From 469428e61069c27403b018555ace1abf6a322871 Mon Sep 17 00:00:00 2001 From: "yangguo@chromium.org" Date: Mon, 10 Mar 2014 08:28:59 +0000 Subject: [PATCH] Handlify JSObject::CanSetCallback. Also use temporary wrapper functions where possible to mark progress. R=ishell@chromium.org Review URL: https://codereview.chromium.org/172503002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19743 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/d8.gyp | 2 +- src/handles.cc | 8 +++--- src/isolate.h | 4 +++ src/objects.cc | 88 ++++++++++++++++++++++++++++++---------------------------- src/objects.h | 2 +- src/runtime.cc | 44 ++++++++++++++++------------- 6 files changed, 80 insertions(+), 68 deletions(-) diff --git a/src/d8.gyp b/src/d8.gyp index 98ec04f..0e51baa 100644 --- a/src/d8.gyp +++ b/src/d8.gyp @@ -31,7 +31,7 @@ 'console%': '', # Enable support for Intel VTune. Supported on ia32/x64 only 'v8_enable_vtunejit%': 0, - 'v8_enable_i18n_support%': 0, + 'v8_enable_i18n_support%': 1, 'v8_toolset_for_d8%': 'target', }, 'includes': ['../build/toolchain.gypi', '../build/features.gypi'], diff --git a/src/handles.cc b/src/handles.cc index 830eb09..47bab25 100644 --- a/src/handles.cc +++ b/src/handles.cc @@ -537,10 +537,10 @@ Handle GetKeysInFixedArrayFor(Handle object, // Check access rights if required. if (current->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(*current, - isolate->heap()->undefined_value(), - v8::ACCESS_KEYS)) { - isolate->ReportFailedAccessCheck(*current, v8::ACCESS_KEYS); + !isolate->MayNamedAccessWrapper(current, + isolate->factory()->undefined_value(), + v8::ACCESS_KEYS)) { + isolate->ReportFailedAccessCheckWrapper(current, v8::ACCESS_KEYS); if (isolate->has_scheduled_exception()) { isolate->PromoteScheduledException(); *threw = true; diff --git a/src/isolate.h b/src/isolate.h index 897197b..5dd0998 100644 --- a/src/isolate.h +++ b/src/isolate.h @@ -741,6 +741,10 @@ class Isolate { v8::AccessType type) { return MayIndexedAccess(*receiver, index, type); } + void ReportFailedAccessCheckWrapper(Handle receiver, + v8::AccessType type) { + ReportFailedAccessCheck(*receiver, type); + } bool MayNamedAccess(JSObject* receiver, Object* key, diff --git a/src/objects.cc b/src/objects.cc index 32b1d2c..fc12cf9 100644 --- a/src/objects.cc +++ b/src/objects.cc @@ -615,7 +615,7 @@ Handle JSObject::GetPropertyWithFailedAccessCheck( // No accessible property found. *attributes = ABSENT; - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_GET); + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_GET); RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); return isolate->factory()->undefined_value(); } @@ -3381,6 +3381,7 @@ MaybeObject* Map::AsElementsKind(ElementsKind kind) { void JSObject::LocalLookupRealNamedProperty(Name* name, LookupResult* result) { + DisallowHeapAllocation no_gc; if (IsJSGlobalProxy()) { Object* proto = GetPrototype(); if (proto->IsNull()) return result->NotFound(); @@ -3516,7 +3517,7 @@ Handle JSObject::SetPropertyWithFailedAccessCheck( } Isolate* isolate = object->GetIsolate(); - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_SET); + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_SET); RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); return value; } @@ -4046,7 +4047,7 @@ Handle JSObject::SetPropertyForResult(Handle object, // Check access rights if needed. if (object->IsAccessCheckNeeded()) { - if (!isolate->MayNamedAccess(*object, *name, v8::ACCESS_SET)) { + if (!isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)) { return SetPropertyWithFailedAccessCheck(object, lookup, name, value, true, strict_mode); } @@ -4180,7 +4181,7 @@ Handle JSObject::SetLocalPropertyIgnoreAttributes( // Check access rights if needed. if (object->IsAccessCheckNeeded()) { - if (!isolate->MayNamedAccess(*object, *name, v8::ACCESS_SET)) { + if (!isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)) { return SetPropertyWithFailedAccessCheck(object, &lookup, name, value, false, kNonStrictMode); } @@ -5164,8 +5165,8 @@ Handle JSObject::DeleteElement(Handle object, // Check access rights if needed. if (object->IsAccessCheckNeeded() && - !isolate->MayIndexedAccess(*object, index, v8::ACCESS_DELETE)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_DELETE); + !isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_DELETE)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_DELETE); RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); return factory->false_value(); } @@ -5228,8 +5229,8 @@ Handle JSObject::DeleteProperty(Handle object, // Check access rights if needed. if (object->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(*object, *name, v8::ACCESS_DELETE)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_DELETE); + !isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_DELETE)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_DELETE); RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); return isolate->factory()->false_value(); } @@ -5458,10 +5459,10 @@ Handle JSObject::PreventExtensions(Handle object) { if (!object->map()->is_extensible()) return object; if (object->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(*object, - isolate->heap()->undefined_value(), - v8::ACCESS_KEYS)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_KEYS); + !isolate->MayNamedAccessWrapper(object, + isolate->factory()->undefined_value(), + v8::ACCESS_KEYS)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_KEYS); RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); return isolate->factory()->false_value(); } @@ -5538,10 +5539,10 @@ Handle JSObject::Freeze(Handle object) { Isolate* isolate = object->GetIsolate(); if (object->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(*object, - isolate->heap()->undefined_value(), - v8::ACCESS_KEYS)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_KEYS); + !isolate->MayNamedAccessWrapper(object, + isolate->factory()->undefined_value(), + v8::ACCESS_KEYS)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_KEYS); RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); return isolate->factory()->false_value(); } @@ -6201,9 +6202,10 @@ void JSObject::DefinePropertyAccessor(Handle object, } -bool JSObject::CanSetCallback(Name* name) { - ASSERT(!IsAccessCheckNeeded() || - GetIsolate()->MayNamedAccess(this, name, v8::ACCESS_SET)); +bool JSObject::CanSetCallback(Handle object, Handle name) { + Isolate* isolate = object->GetIsolate(); + ASSERT(!object->IsAccessCheckNeeded() || + isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)); // Check if there is an API defined callback object which prohibits // callback overwriting in this object or its prototype chain. @@ -6211,15 +6213,15 @@ bool JSObject::CanSetCallback(Name* name) { // certain accessors such as window.location should not be allowed // to be overwritten because allowing overwriting could potentially // cause security problems. - LookupResult callback_result(GetIsolate()); - LookupCallbackProperty(name, &callback_result); + LookupResult callback_result(isolate); + object->LookupCallbackProperty(*name, &callback_result); if (callback_result.IsFound()) { - Object* obj = callback_result.GetCallbackObject(); - if (obj->IsAccessorInfo()) { - return !AccessorInfo::cast(obj)->prohibits_overwriting(); + Object* callback_obj = callback_result.GetCallbackObject(); + if (callback_obj->IsAccessorInfo()) { + return !AccessorInfo::cast(callback_obj)->prohibits_overwriting(); } - if (obj->IsAccessorPair()) { - return !AccessorPair::cast(obj)->prohibits_overwriting(); + if (callback_obj->IsAccessorPair()) { + return !AccessorPair::cast(callback_obj)->prohibits_overwriting(); } } return true; @@ -6326,8 +6328,8 @@ void JSObject::DefineAccessor(Handle object, Isolate* isolate = object->GetIsolate(); // Check access rights if needed. if (object->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(*object, *name, v8::ACCESS_SET)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_SET); + !isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_SET); return; } @@ -6351,7 +6353,7 @@ void JSObject::DefineAccessor(Handle object, // Try to flatten before operating on the string. if (name->IsString()) String::cast(*name)->TryFlatten(); - if (!object->CanSetCallback(*name)) return; + if (!JSObject::CanSetCallback(object, name)) return; uint32_t index = 0; bool is_element = name->AsArrayIndex(&index); @@ -6518,8 +6520,8 @@ Handle JSObject::SetAccessor(Handle object, // Check access rights if needed. if (object->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(*object, *name, v8::ACCESS_SET)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_SET); + !isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_SET); RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); return factory->undefined_value(); } @@ -6538,7 +6540,9 @@ Handle JSObject::SetAccessor(Handle object, // Try to flatten before operating on the string. if (name->IsString()) FlattenString(Handle::cast(name)); - if (!object->CanSetCallback(*name)) return factory->undefined_value(); + if (!JSObject::CanSetCallback(object, name)) { + return factory->undefined_value(); + } uint32_t index = 0; bool is_element = name->AsArrayIndex(&index); @@ -6602,8 +6606,8 @@ Handle JSObject::GetAccessor(Handle object, // Check access rights if needed. if (object->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(*object, *name, v8::ACCESS_HAS)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_HAS); + !isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_HAS)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS); RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); return isolate->factory()->undefined_value(); } @@ -12514,8 +12518,8 @@ Handle JSObject::SetElement(Handle object, // Check access rights if needed. if (object->IsAccessCheckNeeded()) { - if (!isolate->MayIndexedAccess(*object, index, v8::ACCESS_SET)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_SET); + if (!isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_SET)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_SET); RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object); return value; } @@ -13343,8 +13347,8 @@ bool JSObject::HasRealNamedProperty(Handle object, SealHandleScope shs(isolate); // Check access rights if needed. if (object->IsAccessCheckNeeded()) { - if (!isolate->MayNamedAccess(*object, *key, v8::ACCESS_HAS)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_HAS); + if (!isolate->MayNamedAccessWrapper(object, key, v8::ACCESS_HAS)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS); return false; } } @@ -13360,8 +13364,8 @@ bool JSObject::HasRealElementProperty(Handle object, uint32_t index) { SealHandleScope shs(isolate); // Check access rights if needed. if (object->IsAccessCheckNeeded()) { - if (!isolate->MayIndexedAccess(*object, index, v8::ACCESS_HAS)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_HAS); + if (!isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_HAS)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS); return false; } } @@ -13385,8 +13389,8 @@ bool JSObject::HasRealNamedCallbackProperty(Handle object, SealHandleScope shs(isolate); // Check access rights if needed. if (object->IsAccessCheckNeeded()) { - if (!isolate->MayNamedAccess(*object, *key, v8::ACCESS_HAS)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_HAS); + if (!isolate->MayNamedAccessWrapper(object, key, v8::ACCESS_HAS)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS); return false; } } diff --git a/src/objects.h b/src/objects.h index 3274157..089d11d 100644 --- a/src/objects.h +++ b/src/objects.h @@ -2923,7 +2923,7 @@ class JSObject: public JSReceiver { // Gets the current elements capacity and the number of used elements. void GetElementsCapacityAndUsage(int* capacity, int* used); - bool CanSetCallback(Name* name); + static bool CanSetCallback(Handle object, Handle name); static void SetElementCallback(Handle object, uint32_t index, Handle structure, diff --git a/src/runtime.cc b/src/runtime.cc index c49d245..2b94158 100644 --- a/src/runtime.cc +++ b/src/runtime.cc @@ -1621,7 +1621,8 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_GetPrototype) { !isolate->MayNamedAccessWrapper(Handle::cast(obj), isolate->factory()->proto_string(), v8::ACCESS_GET)) { - isolate->ReportFailedAccessCheck(JSObject::cast(*obj), v8::ACCESS_GET); + isolate->ReportFailedAccessCheckWrapper(Handle::cast(obj), + v8::ACCESS_GET); RETURN_IF_SCHEDULED_EXCEPTION(isolate); return isolate->heap()->undefined_value(); } @@ -1747,7 +1748,7 @@ static AccessCheckResult CheckPropertyAccess(Handle obj, return ACCESS_ALLOWED; } - obj->GetIsolate()->ReportFailedAccessCheck(*obj, access_type); + obj->GetIsolate()->ReportFailedAccessCheckWrapper(obj, access_type); return ACCESS_FORBIDDEN; } @@ -1786,7 +1787,7 @@ static AccessCheckResult CheckPropertyAccess(Handle obj, break; } - isolate->ReportFailedAccessCheck(*obj, access_type); + isolate->ReportFailedAccessCheckWrapper(obj, access_type); return ACCESS_FORBIDDEN; } @@ -5743,10 +5744,10 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_GetLocalPropertyNames) { if (obj->IsJSGlobalProxy()) { // Only collect names if access is permitted. if (obj->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(*obj, - isolate->heap()->undefined_value(), - v8::ACCESS_KEYS)) { - isolate->ReportFailedAccessCheck(*obj, v8::ACCESS_KEYS); + !isolate->MayNamedAccessWrapper(obj, + isolate->factory()->undefined_value(), + v8::ACCESS_KEYS)) { + isolate->ReportFailedAccessCheckWrapper(obj, v8::ACCESS_KEYS); RETURN_IF_SCHEDULED_EXCEPTION(isolate); return *isolate->factory()->NewJSArray(0); } @@ -5763,10 +5764,10 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_GetLocalPropertyNames) { for (int i = 0; i < length; i++) { // Only collect names if access is permitted. if (jsproto->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(*jsproto, - isolate->heap()->undefined_value(), - v8::ACCESS_KEYS)) { - isolate->ReportFailedAccessCheck(*jsproto, v8::ACCESS_KEYS); + !isolate->MayNamedAccessWrapper(jsproto, + isolate->factory()->undefined_value(), + v8::ACCESS_KEYS)) { + isolate->ReportFailedAccessCheckWrapper(jsproto, v8::ACCESS_KEYS); RETURN_IF_SCHEDULED_EXCEPTION(isolate); return *isolate->factory()->NewJSArray(0); } @@ -5914,9 +5915,10 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_LocalKeys) { if (object->IsJSGlobalProxy()) { // Do access checks before going to the global object. if (object->IsAccessCheckNeeded() && - !isolate->MayNamedAccess(*object, isolate->heap()->undefined_value(), - v8::ACCESS_KEYS)) { - isolate->ReportFailedAccessCheck(*object, v8::ACCESS_KEYS); + !isolate->MayNamedAccessWrapper(object, + isolate->factory()->undefined_value(), + v8::ACCESS_KEYS)) { + isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_KEYS); RETURN_IF_SCHEDULED_EXCEPTION(isolate); return *isolate->factory()->NewJSArray(0); } @@ -14718,8 +14720,9 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_IsAccessAllowedForObserver) { Handle key = args.at(2); SaveContext save(isolate); isolate->set_context(observer->context()); - if (!isolate->MayNamedAccess(*object, isolate->heap()->undefined_value(), - v8::ACCESS_KEYS)) { + if (!isolate->MayNamedAccessWrapper(object, + isolate->factory()->undefined_value(), + v8::ACCESS_KEYS)) { return isolate->heap()->false_value(); } bool access_allowed = false; @@ -14727,11 +14730,12 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_IsAccessAllowedForObserver) { if (key->ToArrayIndex(&index) || (key->IsString() && String::cast(*key)->AsArrayIndex(&index))) { access_allowed = - isolate->MayIndexedAccess(*object, index, v8::ACCESS_GET) && - isolate->MayIndexedAccess(*object, index, v8::ACCESS_HAS); + isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_GET) && + isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_HAS); } else { - access_allowed = isolate->MayNamedAccess(*object, *key, v8::ACCESS_GET) && - isolate->MayNamedAccess(*object, *key, v8::ACCESS_HAS); + access_allowed = + isolate->MayNamedAccessWrapper(object, key, v8::ACCESS_GET) && + isolate->MayNamedAccessWrapper(object, key, v8::ACCESS_HAS); } return isolate->heap()->ToBoolean(access_allowed); } -- 2.7.4