Tighten OpenHandle's extra checks.

src/objects.cc

 // Copyright 2013 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 6404 matching lines @@
       ASSIGN_RETURN_ON_EXCEPTION(
           isolate, names,
           Execution::Call(isolate,
                           isolate->proxy_enumerate(),
                           object,
                           ARRAY_SIZE(args),
                           args),
           FixedArray);
       ASSIGN_RETURN_ON_EXCEPTION(
           isolate, content,
-          FixedArray::AddKeysFromJSArray(
-              content, Handle<JSArray>::cast(names)),
+          FixedArray::AddKeysFromArrayLike(
+              content, Handle<JSObject>::cast(names)),
           FixedArray);
       break;
     }
 
     Handle<JSObject> current(JSObject::cast(*p), isolate);
 
     // Check access rights if required.
     if (current->IsAccessCheckNeeded() &&
         !isolate->MayNamedAccess(
             current, isolate->factory()->undefined_value(), v8::ACCESS_KEYS)) {
       isolate->ReportFailedAccessCheck(current, v8::ACCESS_KEYS);
       RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, FixedArray);
       break;
     }
 
     // Compute the element keys.
     Handle<FixedArray> element_keys =
         isolate->factory()->NewFixedArray(current->NumberOfEnumElements());
     current->GetEnumElementKeys(*element_keys);
     ASSIGN_RETURN_ON_EXCEPTION(
         isolate, content,
         FixedArray::UnionOfKeys(content, element_keys),
         FixedArray);
     ASSERT(ContainsOnlyValidKeys(content));
 
     // Add the element keys from the interceptor.
     if (current->HasIndexedInterceptor()) {
-      Handle<JSArray> result;
+      Handle<JSObject> result;
       if (JSObject::GetKeysForIndexedInterceptor(
               current, object).ToHandle(&result)) {
         ASSIGN_RETURN_ON_EXCEPTION(
             isolate, content,
-            FixedArray::AddKeysFromJSArray(content, result),
+            FixedArray::AddKeysFromArrayLike(content, result),
             FixedArray);
       }
       ASSERT(ContainsOnlyValidKeys(content));
     }
 
     // We can cache the computed property keys if access checks are
     // not needed and no interceptors are involved.
     //
     // We do not use the cache if the object has elements and
     // therefore it does not make sense to cache the property names
@@ skipping 11 matching lines @@
     // Compute the property keys and cache them if possible.
     ASSIGN_RETURN_ON_EXCEPTION(
         isolate, content,
         FixedArray::UnionOfKeys(
             content, GetEnumPropertyKeys(current, cache_enum_keys)),
         FixedArray);
     ASSERT(ContainsOnlyValidKeys(content));
 
     // Add the property keys from the interceptor.
     if (current->HasNamedInterceptor()) {
-      Handle<JSArray> result;
+      Handle<JSObject> result;
       if (JSObject::GetKeysForNamedInterceptor(
               current, object).ToHandle(&result)) {
         ASSIGN_RETURN_ON_EXCEPTION(
             isolate, content,
-            FixedArray::AddKeysFromJSArray(content, result),
+            FixedArray::AddKeysFromArrayLike(content, result),
             FixedArray);
       }
       ASSERT(ContainsOnlyValidKeys(content));
     }
 
     // If we only want local properties we bail out after the first
     // iteration.
     if (type == LOCAL_ONLY) break;
   }
   return content;
@@ skipping 1717 matching lines @@
 
 void FixedArray::Shrink(int new_length) {
   ASSERT(0 <= new_length && new_length <= length());
   if (new_length < length()) {
     RightTrimFixedArray<Heap::FROM_MUTATOR>(
         GetHeap(), this, length() - new_length);
   }
 }
 
 
-MaybeHandle<FixedArray> FixedArray::AddKeysFromJSArray(
+MaybeHandle<FixedArray> FixedArray::AddKeysFromArrayLike(
     Handle<FixedArray> content,
-    Handle<JSArray> array) {
+    Handle<JSObject> array) {
+  ASSERT(array->IsJSArray() || array->HasSloppyArgumentsElements());
   ElementsAccessor* accessor = array->GetElementsAccessor();
   Handle<FixedArray> result;
   ASSIGN_RETURN_ON_EXCEPTION(
       array->GetIsolate(), result,
       accessor->AddElementsToFixedArray(array, array, content),
       FixedArray);
 
 #ifdef ENABLE_SLOW_ASSERTS
   if (FLAG_enable_slow_asserts) {
     DisallowHeapAllocation no_allocation;
@@ skipping 5651 matching lines @@
       return handle(*result_internal, isolate);
     }
   }
 
   return GetPropertyPostInterceptor(object, receiver, name, attributes);
 }
 
 
 // Compute the property keys from the interceptor.
 // TODO(rossberg): support symbols in API, and filter here if needed.
-MaybeHandle<JSArray> JSObject::GetKeysForNamedInterceptor(
+MaybeHandle<JSObject> JSObject::GetKeysForNamedInterceptor(
     Handle<JSObject> object, Handle<JSReceiver> receiver) {
   Isolate* isolate = receiver->GetIsolate();
   Handle<InterceptorInfo> interceptor(object->GetNamedInterceptor());
   PropertyCallbackArguments
       args(isolate, interceptor->data(), *receiver, *object);
-  v8::Handle<v8::Array> result;
+  v8::Handle<v8::Object> result;
   if (!interceptor->enumerator()->IsUndefined()) {
     v8::NamedPropertyEnumeratorCallback enum_fun =
         v8::ToCData<v8::NamedPropertyEnumeratorCallback>(
             interceptor->enumerator());
     LOG(isolate, ApiObjectAccess("interceptor-named-enum", *object));
     result = args.Call(enum_fun);
   }
-  if (result.IsEmpty()) return MaybeHandle<JSArray>();
+  if (result.IsEmpty()) return MaybeHandle<JSObject>();
 #if ENABLE_EXTRA_CHECKS
-  CHECK(v8::Utils::OpenHandle(*result)->IsJSObject());
+  CHECK(v8::Utils::OpenHandle(*result)->IsJSArray() ||
+        v8::Utils::OpenHandle(*result)->HasSloppyArgumentsElements());
 #endif
   // Rebox before returning.
   return handle(*v8::Utils::OpenHandle(*result), isolate);
 }
 
 
 // Compute the element keys from the interceptor.
-MaybeHandle<JSArray> JSObject::GetKeysForIndexedInterceptor(
+MaybeHandle<JSObject> JSObject::GetKeysForIndexedInterceptor(
     Handle<JSObject> object, Handle<JSReceiver> receiver) {
   Isolate* isolate = receiver->GetIsolate();
   Handle<InterceptorInfo> interceptor(object->GetIndexedInterceptor());
   PropertyCallbackArguments
       args(isolate, interceptor->data(), *receiver, *object);
-  v8::Handle<v8::Array> result;
+  v8::Handle<v8::Object> result;
   if (!interceptor->enumerator()->IsUndefined()) {
     v8::IndexedPropertyEnumeratorCallback enum_fun =
         v8::ToCData<v8::IndexedPropertyEnumeratorCallback>(
             interceptor->enumerator());
     LOG(isolate, ApiObjectAccess("interceptor-indexed-enum", *object));
     result = args.Call(enum_fun);
   }
-  if (result.IsEmpty()) return MaybeHandle<JSArray>();
+  if (result.IsEmpty()) return MaybeHandle<JSObject>();
 #if ENABLE_EXTRA_CHECKS
-  CHECK(v8::Utils::OpenHandle(*result)->IsJSObject());
+  CHECK(v8::Utils::OpenHandle(*result)->IsJSArray() ||
+        v8::Utils::OpenHandle(*result)->HasSloppyArgumentsElements());
 #endif
   // Rebox before returning.
   return handle(*v8::Utils::OpenHandle(*result), isolate);
 }
 
 
 bool JSObject::HasRealNamedProperty(Handle<JSObject> object,
                                     Handle<Name> key) {
   Isolate* isolate = object->GetIsolate();
   SealHandleScope shs(isolate);
@@ skipping 3396 matching lines @@
 #define ERROR_MESSAGES_TEXTS(C, T) T,
   static const char* error_messages_[] = {
       ERROR_MESSAGES_LIST(ERROR_MESSAGES_TEXTS)
   };
 #undef ERROR_MESSAGES_TEXTS
   return error_messages_[reason];
 }
 
 
 } }  // namespace v8::internal