Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(182)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/bootstrapper.cc

Issue 2445333002: Ensure slow properties for simple {__proto__:null} literals. (Closed)
Patch Set: fixing compilation issue Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/ast/compile-time-value.cc ('k') | src/builtins/builtins-constructor-gen.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 the V8 project authors. All rights reserved. 1 // Copyright 2014 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/bootstrapper.h" 5 #include "src/bootstrapper.h"
6 6
7 #include "src/accessors.h" 7 #include "src/accessors.h"
8 #include "src/api-natives.h" 8 #include "src/api-natives.h"
9 #include "src/base/ieee754.h" 9 #include "src/base/ieee754.h"
10 #include "src/code-stubs.h" 10 #include "src/code-stubs.h"
(...skipping 551 matching lines...) Expand 10 before | Expand all | Expand 10 after
562 factory->NewJSObject(isolate->object_function(), TENURED); 562 factory->NewJSObject(isolate->object_function(), TENURED);
563 Handle<Map> map = Map::Copy(handle(object_function_prototype->map()), 563 Handle<Map> map = Map::Copy(handle(object_function_prototype->map()),
564 "EmptyObjectPrototype"); 564 "EmptyObjectPrototype");
565 map->set_is_prototype_map(true); 565 map->set_is_prototype_map(true);
566 // Ban re-setting Object.prototype.__proto__ to prevent Proxy security bug 566 // Ban re-setting Object.prototype.__proto__ to prevent Proxy security bug
567 map->set_immutable_proto(true); 567 map->set_immutable_proto(true);
568 object_function_prototype->set_map(*map); 568 object_function_prototype->set_map(*map);
569 569
570 native_context()->set_initial_object_prototype(*object_function_prototype); 570 native_context()->set_initial_object_prototype(*object_function_prototype);
571 JSFunction::SetPrototype(object_fun, object_function_prototype); 571 JSFunction::SetPrototype(object_fun, object_function_prototype);
572
573 {
574 // Set up slow map for Object.create(null) instances without in-object
575 // properties.
576 Handle<Map> map(object_fun->initial_map(), isolate);
577 map = Map::CopyInitialMapNormalized(map);
578 Map::SetPrototype(map, isolate->factory()->null_value());
579 native_context()->set_slow_object_with_null_prototype_map(*map);
580
581 // Set up slow map for literals with too many properties.
582 map = Map::Copy(map, "slow_object_with_object_prototype_map");
583 Map::SetPrototype(map, object_function_prototype);
584 native_context()->set_slow_object_with_object_prototype_map(*map);
585 }
572 } 586 }
573 587
574 // Allocate the empty function as the prototype for function - ES6 19.2.3 588 // Allocate the empty function as the prototype for function - ES6 19.2.3
575 Handle<Code> code(isolate->builtins()->EmptyFunction()); 589 Handle<Code> code(isolate->builtins()->EmptyFunction());
576 Handle<JSFunction> empty_function = 590 Handle<JSFunction> empty_function =
577 factory->NewFunctionWithoutPrototype(factory->empty_string(), code); 591 factory->NewFunctionWithoutPrototype(factory->empty_string(), code);
578 592
579 // Allocate the function map first and then patch the prototype later 593 // Allocate the function map first and then patch the prototype later
580 Handle<Map> empty_function_map = 594 Handle<Map> empty_function_map =
581 factory->CreateSloppyFunctionMap(FUNCTION_WITHOUT_PROTOTYPE); 595 factory->CreateSloppyFunctionMap(FUNCTION_WITHOUT_PROTOTYPE);
(...skipping 3658 matching lines...) Expand 10 before | Expand all | Expand 10 after
4240 native_context()->set_fast_template_instantiations_cache( 4254 native_context()->set_fast_template_instantiations_cache(
4241 *fast_template_instantiations_cache); 4255 *fast_template_instantiations_cache);
4242 4256
4243 auto slow_template_instantiations_cache = UnseededNumberDictionary::New( 4257 auto slow_template_instantiations_cache = UnseededNumberDictionary::New(
4244 isolate(), ApiNatives::kInitialFunctionCacheSize); 4258 isolate(), ApiNatives::kInitialFunctionCacheSize);
4245 native_context()->set_slow_template_instantiations_cache( 4259 native_context()->set_slow_template_instantiations_cache(
4246 *slow_template_instantiations_cache); 4260 *slow_template_instantiations_cache);
4247 4261
4248 // Store the map for the %ObjectPrototype% after the natives has been compiled 4262 // Store the map for the %ObjectPrototype% after the natives has been compiled
4249 // and the Object function has been set up. 4263 // and the Object function has been set up.
4250 Handle<JSFunction> object_function(native_context()->object_function()); 4264 {
4251 DCHECK(JSObject::cast(object_function->initial_map()->prototype()) 4265 Handle<JSFunction> object_function(native_context()->object_function());
4252 ->HasFastProperties()); 4266 DCHECK(JSObject::cast(object_function->initial_map()->prototype())
4253 native_context()->set_object_function_prototype_map( 4267 ->HasFastProperties());
4254 HeapObject::cast(object_function->initial_map()->prototype())->map()); 4268 native_context()->set_object_function_prototype_map(
4255 4269 HeapObject::cast(object_function->initial_map()->prototype())->map());
4256 // Set up the map for Object.create(null) instances. 4270 }
4257 Handle<Map> slow_object_with_null_prototype_map =
4258 Map::CopyInitialMap(handle(object_function->initial_map(), isolate()));
4259 slow_object_with_null_prototype_map->set_dictionary_map(true);
4260 Map::SetPrototype(slow_object_with_null_prototype_map,
4261 isolate()->factory()->null_value());
4262 native_context()->set_slow_object_with_null_prototype_map(
4263 *slow_object_with_null_prototype_map);
4264 4271
4265 // Store the map for the %StringPrototype% after the natives has been compiled 4272 // Store the map for the %StringPrototype% after the natives has been compiled
4266 // and the String function has been set up. 4273 // and the String function has been set up.
4267 Handle<JSFunction> string_function(native_context()->string_function()); 4274 Handle<JSFunction> string_function(native_context()->string_function());
4268 JSObject* string_function_prototype = 4275 JSObject* string_function_prototype =
4269 JSObject::cast(string_function->initial_map()->prototype()); 4276 JSObject::cast(string_function->initial_map()->prototype());
4270 DCHECK(string_function_prototype->HasFastProperties()); 4277 DCHECK(string_function_prototype->HasFastProperties());
4271 native_context()->set_string_function_prototype_map( 4278 native_context()->set_string_function_prototype_map(
4272 string_function_prototype->map()); 4279 string_function_prototype->map());
4273 4280
(...skipping 990 matching lines...) Expand 10 before | Expand all | Expand 10 after
5264 } 5271 }
5265 5272
5266 5273
5267 // Called when the top-level V8 mutex is destroyed. 5274 // Called when the top-level V8 mutex is destroyed.
5268 void Bootstrapper::FreeThreadResources() { 5275 void Bootstrapper::FreeThreadResources() {
5269 DCHECK(!IsActive()); 5276 DCHECK(!IsActive());
5270 } 5277 }
5271 5278
5272 } // namespace internal 5279 } // namespace internal
5273 } // namespace v8 5280 } // namespace v8
OLDNEW
« no previous file with comments | « src/ast/compile-time-value.cc ('k') | src/builtins/builtins-constructor-gen.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698