name, object }; |
| 5221 Handle<Object> error = | 5221 Handle<Object> error = |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 5269 | 5269 |
| 5270 MaybeHandle<Object> JSObject::DeleteProperty(Handle<JSObject> object, | 5270 MaybeHandle<Object> JSObject::DeleteProperty(Handle<JSObject> object, |
| 5271 Handle<Name> name, | 5271 Handle<Name> name, |
| 5272 DeleteMode mode) { | 5272 DeleteMode mode) { |
| 5273 Isolate* isolate = object->GetIsolate(); | 5273 Isolate* isolate = object->GetIsolate(); |
| 5274 // ECMA-262, 3rd, 8.6.2.5 | 5274 // ECMA-262, 3rd, 8.6.2.5 |
| 5275 ASSERT(name->IsName()); | 5275 ASSERT(name->IsName()); |
| 5276 | 5276 |
| 5277 // Check access rights if needed. | 5277 // Check access rights if needed. |
| 5278 if (object->IsAccessCheckNeeded() && | 5278 if (object->IsAccessCheckNeeded() && |
| 5279 !isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_DELETE)) { | 5279 !isolate->MayNamedAccess(object, name, v8::ACCESS_DELETE)) { |
| 5280 isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_DELETE); | 5280 isolate->ReportFailedAccessCheck(object, v8::ACCESS_DELETE); |
| 5281 RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); | 5281 RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); |
| 5282 return isolate->factory()->false_value(); | 5282 return isolate->factory()->false_value(); |
| 5283 } | 5283 } |
| 5284 | 5284 |
| 5285 if (object->IsJSGlobalProxy()) { | 5285 if (object->IsJSGlobalProxy()) { |
| 5286 Object* proto = object->GetPrototype(); | 5286 Object* proto = object->GetPrototype(); |
| 5287 if (proto->IsNull()) return isolate->factory()->false_value(); | 5287 if (proto->IsNull()) return isolate->factory()->false_value(); |
| 5288 ASSERT(proto->IsJSGlobalObject()); | 5288 ASSERT(proto->IsJSGlobalObject()); |
| 5289 return JSGlobalObject::DeleteProperty( | 5289 return JSGlobalObject::DeleteProperty( |
| 5290 handle(JSGlobalObject::cast(proto)), name, mode); | 5290 handle(JSGlobalObject::cast(proto)), name, mode); |
| (...skipping 208 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 5499 return false; | 5499 return false; |
| 5500 } | 5500 } |
| 5501 | 5501 |
| 5502 | 5502 |
| 5503 Handle<Object> JSObject::PreventExtensions(Handle<JSObject> object) { | 5503 Handle<Object> JSObject::PreventExtensions(Handle<JSObject> object) { |
| 5504 Isolate* isolate = object->GetIsolate(); | 5504 Isolate* isolate = object->GetIsolate(); |
| 5505 | 5505 |
| 5506 if (!object->map()->is_extensible()) return object; | 5506 if (!object->map()->is_extensible()) return object; |
| 5507 | 5507 |
| 5508 if (object->IsAccessCheckNeeded() && | 5508 if (object->IsAccessCheckNeeded() && |
| 5509 !isolate->MayNamedAccessWrapper(object, | 5509 !isolate->MayNamedAccess( |
| 5510 isolate->factory()->undefined_value(), | 5510 object, isolate->factory()->undefined_value(), v8::ACCESS_KEYS)) { |
| 5511 v8::ACCESS_KEYS)) { | 5511 isolate->ReportFailedAccessCheck(object, v8::ACCESS_KEYS); |
| 5512 isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_KEYS); | |
| 5513 RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); | 5512 RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); |
| 5514 return isolate->factory()->false_value(); | 5513 return isolate->factory()->false_value(); |
| 5515 } | 5514 } |
| 5516 | 5515 |
| 5517 if (object->IsJSGlobalProxy()) { | 5516 if (object->IsJSGlobalProxy()) { |
| 5518 Handle<Object> proto(object->GetPrototype(), isolate); | 5517 Handle<Object> proto(object->GetPrototype(), isolate); |
| 5519 if (proto->IsNull()) return object; | 5518 if (proto->IsNull()) return object; |
| 5520 ASSERT(proto->IsJSGlobalObject()); | 5519 ASSERT(proto->IsJSGlobalObject()); |
| 5521 return PreventExtensions(Handle<JSObject>::cast(proto)); | 5520 return PreventExtensions(Handle<JSObject>::cast(proto)); |
| 5522 } | 5521 } |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 5583 | 5582 |
| 5584 MaybeHandle<Object> JSObject::Freeze(Handle<JSObject> object) { | 5583 MaybeHandle<Object> JSObject::Freeze(Handle<JSObject> object) { |
| 5585 // Freezing sloppy arguments should be handled elsewhere. | 5584 // Freezing sloppy arguments should be handled elsewhere. |
| 5586 ASSERT(!object->HasSloppyArgumentsElements()); | 5585 ASSERT(!object->HasSloppyArgumentsElements()); |
| 5587 ASSERT(!object->map()->is_observed()); | 5586 ASSERT(!object->map()->is_observed()); |
| 5588 | 5587 |
| 5589 if (object->map()->is_frozen()) return object; | 5588 if (object->map()->is_frozen()) return object; |
| 5590 | 5589 |
| 5591 Isolate* isolate = object->GetIsolate(); | 5590 Isolate* isolate = object->GetIsolate(); |
| 5592 if (object->IsAccessCheckNeeded() && | 5591 if (object->IsAccessCheckNeeded() && |
| 5593 !isolate->MayNamedAccessWrapper(object, | 5592 !isolate->MayNamedAccess( |
| 5594 isolate->factory()->undefined_value(), | 5593 object, isolate->factory()->undefined_value(), v8::ACCESS_KEYS)) { |
| 5595 v8::ACCESS_KEYS)) { | 5594 isolate->ReportFailedAccessCheck(object, v8::ACCESS_KEYS); |
| 5596 isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_KEYS); | |
| 5597 RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object); | 5595 RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object); |
|
Igor Sheludko
2014/04/11 17:10:55
While we are here: after majority of calls to Repo
| |
| 5598 return isolate->factory()->false_value(); | 5596 return isolate->factory()->false_value(); |
| 5599 } | 5597 } |
| 5600 | 5598 |
| 5601 if (object->IsJSGlobalProxy()) { | 5599 if (object->IsJSGlobalProxy()) { |
| 5602 Handle<Object> proto(object->GetPrototype(), isolate); | 5600 Handle<Object> proto(object->GetPrototype(), isolate); |
| 5603 if (proto->IsNull()) return object; | 5601 if (proto->IsNull()) return object; |
| 5604 ASSERT(proto->IsJSGlobalObject()); | 5602 ASSERT(proto->IsJSGlobalObject()); |
| 5605 return Freeze(Handle<JSObject>::cast(proto)); | 5603 return Freeze(Handle<JSObject>::cast(proto)); |
| 5606 } | 5604 } |
| 5607 | 5605 |
| (...skipping 632 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 6240 accessors->SetComponents(*getter, *setter); | 6238 accessors->SetComponents(*getter, *setter); |
| 6241 accessors->set_access_flags(access_control); | 6239 accessors->set_access_flags(access_control); |
| 6242 | 6240 |
| 6243 SetPropertyCallback(object, name, accessors, attributes); | 6241 SetPropertyCallback(object, name, accessors, attributes); |
| 6244 } | 6242 } |
| 6245 | 6243 |
| 6246 | 6244 |
| 6247 bool JSObject::CanSetCallback(Handle<JSObject> object, Handle<Name> name) { | 6245 bool JSObject::CanSetCallback(Handle<JSObject> object, Handle<Name> name) { |
| 6248 Isolate* isolate = object->GetIsolate(); | 6246 Isolate* isolate = object->GetIsolate(); |
| 6249 ASSERT(!object->IsAccessCheckNeeded() || | 6247 ASSERT(!object->IsAccessCheckNeeded() || |
| 6250 isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)); | 6248 isolate->MayNamedAccess(object, name, v8::ACCESS_SET)); |
| 6251 | 6249 |
| 6252 // Check if there is an API defined callback object which prohibits | 6250 // Check if there is an API defined callback object which prohibits |
| 6253 // callback overwriting in this object or its prototype chain. | 6251 // callback overwriting in this object or its prototype chain. |
| 6254 // This mechanism is needed for instance in a browser setting, where | 6252 // This mechanism is needed for instance in a browser setting, where |
| 6255 // certain accessors such as window.location should not be allowed | 6253 // certain accessors such as window.location should not be allowed |
| 6256 // to be overwritten because allowing overwriting could potentially | 6254 // to be overwritten because allowing overwriting could potentially |
| 6257 // cause security problems. | 6255 // cause security problems. |
| 6258 LookupResult callback_result(isolate); | 6256 LookupResult callback_result(isolate); |
| 6259 object->LookupCallbackProperty(*name, &callback_result); | 6257 object->LookupCallbackProperty(*name, &callback_result); |
| 6260 if (callback_result.IsFound()) { | 6258 if (callback_result.IsFound()) { |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 6363 | 6361 |
| 6364 void JSObject::DefineAccessor(Handle<JSObject> object, | 6362 void JSObject::DefineAccessor(Handle<JSObject> object, |
| 6365 Handle<Name> name, | 6363 Handle<Name> name, |
| 6366 Handle<Object> getter, | 6364 Handle<Object> getter, |
| 6367 Handle<Object> setter, | 6365 Handle<Object> setter, |
| 6368 PropertyAttributes attributes, | 6366 PropertyAttributes attributes, |
| 6369 v8::AccessControl access_control) { | 6367 v8::AccessControl access_control) { |
| 6370 Isolate* isolate = object->GetIsolate(); | 6368 Isolate* isolate = object->GetIsolate(); |
| 6371 // Check access rights if needed. | 6369 // Check access rights if needed. |
| 6372 if (object->IsAccessCheckNeeded() && | 6370 if (object->IsAccessCheckNeeded() && |
| 6373 !isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)) { | 6371 !isolate->MayNamedAccess(object, name, v8::ACCESS_SET)) { |
| 6374 isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_SET); | 6372 isolate->ReportFailedAccessCheck(object, v8::ACCESS_SET); |
|
Igor Sheludko
2014/04/11 17:10:55
... but here and in some other places we don't. An
Yang
2014/04/14 06:22:51
I know about this, but I have no idea whether this
| |
| 6375 return; | 6373 return; |
| 6376 } | 6374 } |
| 6377 | 6375 |
| 6378 if (object->IsJSGlobalProxy()) { | 6376 if (object->IsJSGlobalProxy()) { |
| 6379 Handle<Object> proto(object->GetPrototype(), isolate); | 6377 Handle<Object> proto(object->GetPrototype(), isolate); |
| 6380 if (proto->IsNull()) return; | 6378 if (proto->IsNull()) return; |
| 6381 ASSERT(proto->IsJSGlobalObject()); | 6379 ASSERT(proto->IsJSGlobalObject()); |
| 6382 DefineAccessor(Handle<JSObject>::cast(proto), | 6380 DefineAccessor(Handle<JSObject>::cast(proto), |
| 6383 name, | 6381 name, |
| 6384 getter, | 6382 getter, |
| (...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 6547 | 6545 |
| 6548 | 6546 |
| 6549 Handle<Object> JSObject::SetAccessor(Handle<JSObject> object, | 6547 Handle<Object> JSObject::SetAccessor(Handle<JSObject> object, |
| 6550 Handle<AccessorInfo> info) { | 6548 Handle<AccessorInfo> info) { |
| 6551 Isolate* isolate = object->GetIsolate(); | 6549 Isolate* isolate = object->GetIsolate(); |
| 6552 Factory* factory = isolate->factory(); | 6550 Factory* factory = isolate->factory(); |
| 6553 Handle<Name> name(Name::cast(info->name())); | 6551 Handle<Name> name(Name::cast(info->name())); |
| 6554 | 6552 |
| 6555 // Check access rights if needed. | 6553 // Check access rights if needed. |
| 6556 if (object->IsAccessCheckNeeded() && | 6554 if (object->IsAccessCheckNeeded() && |
| 6557 !isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)) { | 6555 !isolate->MayNamedAccess(object, name, v8::ACCESS_SET)) { |
| 6558 isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_SET); | 6556 isolate->ReportFailedAccessCheck(object, v8::ACCESS_SET); |
| 6559 RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); | 6557 RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); |
| 6560 return factory->undefined_value(); | 6558 return factory->undefined_value(); |
| 6561 } | 6559 } |
| 6562 | 6560 |
| 6563 if (object->IsJSGlobalProxy()) { | 6561 if (object->IsJSGlobalProxy()) { |
| 6564 Handle<Object> proto(object->GetPrototype(), isolate); | 6562 Handle<Object> proto(object->GetPrototype(), isolate); |
| 6565 if (proto->IsNull()) return object; | 6563 if (proto->IsNull()) return object; |
| 6566 ASSERT(proto->IsJSGlobalObject()); | 6564 ASSERT(proto->IsJSGlobalObject()); |
| 6567 return SetAccessor(Handle<JSObject>::cast(proto), info); | 6565 return SetAccessor(Handle<JSObject>::cast(proto), info); |
| 6568 } | 6566 } |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 6633 Handle<Name> name, | 6631 Handle<Name> name, |
| 6634 AccessorComponent component) { | 6632 AccessorComponent component) { |
| 6635 Isolate* isolate = object->GetIsolate(); | 6633 Isolate* isolate = object->GetIsolate(); |
| 6636 | 6634 |
| 6637 // Make sure that the top context does not change when doing callbacks or | 6635 // Make sure that the top context does not change when doing callbacks or |
| 6638 // interceptor calls. | 6636 // interceptor calls. |
| 6639 AssertNoContextChange ncc(isolate); | 6637 AssertNoContextChange ncc(isolate); |
| 6640 | 6638 |
| 6641 // Check access rights if needed. | 6639 // Check access rights if needed. |
| 6642 if (object->IsAccessCheckNeeded() && | 6640 if (object->IsAccessCheckNeeded() && |
| 6643 !isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_HAS)) { | 6641 !isolate->MayNamedAccess(object, name, v8::ACCESS_HAS)) { |
| 6644 isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS); | 6642 isolate->ReportFailedAccessCheck(object, v8::ACCESS_HAS); |
| 6645 RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); | 6643 RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); |
| 6646 return isolate->factory()->undefined_value(); | 6644 return isolate->factory()->undefined_value(); |
| 6647 } | 6645 } |
| 6648 | 6646 |
| 6649 // Make the lookup and include prototypes. | 6647 // Make the lookup and include prototypes. |
| 6650 uint32_t index = 0; | 6648 uint32_t index = 0; |
| 6651 if (name->AsArrayIndex(&index)) { | 6649 if (name->AsArrayIndex(&index)) { |
| 6652 for (Handle<Object> obj = object; | 6650 for (Handle<Object> obj = object; |
| 6653 !obj->IsNull(); | 6651 !obj->IsNull(); |
| 6654 obj = handle(JSReceiver::cast(*obj)->GetPrototype(), isolate)) { | 6652 obj = handle(JSReceiver::cast(*obj)->GetPrototype(), isolate)) { |
| (...skipping 5847 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 12502 object->HasFixedTypedArrayElements()) { | 12500 object->HasFixedTypedArrayElements()) { |
| 12503 if (!value->IsNumber() && !value->IsUndefined()) { | 12501 if (!value->IsNumber() && !value->IsUndefined()) { |
| 12504 ASSIGN_RETURN_ON_EXCEPTION( | 12502 ASSIGN_RETURN_ON_EXCEPTION( |
| 12505 isolate, value, | 12503 isolate, value, |
| 12506 Execution::ToNumber(isolate, value), Object); | 12504 Execution::ToNumber(isolate, value), Object); |
| 12507 } | 12505 } |
| 12508 } | 12506 } |
| 12509 | 12507 |
| 12510 // Check access rights if needed. | 12508 // Check access rights if needed. |
| 12511 if (object->IsAccessCheckNeeded()) { | 12509 if (object->IsAccessCheckNeeded()) { |
| 12512 if (!isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_SET)) { | 12510 if (!isolate->MayIndexedAccess(object, index, v8::ACCESS_SET)) { |
| 12513 isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_SET); | 12511 isolate->ReportFailedAccessCheck(object, v8::ACCESS_SET); |
| 12514 RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object); | 12512 RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object); |
| 12515 return value; | 12513 return value; |
| 12516 } | 12514 } |
| 12517 } | 12515 } |
| 12518 | 12516 |
| 12519 if (object->IsJSGlobalProxy()) { | 12517 if (object->IsJSGlobalProxy()) { |
| 12520 Handle<Object> proto(object->GetPrototype(), isolate); | 12518 Handle<Object> proto(object->GetPrototype(), isolate); |
| 12521 if (proto->IsNull()) return value; | 12519 if (proto->IsNull()) return value; |
| 12522 ASSERT(proto->IsJSGlobalObject()); | 12520 ASSERT(proto->IsJSGlobalObject()); |
| 12523 return SetElement(Handle<JSObject>::cast(proto), index, value, attributes, | 12521 return SetElement(Handle<JSObject>::cast(proto), index, value, attributes, |
| (...skipping 757 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 13281 return GetPropertyPostInterceptor(object, receiver, name, attributes); | 13279 return GetPropertyPostInterceptor(object, receiver, name, attributes); |
| 13282 } | 13280 } |
| 13283 | 13281 |
| 13284 | 13282 |
| 13285 bool JSObject::HasRealNamedProperty(Handle<JSObject> object, | 13283 bool JSObject::HasRealNamedProperty(Handle<JSObject> object, |
| 13286 Handle<Name> key) { | 13284 Handle<Name> key) { |
| 13287 Isolate* isolate = object->GetIsolate(); | 13285 Isolate* isolate = object->GetIsolate(); |
| 13288 SealHandleScope shs(isolate); | 13286 SealHandleScope shs(isolate); |
| 13289 // Check access rights if needed. | 13287 // Check access rights if needed. |
| 13290 if (object->IsAccessCheckNeeded()) { | 13288 if (object->IsAccessCheckNeeded()) { |
| 13291 if (!isolate->MayNamedAccessWrapper(object, key, v8::ACCESS_HAS)) { | 13289 if (!isolate->MayNamedAccess(object, key, v8::ACCESS_HAS)) { |
| 13292 isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS); | 13290 isolate->ReportFailedAccessCheck(object, v8::ACCESS_HAS); |
|
Igor Sheludko
2014/04/11 17:10:55
Same note here and below.
| |
| 13293 return false; | 13291 return false; |
| 13294 } | 13292 } |
| 13295 } | 13293 } |
| 13296 | 13294 |
| 13297 LookupResult result(isolate); | 13295 LookupResult result(isolate); |
| 13298 object->LocalLookupRealNamedProperty(*key, &result); | 13296 object->LocalLookupRealNamedProperty(*key, &result); |
| 13299 return result.IsFound() && !result.IsInterceptor(); | 13297 return result.IsFound() && !result.IsInterceptor(); |
| 13300 } | 13298 } |
| 13301 | 13299 |
| 13302 | 13300 |
| 13303 bool JSObject::HasRealElementProperty(Handle<JSObject> object, uint32_t index) { | 13301 bool JSObject::HasRealElementProperty(Handle<JSObject> object, uint32_t index) { |
| 13304 Isolate* isolate = object->GetIsolate(); | 13302 Isolate* isolate = object->GetIsolate(); |
| 13305 HandleScope scope(isolate); | 13303 HandleScope scope(isolate); |
| 13306 // Check access rights if needed. | 13304 // Check access rights if needed. |
| 13307 if (object->IsAccessCheckNeeded()) { | 13305 if (object->IsAccessCheckNeeded()) { |
| 13308 if (!isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_HAS)) { | 13306 if (!isolate->MayIndexedAccess(object, index, v8::ACCESS_HAS)) { |
| 13309 isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS); | 13307 isolate->ReportFailedAccessCheck(object, v8::ACCESS_HAS); |
| 13310 return false; | 13308 return false; |
| 13311 } | 13309 } |
| 13312 } | 13310 } |
| 13313 | 13311 |
| 13314 if (object->IsJSGlobalProxy()) { | 13312 if (object->IsJSGlobalProxy()) { |
| 13315 HandleScope scope(isolate); | 13313 HandleScope scope(isolate); |
| 13316 Handle<Object> proto(object->GetPrototype(), isolate); | 13314 Handle<Object> proto(object->GetPrototype(), isolate); |
| 13317 if (proto->IsNull()) return false; | 13315 if (proto->IsNull()) return false; |
| 13318 ASSERT(proto->IsJSGlobalObject()); | 13316 ASSERT(proto->IsJSGlobalObject()); |
| 13319 return HasRealElementProperty(Handle<JSObject>::cast(proto), index); | 13317 return HasRealElementProperty(Handle<JSObject>::cast(proto), index); |
| 13320 } | 13318 } |
| 13321 | 13319 |
| 13322 return GetElementAttributeWithoutInterceptor( | 13320 return GetElementAttributeWithoutInterceptor( |
| 13323 object, object, index, false) != ABSENT; | 13321 object, object, index, false) != ABSENT; |
| 13324 } | 13322 } |
| 13325 | 13323 |
| 13326 | 13324 |
| 13327 bool JSObject::HasRealNamedCallbackProperty(Handle<JSObject> object, | 13325 bool JSObject::HasRealNamedCallbackProperty(Handle<JSObject> object, |
| 13328 Handle<Name> key) { | 13326 Handle<Name> key) { |
| 13329 Isolate* isolate = object->GetIsolate(); | 13327 Isolate* isolate = object->GetIsolate(); |
| 13330 SealHandleScope shs(isolate); | 13328 SealHandleScope shs(isolate); |
| 13331 // Check access rights if needed. | 13329 // Check access rights if needed. |
| 13332 if (object->IsAccessCheckNeeded()) { | 13330 if (object->IsAccessCheckNeeded()) { |
| 13333 if (!isolate->MayNamedAccessWrapper(object, key, v8::ACCESS_HAS)) { | 13331 if (!isolate->MayNamedAccess(object, key, v8::ACCESS_HAS)) { |
| 13334 isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS); | 13332 isolate->ReportFailedAccessCheck(object, v8::ACCESS_HAS); |
| 13335 return false; | 13333 return false; |
| 13336 } | 13334 } |
| 13337 } | 13335 } |
| 13338 | 13336 |
| 13339 LookupResult result(isolate); | 13337 LookupResult result(isolate); |
| 13340 object->LocalLookupRealNamedProperty(*key, &result); | 13338 object->LocalLookupRealNamedProperty(*key, &result); |
| 13341 return result.IsPropertyCallbacks(); | 13339 return result.IsPropertyCallbacks(); |
| 13342 } | 13340 } |
| 13343 | 13341 |
| 13344 | 13342 |
| (...skipping 3134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 16479 #define ERROR_MESSAGES_TEXTS(C, T) T, | 16477 #define ERROR_MESSAGES_TEXTS(C, T) T, |
| 16480 static const char* error_messages_[] = { | 16478 static const char* error_messages_[] = { |
| 16481 ERROR_MESSAGES_LIST(ERROR_MESSAGES_TEXTS) | 16479 ERROR_MESSAGES_LIST(ERROR_MESSAGES_TEXTS) |
| 16482 }; | 16480 }; |
| 16483 #undef ERROR_MESSAGES_TEXTS | 16481 #undef ERROR_MESSAGES_TEXTS |
| 16484 return error_messages_[reason]; | 16482 return error_messages_[reason]; |
| 16485 } | 16483 } |
| 16486 | 16484 |
| 16487 | 16485 |
| 16488 } } // namespace v8::internal | 16486 } } // namespace v8::internal |
| OLD | NEW |
