From 52180d383dc8e1df4210f7fc2bd20eeed2589348 Mon Sep 17 00:00:00 2001 From: Shu-yu Guo Date: Fri, 4 Feb 2022 13:31:21 -0800 Subject: [PATCH] Plumb Isolate through ToPrimitive and friends Currently the Isolate is gotten off of the object that the operation is being performed on. Shared objects return the shared Isolate, which is incorrect as it shouldn't be used to run JS, nor does it have HandleScopes open. Plumb the executing Isolate through. Bug: v8:12547 Change-Id: I7524a956876a0ff2d362c1ad6ec3ae044445215f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3441023 Reviewed-by: Adam Klein Commit-Queue: Shu-yu Guo Cr-Commit-Position: refs/heads/main@{#78962} --- src/builtins/builtins-bigint.cc | 2 +- src/builtins/builtins-date.cc | 4 ++-- src/objects/bigint.cc | 2 +- src/objects/intl-objects.cc | 2 +- src/objects/js-objects.cc | 15 ++++++++------- src/objects/js-objects.h | 5 +++-- src/objects/objects-inl.h | 5 +++-- src/objects/objects.cc | 30 ++++++++++++++++-------------- src/objects/objects.h | 3 ++- 9 files changed, 37 insertions(+), 31 deletions(-) diff --git a/src/builtins/builtins-bigint.cc b/src/builtins/builtins-bigint.cc index 2cb74aa399..ed95a31e99 100644 --- a/src/builtins/builtins-bigint.cc +++ b/src/builtins/builtins-bigint.cc @@ -27,7 +27,7 @@ BUILTIN(BigIntConstructor) { if (value->IsJSReceiver()) { ASSIGN_RETURN_FAILURE_ON_EXCEPTION( isolate, value, - JSReceiver::ToPrimitive(Handle::cast(value), + JSReceiver::ToPrimitive(isolate, Handle::cast(value), ToPrimitiveHint::kNumber)); } diff --git a/src/builtins/builtins-date.cc b/src/builtins/builtins-date.cc index c1264891f6..c4e81c71fd 100644 --- a/src/builtins/builtins-date.cc +++ b/src/builtins/builtins-date.cc @@ -145,7 +145,7 @@ BUILTIN(DateConstructor) { time_val = Handle::cast(value)->value().Number(); } else { ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, value, - Object::ToPrimitive(value)); + Object::ToPrimitive(isolate, value)); if (value->IsString()) { time_val = ParseDateTimeString(isolate, Handle::cast(value)); } else { @@ -910,7 +910,7 @@ BUILTIN(DatePrototypeToJson) { Handle primitive; ASSIGN_RETURN_FAILURE_ON_EXCEPTION( isolate, primitive, - Object::ToPrimitive(receiver_obj, ToPrimitiveHint::kNumber)); + Object::ToPrimitive(isolate, receiver_obj, ToPrimitiveHint::kNumber)); if (primitive->IsNumber() && !std::isfinite(primitive->Number())) { return ReadOnlyRoots(isolate).null_value(); } else { diff --git a/src/objects/bigint.cc b/src/objects/bigint.cc index aa9ff9d30b..869f0edaf6 100644 --- a/src/objects/bigint.cc +++ b/src/objects/bigint.cc @@ -1034,7 +1034,7 @@ MaybeHandle BigInt::FromObject(Isolate* isolate, Handle obj) { if (obj->IsJSReceiver()) { ASSIGN_RETURN_ON_EXCEPTION( isolate, obj, - JSReceiver::ToPrimitive(Handle::cast(obj), + JSReceiver::ToPrimitive(isolate, Handle::cast(obj), ToPrimitiveHint::kNumber), BigInt); } diff --git a/src/objects/intl-objects.cc b/src/objects/intl-objects.cc index 0f10e000e7..a868015c19 100644 --- a/src/objects/intl-objects.cc +++ b/src/objects/intl-objects.cc @@ -2912,7 +2912,7 @@ MaybeHandle Intl::ToIntlMathematicalValueAsNumberBigIntOrString( } ASSIGN_RETURN_ON_EXCEPTION( isolate, input, - JSReceiver::ToPrimitive(Handle::cast(input), + JSReceiver::ToPrimitive(isolate, Handle::cast(input), ToPrimitiveHint::kNumber), Object); return input; diff --git a/src/objects/js-objects.cc b/src/objects/js-objects.cc index f80ec49d8d..56161b9ebf 100644 --- a/src/objects/js-objects.cc +++ b/src/objects/js-objects.cc @@ -1921,9 +1921,9 @@ Maybe JSReceiver::IsExtensible(Handle object) { } // static -MaybeHandle JSReceiver::ToPrimitive(Handle receiver, +MaybeHandle JSReceiver::ToPrimitive(Isolate* isolate, + Handle receiver, ToPrimitiveHint hint) { - Isolate* const isolate = receiver->GetIsolate(); Handle exotic_to_prim; ASSIGN_RETURN_ON_EXCEPTION( isolate, exotic_to_prim, @@ -1942,15 +1942,16 @@ MaybeHandle JSReceiver::ToPrimitive(Handle receiver, NewTypeError(MessageTemplate::kCannotConvertToPrimitive), Object); } - return OrdinaryToPrimitive(receiver, (hint == ToPrimitiveHint::kString) - ? OrdinaryToPrimitiveHint::kString - : OrdinaryToPrimitiveHint::kNumber); + return OrdinaryToPrimitive(isolate, receiver, + (hint == ToPrimitiveHint::kString) + ? OrdinaryToPrimitiveHint::kString + : OrdinaryToPrimitiveHint::kNumber); } // static MaybeHandle JSReceiver::OrdinaryToPrimitive( - Handle receiver, OrdinaryToPrimitiveHint hint) { - Isolate* const isolate = receiver->GetIsolate(); + Isolate* isolate, Handle receiver, + OrdinaryToPrimitiveHint hint) { Handle method_names[2]; switch (hint) { case OrdinaryToPrimitiveHint::kNumber: diff --git a/src/objects/js-objects.h b/src/objects/js-objects.h index 7f7c126a9a..6217e32ad4 100644 --- a/src/objects/js-objects.h +++ b/src/objects/js-objects.h @@ -86,12 +86,13 @@ class JSReceiver : public TorqueGeneratedJSReceiver { // ES6 section 7.1.1 ToPrimitive V8_WARN_UNUSED_RESULT static MaybeHandle ToPrimitive( - Handle receiver, + Isolate* isolate, Handle receiver, ToPrimitiveHint hint = ToPrimitiveHint::kDefault); // ES6 section 7.1.1.1 OrdinaryToPrimitive V8_WARN_UNUSED_RESULT static MaybeHandle OrdinaryToPrimitive( - Handle receiver, OrdinaryToPrimitiveHint hint); + Isolate* isolate, Handle receiver, + OrdinaryToPrimitiveHint hint); static MaybeHandle GetFunctionRealm( Handle receiver); diff --git a/src/objects/objects-inl.h b/src/objects/objects-inl.h index 8996ffb96b..572792ad75 100644 --- a/src/objects/objects-inl.h +++ b/src/objects/objects-inl.h @@ -563,10 +563,11 @@ MaybeHandle Object::ToPropertyKey(Isolate* isolate, } // static -MaybeHandle Object::ToPrimitive(Handle input, +MaybeHandle Object::ToPrimitive(Isolate* isolate, Handle input, ToPrimitiveHint hint) { if (input->IsPrimitive()) return input; - return JSReceiver::ToPrimitive(Handle::cast(input), hint); + return JSReceiver::ToPrimitive(isolate, Handle::cast(input), + hint); } // static diff --git a/src/objects/objects.cc b/src/objects/objects.cc index 1613051106..256c99c68d 100644 --- a/src/objects/objects.cc +++ b/src/objects/objects.cc @@ -322,7 +322,7 @@ MaybeHandle Object::ConvertToNumberOrNumeric(Isolate* isolate, } ASSIGN_RETURN_ON_EXCEPTION( isolate, input, - JSReceiver::ToPrimitive(Handle::cast(input), + JSReceiver::ToPrimitive(isolate, Handle::cast(input), ToPrimitiveHint::kNumber), Object); } @@ -362,8 +362,8 @@ MaybeHandle Object::ConvertToUint32(Isolate* isolate, MaybeHandle Object::ConvertToName(Isolate* isolate, Handle input) { ASSIGN_RETURN_ON_EXCEPTION( - isolate, input, Object::ToPrimitive(input, ToPrimitiveHint::kString), - Name); + isolate, input, + Object::ToPrimitive(isolate, input, ToPrimitiveHint::kString), Name); if (input->IsName()) return Handle::cast(input); return ToString(isolate, input); } @@ -374,7 +374,7 @@ MaybeHandle Object::ConvertToPropertyKey(Isolate* isolate, Handle value) { // 1. Let key be ToPrimitive(argument, hint String). MaybeHandle maybe_key = - Object::ToPrimitive(value, ToPrimitiveHint::kString); + Object::ToPrimitive(isolate, value, ToPrimitiveHint::kString); // 2. ReturnIfAbrupt(key). Handle key; if (!maybe_key.ToHandle(&key)) return key; @@ -412,7 +412,7 @@ MaybeHandle Object::ConvertToString(Isolate* isolate, } ASSIGN_RETURN_ON_EXCEPTION( isolate, input, - JSReceiver::ToPrimitive(Handle::cast(input), + JSReceiver::ToPrimitive(isolate, Handle::cast(input), ToPrimitiveHint::kString), String); // The previous isString() check happened in Object::ToString and thus we @@ -708,8 +708,8 @@ ComparisonResult Reverse(ComparisonResult result) { Maybe Object::Compare(Isolate* isolate, Handle x, Handle y) { // ES6 section 7.2.11 Abstract Relational Comparison step 3 and 4. - if (!Object::ToPrimitive(x, ToPrimitiveHint::kNumber).ToHandle(&x) || - !Object::ToPrimitive(y, ToPrimitiveHint::kNumber).ToHandle(&y)) { + if (!Object::ToPrimitive(isolate, x, ToPrimitiveHint::kNumber).ToHandle(&x) || + !Object::ToPrimitive(isolate, y, ToPrimitiveHint::kNumber).ToHandle(&y)) { return Nothing(); } if (x->IsString() && y->IsString()) { @@ -769,7 +769,7 @@ Maybe Object::Equals(Isolate* isolate, Handle x, } else if (y->IsBigInt()) { return Just(BigInt::EqualToNumber(Handle::cast(y), x)); } else if (y->IsJSReceiver()) { - if (!JSReceiver::ToPrimitive(Handle::cast(y)) + if (!JSReceiver::ToPrimitive(isolate, Handle::cast(y)) .ToHandle(&y)) { return Nothing(); } @@ -791,7 +791,7 @@ Maybe Object::Equals(Isolate* isolate, Handle x, return BigInt::EqualToString(isolate, Handle::cast(y), Handle::cast(x)); } else if (y->IsJSReceiver()) { - if (!JSReceiver::ToPrimitive(Handle::cast(y)) + if (!JSReceiver::ToPrimitive(isolate, Handle::cast(y)) .ToHandle(&y)) { return Nothing(); } @@ -812,7 +812,7 @@ Maybe Object::Equals(Isolate* isolate, Handle x, x = Oddball::ToNumber(isolate, Handle::cast(x)); return Just(BigInt::EqualToNumber(Handle::cast(y), x)); } else if (y->IsJSReceiver()) { - if (!JSReceiver::ToPrimitive(Handle::cast(y)) + if (!JSReceiver::ToPrimitive(isolate, Handle::cast(y)) .ToHandle(&y)) { return Nothing(); } @@ -824,7 +824,7 @@ Maybe Object::Equals(Isolate* isolate, Handle x, if (y->IsSymbol()) { return Just(x.is_identical_to(y)); } else if (y->IsJSReceiver()) { - if (!JSReceiver::ToPrimitive(Handle::cast(y)) + if (!JSReceiver::ToPrimitive(isolate, Handle::cast(y)) .ToHandle(&y)) { return Nothing(); } @@ -843,7 +843,7 @@ Maybe Object::Equals(Isolate* isolate, Handle x, return Just(x->IsUndetectable()); } else if (y->IsBoolean()) { y = Oddball::ToNumber(isolate, Handle::cast(y)); - } else if (!JSReceiver::ToPrimitive(Handle::cast(x)) + } else if (!JSReceiver::ToPrimitive(isolate, Handle::cast(x)) .ToHandle(&x)) { return Nothing(); } @@ -891,8 +891,10 @@ MaybeHandle Object::Add(Isolate* isolate, Handle lhs, return isolate->factory()->NewConsString(Handle::cast(lhs), Handle::cast(rhs)); } - ASSIGN_RETURN_ON_EXCEPTION(isolate, lhs, Object::ToPrimitive(lhs), Object); - ASSIGN_RETURN_ON_EXCEPTION(isolate, rhs, Object::ToPrimitive(rhs), Object); + ASSIGN_RETURN_ON_EXCEPTION(isolate, lhs, Object::ToPrimitive(isolate, lhs), + Object); + ASSIGN_RETURN_ON_EXCEPTION(isolate, rhs, Object::ToPrimitive(isolate, rhs), + Object); if (lhs->IsString() || rhs->IsString()) { ASSIGN_RETURN_ON_EXCEPTION(isolate, rhs, Object::ToString(isolate, rhs), Object); diff --git a/src/objects/objects.h b/src/objects/objects.h index 53f18bff80..1b925548f9 100644 --- a/src/objects/objects.h +++ b/src/objects/objects.h @@ -408,7 +408,8 @@ class Object : public TaggedImpl { // ES6 section 7.1.1 ToPrimitive V8_WARN_UNUSED_RESULT static inline MaybeHandle ToPrimitive( - Handle input, ToPrimitiveHint hint = ToPrimitiveHint::kDefault); + Isolate* isolate, Handle input, + ToPrimitiveHint hint = ToPrimitiveHint::kDefault); // ES6 section 7.1.3 ToNumber V8_WARN_UNUSED_RESULT static inline MaybeHandle ToNumber(