Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(148)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/runtime.cc

Issue 240973002: Harden DefineOrRedefineDataProperty. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: return undefined to match v8natives.js Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 5093 matching lines...) Expand 10 before | Expand all | Expand 10 after
5104 CONVERT_ARG_HANDLE_CHECKED(Name, name, 1); 5104 CONVERT_ARG_HANDLE_CHECKED(Name, name, 1);
5105 CONVERT_ARG_HANDLE_CHECKED(Object, getter, 2); 5105 CONVERT_ARG_HANDLE_CHECKED(Object, getter, 2);
5106 RUNTIME_ASSERT(IsValidAccessor(getter)); 5106 RUNTIME_ASSERT(IsValidAccessor(getter));
5107 CONVERT_ARG_HANDLE_CHECKED(Object, setter, 3); 5107 CONVERT_ARG_HANDLE_CHECKED(Object, setter, 3);
5108 RUNTIME_ASSERT(IsValidAccessor(setter)); 5108 RUNTIME_ASSERT(IsValidAccessor(setter));
5109 CONVERT_SMI_ARG_CHECKED(unchecked, 4); 5109 CONVERT_SMI_ARG_CHECKED(unchecked, 4);
5110 RUNTIME_ASSERT((unchecked & ~(READ_ONLY | DONT_ENUM | DONT_DELETE)) == 0); 5110 RUNTIME_ASSERT((unchecked & ~(READ_ONLY | DONT_ENUM | DONT_DELETE)) == 0);
5111 PropertyAttributes attr = static_cast<PropertyAttributes>(unchecked); 5111 PropertyAttributes attr = static_cast<PropertyAttributes>(unchecked);
5112 5112
5113 bool fast = obj->HasFastProperties(); 5113 bool fast = obj->HasFastProperties();
5114 // DefineAccessor checks access rights.
5114 JSObject::DefineAccessor(obj, name, getter, setter, attr); 5115 JSObject::DefineAccessor(obj, name, getter, setter, attr);
5115 RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate); 5116 RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
5116 if (fast) JSObject::TransformToFastProperties(obj, 0); 5117 if (fast) JSObject::TransformToFastProperties(obj, 0);
5117 return isolate->heap()->undefined_value(); 5118 return isolate->heap()->undefined_value();
5118 } 5119 }
5119 5120
5120 5121
5121 // Implements part of 8.12.9 DefineOwnProperty. 5122 // Implements part of 8.12.9 DefineOwnProperty.
5122 // There are 3 cases that lead here: 5123 // There are 3 cases that lead here:
5123 // Step 4a - define a new data property. 5124 // Step 4a - define a new data property.
5124 // Steps 9b & 12 - replace an existing accessor property with a data property. 5125 // Steps 9b & 12 - replace an existing accessor property with a data property.
5125 // Step 12 - update an existing data property with a data or generic 5126 // Step 12 - update an existing data property with a data or generic
5126 // descriptor. 5127 // descriptor.
5127 RUNTIME_FUNCTION(MaybeObject*, Runtime_DefineOrRedefineDataProperty) { 5128 RUNTIME_FUNCTION(MaybeObject*, Runtime_DefineOrRedefineDataProperty) {
5128 HandleScope scope(isolate); 5129 HandleScope scope(isolate);
5129 ASSERT(args.length() == 4); 5130 ASSERT(args.length() == 4);
5130 CONVERT_ARG_HANDLE_CHECKED(JSObject, js_object, 0); 5131 CONVERT_ARG_HANDLE_CHECKED(JSObject, js_object, 0);
5131 CONVERT_ARG_HANDLE_CHECKED(Name, name, 1); 5132 CONVERT_ARG_HANDLE_CHECKED(Name, name, 1);
5132 CONVERT_ARG_HANDLE_CHECKED(Object, obj_value, 2); 5133 CONVERT_ARG_HANDLE_CHECKED(Object, obj_value, 2);
5133 CONVERT_SMI_ARG_CHECKED(unchecked, 3); 5134 CONVERT_SMI_ARG_CHECKED(unchecked, 3);
5134 RUNTIME_ASSERT((unchecked & ~(READ_ONLY | DONT_ENUM | DONT_DELETE)) == 0); 5135 RUNTIME_ASSERT((unchecked & ~(READ_ONLY | DONT_ENUM | DONT_DELETE)) == 0);
5135 PropertyAttributes attr = static_cast<PropertyAttributes>(unchecked); 5136 PropertyAttributes attr = static_cast<PropertyAttributes>(unchecked);
5136 5137
5138 // Check access rights if needed.
5139 if (js_object->IsAccessCheckNeeded() &&
5140 !isolate->MayNamedAccess(js_object, name, v8::ACCESS_SET)) {
5141 return isolate->heap()->undefined_value();
5142 }
5143
5137 LookupResult lookup(isolate); 5144 LookupResult lookup(isolate);
5138 js_object->LocalLookupRealNamedProperty(*name, &lookup); 5145 js_object->LocalLookupRealNamedProperty(*name, &lookup);
5139 5146
5140 // Special case for callback properties. 5147 // Special case for callback properties.
5141 if (lookup.IsPropertyCallbacks()) { 5148 if (lookup.IsPropertyCallbacks()) {
5142 Handle<Object> callback(lookup.GetCallbackObject(), isolate); 5149 Handle<Object> callback(lookup.GetCallbackObject(), isolate);
5143 // To be compatible with Safari we do not change the value on API objects 5150 // To be compatible with Safari we do not change the value on API objects
5144 // in Object.defineProperty(). Firefox disagrees here, and actually changes 5151 // in Object.defineProperty(). Firefox disagrees here, and actually changes
5145 // the value. 5152 // the value.
5146 if (callback->IsAccessorInfo()) { 5153 if (callback->IsAccessorInfo()) {
(...skipping 9961 matching lines...) Expand 10 before | Expand all | Expand 10 after
15108 } 15115 }
15109 } 15116 }
15110 15117
15111 15118
15112 void Runtime::OutOfMemory() { 15119 void Runtime::OutOfMemory() {
15113 Heap::FatalProcessOutOfMemory("CALL_AND_RETRY_LAST", true); 15120 Heap::FatalProcessOutOfMemory("CALL_AND_RETRY_LAST", true);
15114 UNREACHABLE(); 15121 UNREACHABLE();
15115 } 15122 }
15116 15123
15117 } } // namespace v8::internal 15124 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698