AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Plumb Isolate through ToPrimitive and friends

Browse Source 
Currently the Isolate is gotten off of the object that the operation is
being performed on. Shared objects return the shared Isolate, which is
incorrect as it shouldn't be used to run JS, nor does it have
HandleScopes open. Plumb the executing Isolate through.

Bug: v8:12547
Change-Id: I7524a956876a0ff2d362c1ad6ec3ae044445215f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3441023
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78962}
This commit is contained in:
Shu-yu Guo 2022-02-04 13:31:21 -08:00 committed by V8 LUCI CQ
parent 33457e544a
commit 52180d383d
9 changed files with 37 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/builtins/builtins-bigint.cc
View File

@ -27,7 +27,7 @@ BUILTIN(BigIntConstructor) {
if (value->IsJSReceiver()) {
ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
isolate, value,
JSReceiver::ToPrimitive(Handle<JSReceiver>::cast(value),
JSReceiver::ToPrimitive(isolate, Handle<JSReceiver>::cast(value),
ToPrimitiveHint::kNumber));
}

4
src/builtins/builtins-date.cc
View File

@ -145,7 +145,7 @@ BUILTIN(DateConstructor) {
time_val = Handle<JSDate>::cast(value)->value().Number();
} else {
ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, value,
Object::ToPrimitive(value));
Object::ToPrimitive(isolate, value));
if (value->IsString()) {
time_val = ParseDateTimeString(isolate, Handle<String>::cast(value));
} else {
@ -910,7 +910,7 @@ BUILTIN(DatePrototypeToJson) {
Handle<Object> primitive;
ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
isolate, primitive,
Object::ToPrimitive(receiver_obj, ToPrimitiveHint::kNumber));
Object::ToPrimitive(isolate, receiver_obj, ToPrimitiveHint::kNumber));
if (primitive->IsNumber() && !std::isfinite(primitive->Number())) {
return ReadOnlyRoots(isolate).null_value();
} else {

2
src/objects/bigint.cc
View File

@ -1034,7 +1034,7 @@ MaybeHandle<BigInt> BigInt::FromObject(Isolate* isolate, Handle<Object> obj) {
if (obj->IsJSReceiver()) {
ASSIGN_RETURN_ON_EXCEPTION(
isolate, obj,
JSReceiver::ToPrimitive(Handle<JSReceiver>::cast(obj),
JSReceiver::ToPrimitive(isolate, Handle<JSReceiver>::cast(obj),
ToPrimitiveHint::kNumber),
BigInt);
}

2
src/objects/intl-objects.cc
View File

@ -2912,7 +2912,7 @@ MaybeHandle<Object> Intl::ToIntlMathematicalValueAsNumberBigIntOrString(
}
ASSIGN_RETURN_ON_EXCEPTION(
isolate, input,
JSReceiver::ToPrimitive(Handle<JSReceiver>::cast(input),
JSReceiver::ToPrimitive(isolate, Handle<JSReceiver>::cast(input),
ToPrimitiveHint::kNumber),
Object);
return input;

15
src/objects/js-objects.cc
View File

@ -1921,9 +1921,9 @@ Maybe<bool> JSReceiver::IsExtensible(Handle<JSReceiver> object) {
}
// static
MaybeHandle<Object> JSReceiver::ToPrimitive(Handle<JSReceiver> receiver,
MaybeHandle<Object> JSReceiver::ToPrimitive(Isolate* isolate,
Handle<JSReceiver> receiver,
ToPrimitiveHint hint) {
Isolate* const isolate = receiver->GetIsolate();
Handle<Object> exotic_to_prim;
ASSIGN_RETURN_ON_EXCEPTION(
isolate, exotic_to_prim,
@ -1942,15 +1942,16 @@ MaybeHandle<Object> JSReceiver::ToPrimitive(Handle<JSReceiver> receiver,
NewTypeError(MessageTemplate::kCannotConvertToPrimitive),
Object);
}
return OrdinaryToPrimitive(receiver, (hint == ToPrimitiveHint::kString)
? OrdinaryToPrimitiveHint::kString
: OrdinaryToPrimitiveHint::kNumber);
return OrdinaryToPrimitive(isolate, receiver,
(hint == ToPrimitiveHint::kString)
? OrdinaryToPrimitiveHint::kString
: OrdinaryToPrimitiveHint::kNumber);
}
// static
MaybeHandle<Object> JSReceiver::OrdinaryToPrimitive(
Handle<JSReceiver> receiver, OrdinaryToPrimitiveHint hint) {
Isolate* const isolate = receiver->GetIsolate();
Isolate* isolate, Handle<JSReceiver> receiver,
OrdinaryToPrimitiveHint hint) {
Handle<String> method_names[2];
switch (hint) {
case OrdinaryToPrimitiveHint::kNumber:

5
src/objects/js-objects.h
View File

@ -86,12 +86,13 @@ class JSReceiver : public TorqueGeneratedJSReceiver<JSReceiver, HeapObject> {
// ES6 section 7.1.1 ToPrimitive
V8_WARN_UNUSED_RESULT static MaybeHandle<Object> ToPrimitive(
Handle<JSReceiver> receiver,
Isolate* isolate, Handle<JSReceiver> receiver,
ToPrimitiveHint hint = ToPrimitiveHint::kDefault);
// ES6 section 7.1.1.1 OrdinaryToPrimitive
V8_WARN_UNUSED_RESULT static MaybeHandle<Object> OrdinaryToPrimitive(
Handle<JSReceiver> receiver, OrdinaryToPrimitiveHint hint);
Isolate* isolate, Handle<JSReceiver> receiver,
OrdinaryToPrimitiveHint hint);
static MaybeHandle<NativeContext> GetFunctionRealm(
Handle<JSReceiver> receiver);

5
src/objects/objects-inl.h
View File

@ -563,10 +563,11 @@ MaybeHandle<Object> Object::ToPropertyKey(Isolate* isolate,
}
// static
MaybeHandle<Object> Object::ToPrimitive(Handle<Object> input,
MaybeHandle<Object> Object::ToPrimitive(Isolate* isolate, Handle<Object> input,
ToPrimitiveHint hint) {
if (input->IsPrimitive()) return input;
return JSReceiver::ToPrimitive(Handle<JSReceiver>::cast(input), hint);
return JSReceiver::ToPrimitive(isolate, Handle<JSReceiver>::cast(input),
hint);
}
// static

30
src/objects/objects.cc
View File

@ -322,7 +322,7 @@ MaybeHandle<Object> Object::ConvertToNumberOrNumeric(Isolate* isolate,
}
ASSIGN_RETURN_ON_EXCEPTION(
isolate, input,
JSReceiver::ToPrimitive(Handle<JSReceiver>::cast(input),
JSReceiver::ToPrimitive(isolate, Handle<JSReceiver>::cast(input),
ToPrimitiveHint::kNumber),
Object);
}
@ -362,8 +362,8 @@ MaybeHandle<Object> Object::ConvertToUint32(Isolate* isolate,
MaybeHandle<Name> Object::ConvertToName(Isolate* isolate,
Handle<Object> input) {
ASSIGN_RETURN_ON_EXCEPTION(
isolate, input, Object::ToPrimitive(input, ToPrimitiveHint::kString),
Name);
isolate, input,
Object::ToPrimitive(isolate, input, ToPrimitiveHint::kString), Name);
if (input->IsName()) return Handle<Name>::cast(input);
return ToString(isolate, input);
}
@ -374,7 +374,7 @@ MaybeHandle<Object> Object::ConvertToPropertyKey(Isolate* isolate,
Handle<Object> value) {
// 1. Let key be ToPrimitive(argument, hint String).
MaybeHandle<Object> maybe_key =
Object::ToPrimitive(value, ToPrimitiveHint::kString);
Object::ToPrimitive(isolate, value, ToPrimitiveHint::kString);
// 2. ReturnIfAbrupt(key).
Handle<Object> key;
if (!maybe_key.ToHandle(&key)) return key;
@ -412,7 +412,7 @@ MaybeHandle<String> Object::ConvertToString(Isolate* isolate,
}
ASSIGN_RETURN_ON_EXCEPTION(
isolate, input,
JSReceiver::ToPrimitive(Handle<JSReceiver>::cast(input),
JSReceiver::ToPrimitive(isolate, Handle<JSReceiver>::cast(input),
ToPrimitiveHint::kString),
String);
// The previous isString() check happened in Object::ToString and thus we
@ -708,8 +708,8 @@ ComparisonResult Reverse(ComparisonResult result) {
Maybe<ComparisonResult> Object::Compare(Isolate* isolate, Handle<Object> x,
Handle<Object> y) {
// ES6 section 7.2.11 Abstract Relational Comparison step 3 and 4.
if (!Object::ToPrimitive(x, ToPrimitiveHint::kNumber).ToHandle(&x) ||
!Object::ToPrimitive(y, ToPrimitiveHint::kNumber).ToHandle(&y)) {
if (!Object::ToPrimitive(isolate, x, ToPrimitiveHint::kNumber).ToHandle(&x) ||
!Object::ToPrimitive(isolate, y, ToPrimitiveHint::kNumber).ToHandle(&y)) {
return Nothing<ComparisonResult>();
}
if (x->IsString() && y->IsString()) {
@ -769,7 +769,7 @@ Maybe<bool> Object::Equals(Isolate* isolate, Handle<Object> x,
} else if (y->IsBigInt()) {
return Just(BigInt::EqualToNumber(Handle<BigInt>::cast(y), x));
} else if (y->IsJSReceiver()) {
if (!JSReceiver::ToPrimitive(Handle<JSReceiver>::cast(y))
if (!JSReceiver::ToPrimitive(isolate, Handle<JSReceiver>::cast(y))
.ToHandle(&y)) {
return Nothing<bool>();
}
@ -791,7 +791,7 @@ Maybe<bool> Object::Equals(Isolate* isolate, Handle<Object> x,
return BigInt::EqualToString(isolate, Handle<BigInt>::cast(y),
Handle<String>::cast(x));
} else if (y->IsJSReceiver()) {
if (!JSReceiver::ToPrimitive(Handle<JSReceiver>::cast(y))
if (!JSReceiver::ToPrimitive(isolate, Handle<JSReceiver>::cast(y))
.ToHandle(&y)) {
return Nothing<bool>();
}
@ -812,7 +812,7 @@ Maybe<bool> Object::Equals(Isolate* isolate, Handle<Object> x,
x = Oddball::ToNumber(isolate, Handle<Oddball>::cast(x));
return Just(BigInt::EqualToNumber(Handle<BigInt>::cast(y), x));
} else if (y->IsJSReceiver()) {
if (!JSReceiver::ToPrimitive(Handle<JSReceiver>::cast(y))
if (!JSReceiver::ToPrimitive(isolate, Handle<JSReceiver>::cast(y))
.ToHandle(&y)) {
return Nothing<bool>();
}
@ -824,7 +824,7 @@ Maybe<bool> Object::Equals(Isolate* isolate, Handle<Object> x,
if (y->IsSymbol()) {
return Just(x.is_identical_to(y));
} else if (y->IsJSReceiver()) {
if (!JSReceiver::ToPrimitive(Handle<JSReceiver>::cast(y))
if (!JSReceiver::ToPrimitive(isolate, Handle<JSReceiver>::cast(y))
.ToHandle(&y)) {
return Nothing<bool>();
}
@ -843,7 +843,7 @@ Maybe<bool> Object::Equals(Isolate* isolate, Handle<Object> x,
return Just(x->IsUndetectable());
} else if (y->IsBoolean()) {
y = Oddball::ToNumber(isolate, Handle<Oddball>::cast(y));
} else if (!JSReceiver::ToPrimitive(Handle<JSReceiver>::cast(x))
} else if (!JSReceiver::ToPrimitive(isolate, Handle<JSReceiver>::cast(x))
.ToHandle(&x)) {
return Nothing<bool>();
}
@ -891,8 +891,10 @@ MaybeHandle<Object> Object::Add(Isolate* isolate, Handle<Object> lhs,
return isolate->factory()->NewConsString(Handle<String>::cast(lhs),
Handle<String>::cast(rhs));
}
ASSIGN_RETURN_ON_EXCEPTION(isolate, lhs, Object::ToPrimitive(lhs), Object);
ASSIGN_RETURN_ON_EXCEPTION(isolate, rhs, Object::ToPrimitive(rhs), Object);
ASSIGN_RETURN_ON_EXCEPTION(isolate, lhs, Object::ToPrimitive(isolate, lhs),
Object);
ASSIGN_RETURN_ON_EXCEPTION(isolate, rhs, Object::ToPrimitive(isolate, rhs),
Object);
if (lhs->IsString() || rhs->IsString()) {
ASSIGN_RETURN_ON_EXCEPTION(isolate, rhs, Object::ToString(isolate, rhs),
Object);

3
src/objects/objects.h
View File

@ -408,7 +408,8 @@ class Object : public TaggedImpl<HeapObjectReferenceType::STRONG, Address> {
// ES6 section 7.1.1 ToPrimitive
V8_WARN_UNUSED_RESULT static inline MaybeHandle<Object> ToPrimitive(
Handle<Object> input, ToPrimitiveHint hint = ToPrimitiveHint::kDefault);
Isolate* isolate, Handle<Object> input,
ToPrimitiveHint hint = ToPrimitiveHint::kDefault);
// ES6 section 7.1.3 ToNumber
V8_WARN_UNUSED_RESULT static inline MaybeHandle<Object> ToNumber(