AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Handlify JSObject::CanSetCallback.

Browse Source 
Also use temporary wrapper functions where possible to mark progress.

R=ishell@chromium.org

Review URL: https://codereview.chromium.org/172503002

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19743 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This commit is contained in:
yangguo@chromium.org 2014-03-10 08:28:59 +00:00
parent 4826aa7af2
commit 469428e610
6 changed files with 80 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/d8.gyp
View File

@ -31,7 +31,7 @@
'console%': '',
# Enable support for Intel VTune. Supported on ia32/x64 only
'v8_enable_vtunejit%': 0,
'v8_enable_i18n_support%': 0,
'v8_enable_i18n_support%': 1,
'v8_toolset_for_d8%': 'target',
},
'includes': ['../build/toolchain.gypi', '../build/features.gypi'],

8
src/handles.cc
View File

@ -537,10 +537,10 @@ Handle<FixedArray> GetKeysInFixedArrayFor(Handle<JSReceiver> object,
// Check access rights if required.
if (current->IsAccessCheckNeeded() &&
!isolate->MayNamedAccess(*current,
isolate->heap()->undefined_value(),
v8::ACCESS_KEYS)) {
isolate->ReportFailedAccessCheck(*current, v8::ACCESS_KEYS);
!isolate->MayNamedAccessWrapper(current,
isolate->factory()->undefined_value(),
v8::ACCESS_KEYS)) {
isolate->ReportFailedAccessCheckWrapper(current, v8::ACCESS_KEYS);
if (isolate->has_scheduled_exception()) {
isolate->PromoteScheduledException();
*threw = true;

4
src/isolate.h
View File

@ -741,6 +741,10 @@ class Isolate {
v8::AccessType type) {
return MayIndexedAccess(*receiver, index, type);
}
void ReportFailedAccessCheckWrapper(Handle<JSObject> receiver,
v8::AccessType type) {
ReportFailedAccessCheck(*receiver, type);
}
bool MayNamedAccess(JSObject* receiver,
Object* key,

88
src/objects.cc
View File

@ -615,7 +615,7 @@ Handle<Object> JSObject::GetPropertyWithFailedAccessCheck(
// No accessible property found.
*attributes = ABSENT;
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_GET);
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_GET);
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
return isolate->factory()->undefined_value();
}
@ -3381,6 +3381,7 @@ MaybeObject* Map::AsElementsKind(ElementsKind kind) {
void JSObject::LocalLookupRealNamedProperty(Name* name, LookupResult* result) {
DisallowHeapAllocation no_gc;
if (IsJSGlobalProxy()) {
Object* proto = GetPrototype();
if (proto->IsNull()) return result->NotFound();
@ -3516,7 +3517,7 @@ Handle<Object> JSObject::SetPropertyWithFailedAccessCheck(
}
Isolate* isolate = object->GetIsolate();
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_SET);
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_SET);
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
return value;
}
@ -4046,7 +4047,7 @@ Handle<Object> JSObject::SetPropertyForResult(Handle<JSObject> object,
// Check access rights if needed.
if (object->IsAccessCheckNeeded()) {
if (!isolate->MayNamedAccess(*object, *name, v8::ACCESS_SET)) {
if (!isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)) {
return SetPropertyWithFailedAccessCheck(object, lookup, name, value,
true, strict_mode);
}
@ -4180,7 +4181,7 @@ Handle<Object> JSObject::SetLocalPropertyIgnoreAttributes(
// Check access rights if needed.
if (object->IsAccessCheckNeeded()) {
if (!isolate->MayNamedAccess(*object, *name, v8::ACCESS_SET)) {
if (!isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)) {
return SetPropertyWithFailedAccessCheck(object, &lookup, name, value,
false, kNonStrictMode);
}
@ -5164,8 +5165,8 @@ Handle<Object> JSObject::DeleteElement(Handle<JSObject> object,
// Check access rights if needed.
if (object->IsAccessCheckNeeded() &&
!isolate->MayIndexedAccess(*object, index, v8::ACCESS_DELETE)) {
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_DELETE);
!isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_DELETE)) {
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_DELETE);
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
return factory->false_value();
}
@ -5228,8 +5229,8 @@ Handle<Object> JSObject::DeleteProperty(Handle<JSObject> object,
// Check access rights if needed.
if (object->IsAccessCheckNeeded() &&
!isolate->MayNamedAccess(*object, *name, v8::ACCESS_DELETE)) {
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_DELETE);
!isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_DELETE)) {
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_DELETE);
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
return isolate->factory()->false_value();
}
@ -5458,10 +5459,10 @@ Handle<Object> JSObject::PreventExtensions(Handle<JSObject> object) {
if (!object->map()->is_extensible()) return object;
if (object->IsAccessCheckNeeded() &&
!isolate->MayNamedAccess(*object,
isolate->heap()->undefined_value(),
v8::ACCESS_KEYS)) {
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_KEYS);
!isolate->MayNamedAccessWrapper(object,
isolate->factory()->undefined_value(),
v8::ACCESS_KEYS)) {
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_KEYS);
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
return isolate->factory()->false_value();
}
@ -5538,10 +5539,10 @@ Handle<Object> JSObject::Freeze(Handle<JSObject> object) {
Isolate* isolate = object->GetIsolate();
if (object->IsAccessCheckNeeded() &&
!isolate->MayNamedAccess(*object,
isolate->heap()->undefined_value(),
v8::ACCESS_KEYS)) {
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_KEYS);
!isolate->MayNamedAccessWrapper(object,
isolate->factory()->undefined_value(),
v8::ACCESS_KEYS)) {
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_KEYS);
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
return isolate->factory()->false_value();
}
@ -6201,9 +6202,10 @@ void JSObject::DefinePropertyAccessor(Handle<JSObject> object,
}
bool JSObject::CanSetCallback(Name* name) {
ASSERT(!IsAccessCheckNeeded() ||
GetIsolate()->MayNamedAccess(this, name, v8::ACCESS_SET));
bool JSObject::CanSetCallback(Handle<JSObject> object, Handle<Name> name) {
Isolate* isolate = object->GetIsolate();
ASSERT(!object->IsAccessCheckNeeded() ||
isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET));
// Check if there is an API defined callback object which prohibits
// callback overwriting in this object or its prototype chain.
@ -6211,15 +6213,15 @@ bool JSObject::CanSetCallback(Name* name) {
// certain accessors such as window.location should not be allowed
// to be overwritten because allowing overwriting could potentially
// cause security problems.
LookupResult callback_result(GetIsolate());
LookupCallbackProperty(name, &callback_result);
LookupResult callback_result(isolate);
object->LookupCallbackProperty(*name, &callback_result);
if (callback_result.IsFound()) {
Object* obj = callback_result.GetCallbackObject();
if (obj->IsAccessorInfo()) {
return !AccessorInfo::cast(obj)->prohibits_overwriting();
Object* callback_obj = callback_result.GetCallbackObject();
if (callback_obj->IsAccessorInfo()) {
return !AccessorInfo::cast(callback_obj)->prohibits_overwriting();
}
if (obj->IsAccessorPair()) {
return !AccessorPair::cast(obj)->prohibits_overwriting();
if (callback_obj->IsAccessorPair()) {
return !AccessorPair::cast(callback_obj)->prohibits_overwriting();
}
}
return true;
@ -6326,8 +6328,8 @@ void JSObject::DefineAccessor(Handle<JSObject> object,
Isolate* isolate = object->GetIsolate();
// Check access rights if needed.
if (object->IsAccessCheckNeeded() &&
!isolate->MayNamedAccess(*object, *name, v8::ACCESS_SET)) {
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_SET);
!isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)) {
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_SET);
return;
}
@ -6351,7 +6353,7 @@ void JSObject::DefineAccessor(Handle<JSObject> object,
// Try to flatten before operating on the string.
if (name->IsString()) String::cast(*name)->TryFlatten();
if (!object->CanSetCallback(*name)) return;
if (!JSObject::CanSetCallback(object, name)) return;
uint32_t index = 0;
bool is_element = name->AsArrayIndex(&index);
@ -6518,8 +6520,8 @@ Handle<Object> JSObject::SetAccessor(Handle<JSObject> object,
// Check access rights if needed.
if (object->IsAccessCheckNeeded() &&
!isolate->MayNamedAccess(*object, *name, v8::ACCESS_SET)) {
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_SET);
!isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)) {
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_SET);
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
return factory->undefined_value();
}
@ -6538,7 +6540,9 @@ Handle<Object> JSObject::SetAccessor(Handle<JSObject> object,
// Try to flatten before operating on the string.
if (name->IsString()) FlattenString(Handle<String>::cast(name));
if (!object->CanSetCallback(*name)) return factory->undefined_value();
if (!JSObject::CanSetCallback(object, name)) {
return factory->undefined_value();
}
uint32_t index = 0;
bool is_element = name->AsArrayIndex(&index);
@ -6602,8 +6606,8 @@ Handle<Object> JSObject::GetAccessor(Handle<JSObject> object,
// Check access rights if needed.
if (object->IsAccessCheckNeeded() &&
!isolate->MayNamedAccess(*object, *name, v8::ACCESS_HAS)) {
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_HAS);
!isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_HAS)) {
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS);
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
return isolate->factory()->undefined_value();
}
@ -12514,8 +12518,8 @@ Handle<Object> JSObject::SetElement(Handle<JSObject> object,
// Check access rights if needed.
if (object->IsAccessCheckNeeded()) {
if (!isolate->MayIndexedAccess(*object, index, v8::ACCESS_SET)) {
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_SET);
if (!isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_SET)) {
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_SET);
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
return value;
}
@ -13343,8 +13347,8 @@ bool JSObject::HasRealNamedProperty(Handle<JSObject> object,
SealHandleScope shs(isolate);
// Check access rights if needed.
if (object->IsAccessCheckNeeded()) {
if (!isolate->MayNamedAccess(*object, *key, v8::ACCESS_HAS)) {
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_HAS);
if (!isolate->MayNamedAccessWrapper(object, key, v8::ACCESS_HAS)) {
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS);
return false;
}
}
@ -13360,8 +13364,8 @@ bool JSObject::HasRealElementProperty(Handle<JSObject> object, uint32_t index) {
SealHandleScope shs(isolate);
// Check access rights if needed.
if (object->IsAccessCheckNeeded()) {
if (!isolate->MayIndexedAccess(*object, index, v8::ACCESS_HAS)) {
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_HAS);
if (!isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_HAS)) {
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS);
return false;
}
}
@ -13385,8 +13389,8 @@ bool JSObject::HasRealNamedCallbackProperty(Handle<JSObject> object,
SealHandleScope shs(isolate);
// Check access rights if needed.
if (object->IsAccessCheckNeeded()) {
if (!isolate->MayNamedAccess(*object, *key, v8::ACCESS_HAS)) {
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_HAS);
if (!isolate->MayNamedAccessWrapper(object, key, v8::ACCESS_HAS)) {
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS);
return false;
}
}

2
src/objects.h
View File

@ -2923,7 +2923,7 @@ class JSObject: public JSReceiver {
// Gets the current elements capacity and the number of used elements.
void GetElementsCapacityAndUsage(int* capacity, int* used);
bool CanSetCallback(Name* name);
static bool CanSetCallback(Handle<JSObject> object, Handle<Name> name);
static void SetElementCallback(Handle<JSObject> object,
uint32_t index,
Handle<Object> structure,

44
src/runtime.cc
View File

@ -1621,7 +1621,8 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_GetPrototype) {
!isolate->MayNamedAccessWrapper(Handle<JSObject>::cast(obj),
isolate->factory()->proto_string(),
v8::ACCESS_GET)) {
isolate->ReportFailedAccessCheck(JSObject::cast(*obj), v8::ACCESS_GET);
isolate->ReportFailedAccessCheckWrapper(Handle<JSObject>::cast(obj),
v8::ACCESS_GET);
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
return isolate->heap()->undefined_value();
}
@ -1747,7 +1748,7 @@ static AccessCheckResult CheckPropertyAccess(Handle<JSObject> obj,
return ACCESS_ALLOWED;
}
obj->GetIsolate()->ReportFailedAccessCheck(*obj, access_type);
obj->GetIsolate()->ReportFailedAccessCheckWrapper(obj, access_type);
return ACCESS_FORBIDDEN;
}
@ -1786,7 +1787,7 @@ static AccessCheckResult CheckPropertyAccess(Handle<JSObject> obj,
break;
}
isolate->ReportFailedAccessCheck(*obj, access_type);
isolate->ReportFailedAccessCheckWrapper(obj, access_type);
return ACCESS_FORBIDDEN;
}
@ -5743,10 +5744,10 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_GetLocalPropertyNames) {
if (obj->IsJSGlobalProxy()) {
// Only collect names if access is permitted.
if (obj->IsAccessCheckNeeded() &&
!isolate->MayNamedAccess(*obj,
isolate->heap()->undefined_value(),
v8::ACCESS_KEYS)) {
isolate->ReportFailedAccessCheck(*obj, v8::ACCESS_KEYS);
!isolate->MayNamedAccessWrapper(obj,
isolate->factory()->undefined_value(),
v8::ACCESS_KEYS)) {
isolate->ReportFailedAccessCheckWrapper(obj, v8::ACCESS_KEYS);
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
return *isolate->factory()->NewJSArray(0);
}
@ -5763,10 +5764,10 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_GetLocalPropertyNames) {
for (int i = 0; i < length; i++) {
// Only collect names if access is permitted.
if (jsproto->IsAccessCheckNeeded() &&
!isolate->MayNamedAccess(*jsproto,
isolate->heap()->undefined_value(),
v8::ACCESS_KEYS)) {
isolate->ReportFailedAccessCheck(*jsproto, v8::ACCESS_KEYS);
!isolate->MayNamedAccessWrapper(jsproto,
isolate->factory()->undefined_value(),
v8::ACCESS_KEYS)) {
isolate->ReportFailedAccessCheckWrapper(jsproto, v8::ACCESS_KEYS);
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
return *isolate->factory()->NewJSArray(0);
}
@ -5914,9 +5915,10 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_LocalKeys) {
if (object->IsJSGlobalProxy()) {
// Do access checks before going to the global object.
if (object->IsAccessCheckNeeded() &&
!isolate->MayNamedAccess(*object, isolate->heap()->undefined_value(),
v8::ACCESS_KEYS)) {
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_KEYS);
!isolate->MayNamedAccessWrapper(object,
isolate->factory()->undefined_value(),
v8::ACCESS_KEYS)) {
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_KEYS);
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
return *isolate->factory()->NewJSArray(0);
}
@ -14718,8 +14720,9 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_IsAccessAllowedForObserver) {
Handle<Object> key = args.at<Object>(2);
SaveContext save(isolate);
isolate->set_context(observer->context());
if (!isolate->MayNamedAccess(*object, isolate->heap()->undefined_value(),
v8::ACCESS_KEYS)) {
if (!isolate->MayNamedAccessWrapper(object,
isolate->factory()->undefined_value(),
v8::ACCESS_KEYS)) {
return isolate->heap()->false_value();
}
bool access_allowed = false;
@ -14727,11 +14730,12 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_IsAccessAllowedForObserver) {
if (key->ToArrayIndex(&index) ||
(key->IsString() && String::cast(*key)->AsArrayIndex(&index))) {
access_allowed =
isolate->MayIndexedAccess(*object, index, v8::ACCESS_GET) &&
isolate->MayIndexedAccess(*object, index, v8::ACCESS_HAS);
isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_GET) &&
isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_HAS);
} else {
access_allowed = isolate->MayNamedAccess(*object, *key, v8::ACCESS_GET) &&
isolate->MayNamedAccess(*object, *key, v8::ACCESS_HAS);
access_allowed =
isolate->MayNamedAccessWrapper(object, key, v8::ACCESS_GET) &&
isolate->MayNamedAccessWrapper(object, key, v8::ACCESS_HAS);
}
return isolate->heap()->ToBoolean(access_allowed);
}