Remove specialized access checks and overwrites altogether. They are already handled by GetOwnPrope…

src/runtime.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <stdlib.h>
 #include <limits>
 
 #include "src/v8.h"
 
 #include "src/accessors.h"
@@ skipping 1869 matching lines @@
   CONVERT_ARG_HANDLE_CHECKED(Object, V, 1);
   while (true) {
     Handle<Object> prototype = Object::GetPrototype(isolate, V);
     if (prototype->IsNull()) return isolate->heap()->false_value();
     if (*O == *prototype) return isolate->heap()->true_value();
     V = prototype;
   }
 }
 
 
-static bool CheckAccessException(Object* callback,
-                                 v8::AccessType access_type) {
-  DisallowHeapAllocation no_gc;
-  ASSERT(!callback->IsForeign());
-  if (callback->IsAccessorInfo()) {
-    AccessorInfo* info = AccessorInfo::cast(callback);
-    return
-        (access_type == v8::ACCESS_HAS &&
-           (info->all_can_read() || info->all_can_write())) ||
-        (access_type == v8::ACCESS_GET && info->all_can_read()) ||
-        (access_type == v8::ACCESS_SET && info->all_can_write());
-  }
-  return false;
-}
-
-
-template<class Key>
-static bool CheckGenericAccess(
-    Handle<JSObject> receiver,
-    Handle<Object> end,
-    Key key,
-    v8::AccessType access_type,
-    bool (Isolate::*mayAccess)(Handle<JSObject>, Key, v8::AccessType)) {
-  Isolate* isolate = receiver->GetIsolate();
-  for (Handle<Object> current = receiver;
-       !current.is_identical_to(end);
-       current = Object::GetPrototype(isolate, current)) {
-    if (current->IsAccessCheckNeeded() &&
-        !(isolate->*mayAccess)(
-            Handle<JSObject>::cast(current), key, access_type)) {
-      return false;
-    }
-  }
-  return true;
-}
-
-
-static void CheckPropertyAccess(Handle<JSObject> obj,
-                                Handle<Name> name,
-                                v8::AccessType access_type) {
-  Isolate* isolate = obj->GetIsolate();
-  uint32_t index;
-  if (name->AsArrayIndex(&index)) {
-    Handle<Object> next(obj->GetPrototype(), isolate);
-    // TODO(1095): we should traverse hidden prototype hierachy as well.
-    if (!CheckGenericAccess(
-            obj, next, index, access_type, &Isolate::MayIndexedAccess)) {
-      obj->GetIsolate()->ReportFailedAccessCheck(obj, access_type);
-    }
-    return;
-  }
-
-  LookupResult lookup(isolate);
-  obj->LookupOwn(name, &lookup, true);
-
-  Handle<Object> next = lookup.IsProperty()
-      ? handle(lookup.holder()->GetPrototype(), isolate)
-      : Handle<Object>::cast(isolate->factory()->null_value());
-  if (CheckGenericAccess<Handle<Object> >(
-          obj, next, name, access_type, &Isolate::MayNamedAccess)) {
-    return;
-  }
-
-  // Access check callback denied the access, but some properties
-  // can have a special permissions which override callbacks decision
-  // (see v8::AccessControl).
-  // API callbacks can have per callback access exceptions.
-  if (lookup.IsFound() && lookup.type() == INTERCEPTOR) {
-    lookup.holder()->LookupOwnRealNamedProperty(name, &lookup);
-  }
-
-  if (lookup.IsPropertyCallbacks() &&
-      CheckAccessException(lookup.GetCallbackObject(), access_type)) {
-    return;
-  }
-
-  isolate->ReportFailedAccessCheck(obj, access_type);
-}
-
-
 // Enumerator used as indices into the array returned from GetOwnProperty
 enum PropertyDescriptorIndices {
   IS_ACCESSOR_INDEX,
   VALUE_INDEX,
   GETTER_INDEX,
   SETTER_INDEX,
   WRITABLE_INDEX,
   ENUMERABLE_INDEX,
   CONFIGURABLE_INDEX,
   DESCRIPTOR_SIZE
 };
 
 
 MUST_USE_RESULT static MaybeHandle<Object> GetOwnProperty(Isolate* isolate,
                                                           Handle<JSObject> obj,
                                                           Handle<Name> name) {
   Heap* heap = isolate->heap();
   Factory* factory = isolate->factory();
 
-  CheckPropertyAccess(obj, name, v8::ACCESS_HAS);
-  RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
-
-  PropertyAttributes attrs = JSReceiver::GetOwnPropertyAttributes(obj, name);
-  if (attrs == ABSENT) {
-    RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
-    return factory->undefined_value();
+  PropertyAttributes attrs;
+  uint32_t index = 0;
+  MaybeHandle<AccessorPair> maybe_accessors;
+  // TODO(verwaest): Unify once indexed properties can be handled by the
+  // LookupIterator.
+  if (name->AsArrayIndex(&index)) {
+    attrs = JSReceiver::GetOwnElementAttribute(obj, index);
+    if (attrs == ABSENT) {
+      RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
+      return factory->undefined_value();
+    }
+    maybe_accessors = JSObject::GetOwnElementAccessorPair(obj, index);
+  } else {
+    LookupIterator it(obj, name, LookupIterator::CHECK_OWN);
+    attrs = JSObject::GetPropertyAttributes(&it);
+    if (attrs == ABSENT) {
+      RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
+      return factory->undefined_value();
+    }
+    if (it.state() == LookupIterator::PROPERTY &&
+        it.property_kind() == LookupIterator::ACCESSOR) {
+      Handle<Object> accessors = it.GetAccessors();
+      if (accessors->IsAccessorPair()) {
+        maybe_accessors = Handle<AccessorPair>::cast(accessors);
+      }
+    }
   }
   ASSERT(!isolate->has_scheduled_exception());
-  Handle<AccessorPair> accessors;
-  bool has_accessors =
-      JSObject::GetOwnPropertyAccessorPair(obj, name).ToHandle(&accessors);
   Handle<FixedArray> elms = factory->NewFixedArray(DESCRIPTOR_SIZE);
   elms->set(ENUMERABLE_INDEX, heap->ToBoolean((attrs & DONT_ENUM) == 0));
   elms->set(CONFIGURABLE_INDEX, heap->ToBoolean((attrs & DONT_DELETE) == 0));
-  elms->set(IS_ACCESSOR_INDEX, heap->ToBoolean(has_accessors));
+  elms->set(IS_ACCESSOR_INDEX, heap->ToBoolean(!maybe_accessors.is_null()));
 
-  if (!has_accessors) {
+  Handle<AccessorPair> accessors;
+  if (maybe_accessors.ToHandle(&accessors)) {
+    Handle<Object> getter(accessors->GetComponent(ACCESSOR_GETTER), isolate);
+    Handle<Object> setter(accessors->GetComponent(ACCESSOR_SETTER), isolate);
+    elms->set(GETTER_INDEX, *getter);
+    elms->set(SETTER_INDEX, *setter);
+  } else {
     elms->set(WRITABLE_INDEX, heap->ToBoolean((attrs & READ_ONLY) == 0));
     // Runtime::GetObjectProperty does access check.
     Handle<Object> value;
     ASSIGN_RETURN_ON_EXCEPTION(

[Toon Verwaest, 2014/06/16 17:26:14]

I'd avoid rewalking by using the LookupIterator, but for now we have tests that
actually check that ACCESS_GET is called here to explicitly not fetch the value
even though ACCESS_HAS above succeeded. I'll clean that up in a later phase.

         isolate, value, Runtime::GetObjectProperty(isolate, obj, name),
         Object);
     elms->set(VALUE_INDEX, *value);
-  } else {
-    Handle<Object> getter(accessors->GetComponent(ACCESSOR_GETTER), isolate);
-    Handle<Object> setter(accessors->GetComponent(ACCESSOR_SETTER), isolate);
-    elms->set(GETTER_INDEX, *getter);
-    elms->set(SETTER_INDEX, *setter);
   }
 
   return factory->NewJSArrayWithElements(elms);
 }
 
 
 // Returns an array with the property description:
 //  if args[1] is not a property on args[0]
 //          returns undefined
 //  if args[1] is a data property on args[0]
@@ skipping 13132 matching lines @@
   }
   return NULL;
 }
 
 
 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) {
   return &(kIntrinsicFunctions[static_cast<int>(id)]);
 }
 
 } }  // namespace v8::internal