Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(226)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/runtime.cc

Issue 265503002: Re-enable Object.observe and add enforcement for security invariants. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: throw on Observe or getNotifier with global object Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« src/objects.cc ('K') | « src/runtime.h ('k') | test/cctest/cctest.status » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <stdlib.h> 5 #include <stdlib.h>
6 #include <limits> 6 #include <limits>
7 7
8 #include "v8.h" 8 #include "v8.h"
9 9
10 #include "accessors.h" 10 #include "accessors.h"
(...skipping 14844 matching lines...) Expand 10 before | Expand all | Expand 10 after
14855 14855
14856 RUNTIME_FUNCTION(Runtime_HaveSameMap) { 14856 RUNTIME_FUNCTION(Runtime_HaveSameMap) {
14857 SealHandleScope shs(isolate); 14857 SealHandleScope shs(isolate);
14858 ASSERT(args.length() == 2); 14858 ASSERT(args.length() == 2);
14859 CONVERT_ARG_CHECKED(JSObject, obj1, 0); 14859 CONVERT_ARG_CHECKED(JSObject, obj1, 0);
14860 CONVERT_ARG_CHECKED(JSObject, obj2, 1); 14860 CONVERT_ARG_CHECKED(JSObject, obj2, 1);
14861 return isolate->heap()->ToBoolean(obj1->map() == obj2->map()); 14861 return isolate->heap()->ToBoolean(obj1->map() == obj2->map());
14862 } 14862 }
14863 14863
14864 14864
14865 RUNTIME_FUNCTION(Runtime_IsAccessCheckNeeded) { 14865 RUNTIME_FUNCTION(Runtime_IsJSGlobalProxy) {
14866 SealHandleScope shs(isolate); 14866 SealHandleScope shs(isolate);
14867 ASSERT(args.length() == 1); 14867 ASSERT(args.length() == 1);
14868 CONVERT_ARG_CHECKED(HeapObject, obj, 0); 14868 CONVERT_ARG_CHECKED(Object, obj, 0);
14869 return isolate->heap()->ToBoolean(obj->IsAccessCheckNeeded()); 14869 return isolate->heap()->ToBoolean(obj->IsJSGlobalProxy());
14870 } 14870 }
14871 14871
14872 14872
14873 RUNTIME_FUNCTION(Runtime_IsObserved) { 14873 RUNTIME_FUNCTION(Runtime_IsObserved) {
14874 SealHandleScope shs(isolate); 14874 SealHandleScope shs(isolate);
14875 ASSERT(args.length() == 1); 14875 ASSERT(args.length() == 1);
14876 14876
14877 if (!args[0]->IsJSReceiver()) return isolate->heap()->false_value(); 14877 if (!args[0]->IsJSReceiver()) return isolate->heap()->false_value();
14878 CONVERT_ARG_CHECKED(JSReceiver, obj, 0); 14878 CONVERT_ARG_CHECKED(JSReceiver, obj, 0);
14879 if (obj->IsJSGlobalProxy()) { 14879 if (obj->IsJSGlobalProxy()) {
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after
14944 // isolate. If it's called more often, the map should be moved into the 14944 // isolate. If it's called more often, the map should be moved into the
14945 // strong root list. 14945 // strong root list.
14946 Handle<Map> map = 14946 Handle<Map> map =
14947 isolate->factory()->NewMap(JS_WEAK_MAP_TYPE, JSWeakMap::kSize); 14947 isolate->factory()->NewMap(JS_WEAK_MAP_TYPE, JSWeakMap::kSize);
14948 Handle<JSWeakMap> weakmap = 14948 Handle<JSWeakMap> weakmap =
14949 Handle<JSWeakMap>::cast(isolate->factory()->NewJSObjectFromMap(map)); 14949 Handle<JSWeakMap>::cast(isolate->factory()->NewJSObjectFromMap(map));
14950 return *WeakCollectionInitialize(isolate, weakmap); 14950 return *WeakCollectionInitialize(isolate, weakmap);
14951 } 14951 }
14952 14952
14953 14953
14954 RUNTIME_FUNCTION(Runtime_IsAccessAllowedForObserver) { 14954 static bool ContextsHaveSameOrigin(Handle<Context> context1,
14955 Handle<Context> context2) {
14956 return context1->security_token() == context2->security_token();
14957 }
14958
14959
14960 RUNTIME_FUNCTION(Runtime_ObserverObjectAndRecordHaveSameOrigin) {
14955 HandleScope scope(isolate); 14961 HandleScope scope(isolate);
14956 ASSERT(args.length() == 3); 14962 ASSERT(args.length() == 3);
14957 CONVERT_ARG_HANDLE_CHECKED(JSFunction, observer, 0); 14963 CONVERT_ARG_HANDLE_CHECKED(JSFunction, observer, 0);
14958 CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 1); 14964 CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 1);
14959 RUNTIME_ASSERT(object->map()->is_access_check_needed()); 14965 CONVERT_ARG_HANDLE_CHECKED(JSObject, record, 2);
14960 CONVERT_ARG_HANDLE_CHECKED(Object, key, 2); 14966
14961 SaveContext save(isolate); 14967 Handle<Context> observer_context(observer->context()->native_context(),
14962 isolate->set_context(observer->context()); 14968 isolate);
14963 if (!isolate->MayNamedAccess( 14969 Handle<Context> object_context(object->GetCreationContext());
14964 object, isolate->factory()->undefined_value(), v8::ACCESS_KEYS)) { 14970 Handle<Context> record_context(record->GetCreationContext());
14965 return isolate->heap()->false_value(); 14971
14966 } 14972 return isolate->heap()->ToBoolean(
14967 bool access_allowed = false; 14973 ContextsHaveSameOrigin(object_context, observer_context) &&
14968 uint32_t index = 0; 14974 ContextsHaveSameOrigin(object_context, record_context));
14969 if (key->ToArrayIndex(&index) ||
14970 (key->IsString() && String::cast(*key)->AsArrayIndex(&index))) {
14971 access_allowed =
14972 isolate->MayIndexedAccess(object, index, v8::ACCESS_GET) &&
14973 isolate->MayIndexedAccess(object, index, v8::ACCESS_HAS);
14974 } else {
14975 access_allowed =
14976 isolate->MayNamedAccess(object, key, v8::ACCESS_GET) &&
14977 isolate->MayNamedAccess(object, key, v8::ACCESS_HAS);
14978 }
14979 return isolate->heap()->ToBoolean(access_allowed);
14980 } 14975 }
14981 14976
14982 14977
14978 RUNTIME_FUNCTION(Runtime_ObjectWasCreatedInCurrentOrigin) {
14979 HandleScope scope(isolate);
14980 ASSERT(args.length() == 1);
14981 CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
14982
14983 Handle<Context> creation_context(object->GetCreationContext(), isolate);
14984 return isolate->heap()->ToBoolean(
14985 ContextsHaveSameOrigin(creation_context, isolate->native_context()));
14986 }
14987
14988
14983 static Object* ArrayConstructorCommon(Isolate* isolate, 14989 static Object* ArrayConstructorCommon(Isolate* isolate,
14984 Handle<JSFunction> constructor, 14990 Handle<JSFunction> constructor,
14985 Handle<AllocationSite> site, 14991 Handle<AllocationSite> site,
14986 Arguments* caller_args) { 14992 Arguments* caller_args) {
14987 Factory* factory = isolate->factory(); 14993 Factory* factory = isolate->factory();
14988 14994
14989 bool holey = false; 14995 bool holey = false;
14990 bool can_use_type_feedback = true; 14996 bool can_use_type_feedback = true;
14991 if (caller_args->length() == 1) { 14997 if (caller_args->length() == 1) {
14992 Handle<Object> argument_one = caller_args->at<Object>(0); 14998 Handle<Object> argument_one = caller_args->at<Object>(0);
(...skipping 195 matching lines...) Expand 10 before | Expand all | Expand 10 after
15188 } 15194 }
15189 return NULL; 15195 return NULL;
15190 } 15196 }
15191 15197
15192 15198
15193 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) { 15199 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) {
15194 return &(kIntrinsicFunctions[static_cast<int>(id)]); 15200 return &(kIntrinsicFunctions[static_cast<int>(id)]);
15195 } 15201 }
15196 15202
15197 } } // namespace v8::internal 15203 } } // namespace v8::internal
OLDNEW
« src/objects.cc ('K') | « src/runtime.h ('k') | test/cctest/cctest.status » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698