Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(180)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/runtime.cc

Issue 265503002: Re-enable Object.observe and add enforcement for security invariants. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: cr comment Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/runtime.h ('k') | test/cctest/cctest.status » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <stdlib.h> 5 #include <stdlib.h>
6 #include <limits> 6 #include <limits>
7 7
8 #include "v8.h" 8 #include "v8.h"
9 9
10 #include "accessors.h" 10 #include "accessors.h"
(...skipping 14854 matching lines...) Expand 10 before | Expand all | Expand 10 after
14865 14865
14866 RUNTIME_FUNCTION(Runtime_HaveSameMap) { 14866 RUNTIME_FUNCTION(Runtime_HaveSameMap) {
14867 SealHandleScope shs(isolate); 14867 SealHandleScope shs(isolate);
14868 ASSERT(args.length() == 2); 14868 ASSERT(args.length() == 2);
14869 CONVERT_ARG_CHECKED(JSObject, obj1, 0); 14869 CONVERT_ARG_CHECKED(JSObject, obj1, 0);
14870 CONVERT_ARG_CHECKED(JSObject, obj2, 1); 14870 CONVERT_ARG_CHECKED(JSObject, obj2, 1);
14871 return isolate->heap()->ToBoolean(obj1->map() == obj2->map()); 14871 return isolate->heap()->ToBoolean(obj1->map() == obj2->map());
14872 } 14872 }
14873 14873
14874 14874
14875 RUNTIME_FUNCTION(Runtime_IsAccessCheckNeeded) { 14875 RUNTIME_FUNCTION(Runtime_IsJSGlobalProxy) {
14876 SealHandleScope shs(isolate); 14876 SealHandleScope shs(isolate);
14877 ASSERT(args.length() == 1); 14877 ASSERT(args.length() == 1);
14878 CONVERT_ARG_CHECKED(HeapObject, obj, 0); 14878 CONVERT_ARG_CHECKED(Object, obj, 0);
14879 return isolate->heap()->ToBoolean(obj->IsAccessCheckNeeded()); 14879 return isolate->heap()->ToBoolean(obj->IsJSGlobalProxy());
14880 } 14880 }
14881 14881
14882 14882
14883 RUNTIME_FUNCTION(Runtime_IsObserved) { 14883 RUNTIME_FUNCTION(Runtime_IsObserved) {
14884 SealHandleScope shs(isolate); 14884 SealHandleScope shs(isolate);
14885 ASSERT(args.length() == 1); 14885 ASSERT(args.length() == 1);
14886 14886
14887 if (!args[0]->IsJSReceiver()) return isolate->heap()->false_value(); 14887 if (!args[0]->IsJSReceiver()) return isolate->heap()->false_value();
14888 CONVERT_ARG_CHECKED(JSReceiver, obj, 0); 14888 CONVERT_ARG_CHECKED(JSReceiver, obj, 0);
14889 if (obj->IsJSGlobalProxy()) { 14889 if (obj->IsJSGlobalProxy()) {
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after
14954 // isolate. If it's called more often, the map should be moved into the 14954 // isolate. If it's called more often, the map should be moved into the
14955 // strong root list. 14955 // strong root list.
14956 Handle<Map> map = 14956 Handle<Map> map =
14957 isolate->factory()->NewMap(JS_WEAK_MAP_TYPE, JSWeakMap::kSize); 14957 isolate->factory()->NewMap(JS_WEAK_MAP_TYPE, JSWeakMap::kSize);
14958 Handle<JSWeakMap> weakmap = 14958 Handle<JSWeakMap> weakmap =
14959 Handle<JSWeakMap>::cast(isolate->factory()->NewJSObjectFromMap(map)); 14959 Handle<JSWeakMap>::cast(isolate->factory()->NewJSObjectFromMap(map));
14960 return *WeakCollectionInitialize(isolate, weakmap); 14960 return *WeakCollectionInitialize(isolate, weakmap);
14961 } 14961 }
14962 14962
14963 14963
14964 RUNTIME_FUNCTION(Runtime_IsAccessAllowedForObserver) { 14964 static bool ContextsHaveSameOrigin(Handle<Context> context1,
14965 Handle<Context> context2) {
14966 return context1->security_token() == context2->security_token();
14967 }
14968
14969
14970 RUNTIME_FUNCTION(Runtime_ObserverObjectAndRecordHaveSameOrigin) {
14965 HandleScope scope(isolate); 14971 HandleScope scope(isolate);
14966 ASSERT(args.length() == 3); 14972 ASSERT(args.length() == 3);
14967 CONVERT_ARG_HANDLE_CHECKED(JSFunction, observer, 0); 14973 CONVERT_ARG_HANDLE_CHECKED(JSFunction, observer, 0);
14968 CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 1); 14974 CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 1);
14969 RUNTIME_ASSERT(object->map()->is_access_check_needed()); 14975 CONVERT_ARG_HANDLE_CHECKED(JSObject, record, 2);
14970 CONVERT_ARG_HANDLE_CHECKED(Object, key, 2); 14976
14971 SaveContext save(isolate); 14977 Handle<Context> observer_context(observer->context()->native_context(),
14972 isolate->set_context(observer->context()); 14978 isolate);
14973 if (!isolate->MayNamedAccess( 14979 Handle<Context> object_context(object->GetCreationContext());
14974 object, isolate->factory()->undefined_value(), v8::ACCESS_KEYS)) { 14980 Handle<Context> record_context(record->GetCreationContext());
14975 return isolate->heap()->false_value(); 14981
14976 } 14982 return isolate->heap()->ToBoolean(
14977 bool access_allowed = false; 14983 ContextsHaveSameOrigin(object_context, observer_context) &&
14978 uint32_t index = 0; 14984 ContextsHaveSameOrigin(object_context, record_context));
14979 if (key->ToArrayIndex(&index) ||
14980 (key->IsString() && String::cast(*key)->AsArrayIndex(&index))) {
14981 access_allowed =
14982 isolate->MayIndexedAccess(object, index, v8::ACCESS_GET) &&
14983 isolate->MayIndexedAccess(object, index, v8::ACCESS_HAS);
14984 } else {
14985 access_allowed =
14986 isolate->MayNamedAccess(object, key, v8::ACCESS_GET) &&
14987 isolate->MayNamedAccess(object, key, v8::ACCESS_HAS);
14988 }
14989 return isolate->heap()->ToBoolean(access_allowed);
14990 } 14985 }
14991 14986
14992 14987
14988 RUNTIME_FUNCTION(Runtime_ObjectWasCreatedInCurrentOrigin) {
14989 HandleScope scope(isolate);
14990 ASSERT(args.length() == 1);
14991 CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 0);
14992
14993 Handle<Context> creation_context(object->GetCreationContext(), isolate);
14994 return isolate->heap()->ToBoolean(
14995 ContextsHaveSameOrigin(creation_context, isolate->native_context()));
14996 }
14997
14998
14993 static Object* ArrayConstructorCommon(Isolate* isolate, 14999 static Object* ArrayConstructorCommon(Isolate* isolate,
14994 Handle<JSFunction> constructor, 15000 Handle<JSFunction> constructor,
14995 Handle<AllocationSite> site, 15001 Handle<AllocationSite> site,
14996 Arguments* caller_args) { 15002 Arguments* caller_args) {
14997 Factory* factory = isolate->factory(); 15003 Factory* factory = isolate->factory();
14998 15004
14999 bool holey = false; 15005 bool holey = false;
15000 bool can_use_type_feedback = true; 15006 bool can_use_type_feedback = true;
15001 if (caller_args->length() == 1) { 15007 if (caller_args->length() == 1) {
15002 Handle<Object> argument_one = caller_args->at<Object>(0); 15008 Handle<Object> argument_one = caller_args->at<Object>(0);
(...skipping 195 matching lines...) Expand 10 before | Expand all | Expand 10 after
15198 } 15204 }
15199 return NULL; 15205 return NULL;
15200 } 15206 }
15201 15207
15202 15208
15203 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) { 15209 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) {
15204 return &(kIntrinsicFunctions[static_cast<int>(id)]); 15210 return &(kIntrinsicFunctions[static_cast<int>(id)]);
15205 } 15211 }
15206 15212
15207 } } // namespace v8::internal 15213 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « src/runtime.h ('k') | test/cctest/cctest.status » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698