self,
index,
value_obj,
+ NONE,
i::kNonStrictMode);
has_pending_exception = obj.is_null();
EXCEPTION_BAILOUT_CHECK(isolate, false);
uint32_t index;
if (name->AsArrayIndex(&index)) {
Handle<Object> result =
- JSObject::SetElement(receiver, index, value, strict_mode);
+ JSObject::SetElement(receiver, index, value, NONE, strict_mode);
RETURN_IF_EMPTY_HANDLE(isolate(), result);
return *value;
}
uint32_t index;
if (name->AsArrayIndex(&index)) {
Handle<Object> result =
- JSObject::SetElement(receiver, index, value, strict_mode);
+ JSObject::SetElement(receiver, index, value, NONE, strict_mode);
RETURN_IF_EMPTY_HANDLE(isolate(), result);
return *value;
}
// Ignore return value from SetElement. It can only be a failure if there
// are element setters causing exceptions and the debugger context has none
// of these.
- Handle<Object> no_failure;
- no_failure = JSObject::SetElement(object, index, value, kNonStrictMode);
+ Handle<Object> no_failure =
+ JSObject::SetElement(object, index, value, NONE, kNonStrictMode);
ASSERT(!no_failure.is_null());
USE(no_failure);
}
MaybeObject* JSObject::SetElementWithInterceptor(uint32_t index,
Object* value,
+ PropertyAttributes attributes,
StrictModeFlag strict_mode,
- bool check_prototype) {
+ bool check_prototype,
+ SetPropertyMode set_mode) {
Isolate* isolate = GetIsolate();
// Make sure that the top context does not change when doing
// callbacks or interceptor calls.
MaybeObject* raw_result =
this_handle->SetElementWithoutInterceptor(index,
*value_handle,
+ attributes,
strict_mode,
- check_prototype);
+ check_prototype,
+ set_mode);
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
return raw_result;
}
if (convert_to_slow) {
MaybeObject* result = NormalizeElements();
if (result->IsFailure()) return result;
- return SetDictionaryElement(index, value, strict_mode, check_prototype);
+ return SetDictionaryElement(index, value, NONE, strict_mode,
+ check_prototype);
}
}
// Convert to fast double elements if appropriate.
MaybeObject* JSObject::SetDictionaryElement(uint32_t index,
Object* value,
+ PropertyAttributes attributes,
StrictModeFlag strict_mode,
- bool check_prototype) {
+ bool check_prototype,
+ SetPropertyMode set_mode) {
ASSERT(HasDictionaryElements() || HasDictionaryArgumentsElements());
Isolate* isolate = GetIsolate();
Heap* heap = isolate->heap();
if (entry != SeededNumberDictionary::kNotFound) {
Object* element = dictionary->ValueAt(entry);
PropertyDetails details = dictionary->DetailsAt(entry);
- if (details.type() == CALLBACKS) {
+ if (details.type() == CALLBACKS && set_mode == SET_PROPERTY) {
return SetElementWithCallback(element, index, value, this, strict_mode);
} else {
dictionary->UpdateMaxNumberKey(index);
// If a value has not been initialized we allow writing to it even if it
- // is read-only (a declared const that has not been initialized).
- if (!dictionary->DetailsAt(entry).IsReadOnly() ||
- dictionary->ValueAt(entry)->IsTheHole()) {
+ // is read-only (a declared const that has not been initialized). If a
+ // value is being defined we skip attribute checks completely.
+ if (set_mode == DEFINE_PROPERTY) {
+ details = PropertyDetails(attributes, NORMAL, details.index());
+ dictionary->ValueAtPut(entry, value);
+ dictionary->DetailsAtPut(entry, details);
+ } else if (!details.IsReadOnly() || element->IsTheHole()) {
dictionary->ValueAtPut(entry, value);
} else if (strict_mode == kStrictMode) {
Handle<Object> holder(this);
}
}
FixedArrayBase* new_dictionary;
- MaybeObject* maybe = dictionary->AtNumberPut(index, value);
+ PropertyDetails details = PropertyDetails(attributes, NORMAL);
+ MaybeObject* maybe = dictionary->AddNumberEntry(index, value, details);
if (!maybe->To<FixedArrayBase>(&new_dictionary)) return maybe;
if (dictionary != SeededNumberDictionary::cast(new_dictionary)) {
if (is_arguments) {
if (!maybe_obj->ToObject(&obj)) return maybe_obj;
}
ASSERT(HasDictionaryElements());
- return SetElement(index, value, strict_mode, check_prototype);
+ return SetElement(index, value, NONE, strict_mode, check_prototype);
}
MaybeObject* JSReceiver::SetElement(uint32_t index,
Object* value,
+ PropertyAttributes attributes,
StrictModeFlag strict_mode,
bool check_proto) {
- return IsJSProxy()
- ? JSProxy::cast(this)->SetElementWithHandler(index, value, strict_mode)
- : JSObject::cast(this)->SetElement(index, value, strict_mode, check_proto)
- ;
+ if (IsJSProxy()) {
+ return JSProxy::cast(this)->SetElementWithHandler(
+ index, value, strict_mode);
+ } else {
+ return JSObject::cast(this)->SetElement(
+ index, value, attributes, strict_mode, check_proto);
+ }
}
Handle<Object> value,
StrictModeFlag strict_mode) {
ASSERT(!object->HasExternalArrayElements());
- CALL_HEAP_FUNCTION(object->GetIsolate(),
- object->SetElement(index, *value, strict_mode, false),
- Object);
+ CALL_HEAP_FUNCTION(
+ object->GetIsolate(),
+ object->SetElement(index, *value, NONE, strict_mode, false),
+ Object);
}
Handle<Object> JSObject::SetElement(Handle<JSObject> object,
uint32_t index,
Handle<Object> value,
- StrictModeFlag strict_mode) {
+ PropertyAttributes attr,
+ StrictModeFlag strict_mode,
+ SetPropertyMode set_mode) {
if (object->HasExternalArrayElements()) {
if (!value->IsSmi() && !value->IsHeapNumber() && !value->IsUndefined()) {
bool has_exception;
value = number;
}
}
- CALL_HEAP_FUNCTION(object->GetIsolate(),
- object->SetElement(index, *value, strict_mode, true),
- Object);
+ CALL_HEAP_FUNCTION(
+ object->GetIsolate(),
+ object->SetElement(index, *value, attr, strict_mode, true, set_mode),
+ Object);
}
MaybeObject* JSObject::SetElement(uint32_t index,
Object* value,
+ PropertyAttributes attributes,
StrictModeFlag strict_mode,
- bool check_prototype) {
+ bool check_prototype,
+ SetPropertyMode set_mode) {
// Check access rights if needed.
if (IsAccessCheckNeeded()) {
Heap* heap = GetHeap();
ASSERT(proto->IsJSGlobalObject());
return JSObject::cast(proto)->SetElement(index,
value,
+ attributes,
strict_mode,
- check_prototype);
+ check_prototype,
+ set_mode);
+ }
+
+ // Don't allow element properties to be redefined for external arrays.
+ if (HasExternalArrayElements() && set_mode == DEFINE_PROPERTY) {
+ Isolate* isolate = GetHeap()->isolate();
+ Handle<Object> number = isolate->factory()->NewNumberFromUint(index);
+ Handle<Object> args[] = { Handle<Object>(this), number };
+ Handle<Object> error = isolate->factory()->NewTypeError(
+ "redef_external_array_element", HandleVector(args, ARRAY_SIZE(args)));
+ return isolate->Throw(*error);
+ }
+
+ // Normalize the elements to enable attributes on the property.
+ if ((attributes & (DONT_DELETE | DONT_ENUM | READ_ONLY)) != 0) {
+ SeededNumberDictionary* dictionary;
+ MaybeObject* maybe_object = NormalizeElements();
+ if (!maybe_object->To(&dictionary)) return maybe_object;
+ // Make sure that we never go back to fast case.
+ dictionary->set_requires_slow_elements();
}
// Check for lookup interceptor
if (HasIndexedInterceptor()) {
return SetElementWithInterceptor(index,
value,
+ attributes,
strict_mode,
- check_prototype);
+ check_prototype,
+ set_mode);
}
return SetElementWithoutInterceptor(index,
value,
+ attributes,
strict_mode,
- check_prototype);
+ check_prototype,
+ set_mode);
}
MaybeObject* JSObject::SetElementWithoutInterceptor(uint32_t index,
Object* value,
+ PropertyAttributes attr,
StrictModeFlag strict_mode,
- bool check_prototype) {
+ bool check_prototype,
+ SetPropertyMode set_mode) {
+ ASSERT(HasDictionaryElements() ||
+ HasDictionaryArgumentsElements() ||
+ (attr & (DONT_DELETE | DONT_ENUM | READ_ONLY)) == 0);
Isolate* isolate = GetIsolate();
switch (GetElementsKind()) {
case FAST_SMI_ONLY_ELEMENTS:
return array->SetValue(index, value);
}
case DICTIONARY_ELEMENTS:
- return SetDictionaryElement(index, value, strict_mode, check_prototype);
+ return SetDictionaryElement(index, value, attr, strict_mode,
+ check_prototype, set_mode);
case NON_STRICT_ARGUMENTS_ELEMENTS: {
FixedArray* parameter_map = FixedArray::cast(elements());
uint32_t length = parameter_map->length();
// Object is not mapped, defer to the arguments.
FixedArray* arguments = FixedArray::cast(parameter_map->get(1));
if (arguments->IsDictionary()) {
- return SetDictionaryElement(index, value, strict_mode,
- check_prototype);
+ return SetDictionaryElement(index, value, attr, strict_mode,
+ check_prototype, set_mode);
} else {
return SetFastElement(index, value, strict_mode, check_prototype);
}
};
+// Indicates whether a property should be set or (re)defined. Setting of a
+// property causes attributes to remain unchanged, writability to be checked
+// and callbacks to be called. Defining of a property causes attributes to
+// be updated and callbacks to be overridden.
+enum SetPropertyMode {
+ SET_PROPERTY,
+ DEFINE_PROPERTY
+};
+
+
// JSReceiver includes types on which properties can be defined, i.e.,
// JSObject and JSProxy.
class JSReceiver: public HeapObject {
// Can cause GC, or return failure if GC is required.
MUST_USE_RESULT MaybeObject* SetElement(uint32_t index,
Object* value,
+ PropertyAttributes attributes,
StrictModeFlag strict_mode,
bool check_prototype);
StrictModeFlag strict_mode,
bool check_prototype);
- MUST_USE_RESULT MaybeObject* SetDictionaryElement(uint32_t index,
- Object* value,
- StrictModeFlag strict_mode,
- bool check_prototype);
+ MUST_USE_RESULT MaybeObject* SetDictionaryElement(
+ uint32_t index,
+ Object* value,
+ PropertyAttributes attributes,
+ StrictModeFlag strict_mode,
+ bool check_prototype,
+ SetPropertyMode set_mode = SET_PROPERTY);
MUST_USE_RESULT MaybeObject* SetFastDoubleElement(
uint32_t index,
StrictModeFlag strict_mode,
bool check_prototype = true);
-
static Handle<Object> SetOwnElement(Handle<JSObject> object,
uint32_t index,
Handle<Object> value,
StrictModeFlag strict_mode);
// Empty handle is returned if the element cannot be set to the given value.
- static MUST_USE_RESULT Handle<Object> SetElement(Handle<JSObject> object,
- uint32_t index,
- Handle<Object> value,
- StrictModeFlag strict_mode);
+ static MUST_USE_RESULT Handle<Object> SetElement(
+ Handle<JSObject> object,
+ uint32_t index,
+ Handle<Object> value,
+ PropertyAttributes attr,
+ StrictModeFlag strict_mode,
+ SetPropertyMode set_mode = SET_PROPERTY);
// A Failure object is returned if GC is needed.
- MUST_USE_RESULT MaybeObject* SetElement(uint32_t index,
- Object* value,
- StrictModeFlag strict_mode,
- bool check_prototype);
+ MUST_USE_RESULT MaybeObject* SetElement(
+ uint32_t index,
+ Object* value,
+ PropertyAttributes attributes,
+ StrictModeFlag strict_mode,
+ bool check_prototype = true,
+ SetPropertyMode set_mode = SET_PROPERTY);
// Returns the index'th element.
// The undefined object if index is out of bounds.
MUST_USE_RESULT MaybeObject* SetElementWithInterceptor(
uint32_t index,
Object* value,
+ PropertyAttributes attributes,
StrictModeFlag strict_mode,
- bool check_prototype);
+ bool check_prototype,
+ SetPropertyMode set_mode);
MUST_USE_RESULT MaybeObject* SetElementWithoutInterceptor(
uint32_t index,
Object* value,
+ PropertyAttributes attributes,
StrictModeFlag strict_mode,
- bool check_prototype);
+ bool check_prototype,
+ SetPropertyMode set_mode);
// Searches the prototype chain for a callback setter and sets the property
// with the setter if it finds one. The '*found' flag indicates whether
RUNTIME_ASSERT((unchecked & ~(READ_ONLY | DONT_ENUM | DONT_DELETE)) == 0);
PropertyAttributes attr = static_cast<PropertyAttributes>(unchecked);
- // Check if this is an element.
- uint32_t index;
- bool is_element = name->AsArrayIndex(&index);
-
- // Special case for elements if any of the flags might be involved.
- // If elements are in fast case we always implicitly assume that:
- // DONT_DELETE: false, DONT_ENUM: false, READ_ONLY: false.
- if (is_element && (attr != NONE ||
- js_object->HasLocalElement(index) == JSObject::DICTIONARY_ELEMENT)) {
- // Normalize the elements to enable attributes on the property.
- if (js_object->IsJSGlobalProxy()) {
- // We do not need to do access checks here since these has already
- // been performed by the call to GetOwnProperty.
- Handle<Object> proto(js_object->GetPrototype());
- // If proxy is detached, ignore the assignment. Alternatively,
- // we could throw an exception.
- if (proto->IsNull()) return *obj_value;
- js_object = Handle<JSObject>::cast(proto);
- }
-
- // Don't allow element properties to be redefined on objects with external
- // array elements.
- if (js_object->HasExternalArrayElements()) {
- Handle<Object> args[2] = { js_object, name };
- Handle<Object> error =
- isolate->factory()->NewTypeError("redef_external_array_element",
- HandleVector(args, 2));
- return isolate->Throw(*error);
- }
-
- Handle<SeededNumberDictionary> dictionary =
- JSObject::NormalizeElements(js_object);
- // Make sure that we never go back to fast case.
- dictionary->set_requires_slow_elements();
- PropertyDetails details = PropertyDetails(attr, NORMAL);
- Handle<SeededNumberDictionary> extended_dictionary =
- SeededNumberDictionary::Set(dictionary, index, obj_value, details);
- if (*extended_dictionary != *dictionary) {
- if (js_object->GetElementsKind() == NON_STRICT_ARGUMENTS_ELEMENTS) {
- FixedArray::cast(js_object->elements())->set(1, *extended_dictionary);
- } else {
- js_object->set_elements(*extended_dictionary);
- }
- }
- return *obj_value;
- }
-
LookupResult result(isolate);
js_object->LocalLookupRealNamedProperty(*name, &result);
}
-// Special case for elements if any of the flags are true.
-// If elements are in fast case we always implicitly assume that:
-// DONT_DELETE: false, DONT_ENUM: false, READ_ONLY: false.
-static MaybeObject* NormalizeObjectSetElement(Isolate* isolate,
- Handle<JSObject> js_object,
- uint32_t index,
- Handle<Object> value,
- PropertyAttributes attr) {
- // Normalize the elements to enable attributes on the property.
- Handle<SeededNumberDictionary> dictionary =
- JSObject::NormalizeElements(js_object);
- // Make sure that we never go back to fast case.
- dictionary->set_requires_slow_elements();
- PropertyDetails details = PropertyDetails(attr, NORMAL);
- Handle<SeededNumberDictionary> extended_dictionary =
- SeededNumberDictionary::Set(dictionary, index, value, details);
- if (*extended_dictionary != *dictionary) {
- js_object->set_elements(*extended_dictionary);
- }
- return *value;
-}
-
-
MaybeObject* Runtime::SetObjectProperty(Isolate* isolate,
Handle<Object> object,
Handle<Object> key,
Handle<Object> value,
PropertyAttributes attr,
StrictModeFlag strict_mode) {
+ SetPropertyMode set_mode = attr == NONE ? SET_PROPERTY : DEFINE_PROPERTY;
HandleScope scope(isolate);
if (object->IsUndefined() || object->IsNull()) {
return *value;
}
- if (((attr & (DONT_DELETE | DONT_ENUM | READ_ONLY)) != 0)) {
- return NormalizeObjectSetElement(isolate, js_object, index, value, attr);
- }
-
- Handle<Object> result =
- JSObject::SetElement(js_object, index, value, strict_mode);
+ Handle<Object> result = JSObject::SetElement(
+ js_object, index, value, attr, strict_mode, set_mode);
if (result.is_null()) return Failure::Exception();
return *value;
}
if (key->IsString()) {
Handle<Object> result;
if (Handle<String>::cast(key)->AsArrayIndex(&index)) {
- if (((attr & (DONT_DELETE | DONT_ENUM | READ_ONLY)) != 0)) {
- return NormalizeObjectSetElement(isolate,
- js_object,
- index,
- value,
- attr);
- }
- result =
- JSObject::SetElement(js_object, index, value, strict_mode);
+ result = JSObject::SetElement(
+ js_object, index, value, attr, strict_mode, set_mode);
} else {
Handle<String> key_string = Handle<String>::cast(key);
key_string->TryFlatten();
Handle<String> name = Handle<String>::cast(converted);
if (name->AsArrayIndex(&index)) {
- return js_object->SetElement(index, *value, strict_mode, true);
+ return js_object->SetElement(
+ index, *value, attr, strict_mode, true, set_mode);
} else {
return js_object->SetProperty(*name, *value, attr, strict_mode);
}
return *value;
}
- return js_object->SetElement(index, *value, kNonStrictMode, true);
+ return js_object->SetElement(
+ index, *value, attr, kNonStrictMode, false, DEFINE_PROPERTY);
}
if (key->IsString()) {
if (Handle<String>::cast(key)->AsArrayIndex(&index)) {
- return js_object->SetElement(index, *value, kNonStrictMode, true);
+ return js_object->SetElement(
+ index, *value, attr, kNonStrictMode, false, DEFINE_PROPERTY);
} else {
Handle<String> key_string = Handle<String>::cast(key);
key_string->TryFlatten();
Handle<String> name = Handle<String>::cast(converted);
if (name->AsArrayIndex(&index)) {
- return js_object->SetElement(index, *value, kNonStrictMode, true);
+ return js_object->SetElement(
+ index, *value, attr, kNonStrictMode, false, DEFINE_PROPERTY);
} else {
return js_object->SetLocalPropertyIgnoreAttributes(*name, *value, attr);
}
RETURN_IF_EMPTY_HANDLE(isolate, tmp2);
RETURN_IF_EMPTY_HANDLE(
- isolate, JSObject::SetElement(jsobject, index1, tmp2, kStrictMode));
+ isolate, JSObject::SetElement(jsobject, index1, tmp2, NONE, kStrictMode));
RETURN_IF_EMPTY_HANDLE(
- isolate, JSObject::SetElement(jsobject, index2, tmp1, kStrictMode));
+ isolate, JSObject::SetElement(jsobject, index2, tmp1, NONE, kStrictMode));
return isolate->heap()->undefined_value();
}
i::Handle<i::Smi> value(i::Smi::FromInt(2));
i::Handle<i::Object> no_failure;
- no_failure = i::JSObject::SetElement(jsobj, 1, value, i::kNonStrictMode);
+ no_failure =
+ i::JSObject::SetElement(jsobj, 1, value, NONE, i::kNonStrictMode);
ASSERT(!no_failure.is_null());
i::USE(no_failure);
CHECK_EQ(2, i::Smi::cast(jsobj->GetElement(1)->ToObjectChecked())->value());
*value.location() = i::Smi::FromInt(256);
- no_failure = i::JSObject::SetElement(jsobj, 1, value, i::kNonStrictMode);
+ no_failure =
+ i::JSObject::SetElement(jsobj, 1, value, NONE, i::kNonStrictMode);
ASSERT(!no_failure.is_null());
i::USE(no_failure);
CHECK_EQ(255,
i::Smi::cast(jsobj->GetElement(1)->ToObjectChecked())->value());
*value.location() = i::Smi::FromInt(-1);
- no_failure = i::JSObject::SetElement(jsobj, 1, value, i::kNonStrictMode);
+ no_failure =
+ i::JSObject::SetElement(jsobj, 1, value, NONE, i::kNonStrictMode);
ASSERT(!no_failure.is_null());
i::USE(no_failure);
CHECK_EQ(0, i::Smi::cast(jsobj->GetElement(1)->ToObjectChecked())->value());
CHECK(array->HasFastTypeElements());
// array[length] = name.
- array->SetElement(0, *name, kNonStrictMode, true)->ToObjectChecked();
+ array->SetElement(0, *name, NONE, kNonStrictMode)->ToObjectChecked();
CHECK_EQ(Smi::FromInt(1), array->length());
CHECK_EQ(array->GetElement(0), *name);
CHECK(array->HasDictionaryElements()); // Must be in slow mode.
// array[length] = name.
- array->SetElement(int_length, *name, kNonStrictMode, true)->ToObjectChecked();
+ array->SetElement(int_length, *name, NONE, kNonStrictMode)->ToObjectChecked();
uint32_t new_int_length = 0;
CHECK(array->length()->ToArrayIndex(&new_int_length));
CHECK_EQ(static_cast<double>(int_length), new_int_length - 1);
obj->SetProperty(
*second, Smi::FromInt(2), NONE, kNonStrictMode)->ToObjectChecked();
- obj->SetElement(0, *first, kNonStrictMode, true)->ToObjectChecked();
- obj->SetElement(1, *second, kNonStrictMode, true)->ToObjectChecked();
+ obj->SetElement(0, *first, NONE, kNonStrictMode)->ToObjectChecked();
+ obj->SetElement(1, *second, NONE, kNonStrictMode)->ToObjectChecked();
// Make the clone.
Handle<JSObject> clone = Copy(obj);
clone->SetProperty(
*second, Smi::FromInt(1), NONE, kNonStrictMode)->ToObjectChecked();
- clone->SetElement(0, *second, kNonStrictMode, true)->ToObjectChecked();
- clone->SetElement(1, *first, kNonStrictMode, true)->ToObjectChecked();
+ clone->SetElement(0, *second, NONE, kNonStrictMode)->ToObjectChecked();
+ clone->SetElement(1, *first, NONE, kNonStrictMode)->ToObjectChecked();
CHECK_EQ(obj->GetElement(1), clone->GetElement(0));
CHECK_EQ(obj->GetElement(0), clone->GetElement(1));
15.2.3.6-4-294-1: FAIL
15.2.3.6-4-295-1: FAIL
15.2.3.6-4-296-1: FAIL
-15.2.3.6-4-333-11: FAIL
15.2.3.7-6-a-281: FAIL
15.2.3.7-6-a-282: FAIL
15.2.3.7-6-a-283: FAIL
projects / platform / upstream / v8.git / commitdiff