Revert "Reland "[runtime] Pass global proxy as receiver to native accessors in case of contextual access""

This reverts commit ba8a753947. Reason for revert: A layout test is unhappy: https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/16010 Original change's description: > Reland "[runtime] Pass global proxy as receiver to native accessors in case of contextual access" > > Based on past discussions I'm going to try to reland this change. This makes window.document and document behave the same after navigation, which is a change from what the spec says. If this works out though, it would greatly simplify the spec; and fix the fact that currently it's leaking the underlying global object, which we don't want for security and object-identity reasons. > > Bug: chromium:713732 > Change-Id: I835ef510fc78f04c602434a7cec6420e027c4012 > Reviewed-on: https://chromium-review.googlesource.com/520764 > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Kentaro Hara <haraken@chromium.org> > Cr-Commit-Position: refs/heads/master@{#45654} TBR=haraken@chromium.org,verwaest@chromium.org No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:713732 Change-Id: Iecde1cd855c21efa73939bbfbff0c26540ee2d98 Reviewed-on: https://chromium-review.googlesource.com/521045 Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#45659}
2017-06-01 11:56:03 +00:00 · 2017-06-01 11:56:03 +00:00 · c588bf858f
commit c588bf858f
parent 8ce8b7f022
2 changed files with 0 additions and 28 deletions
--- a/src/objects.cc
+++ b/src/objects.cc
@ -1371,11 +1371,6 @@ MaybeHandle<Object> Object::GetPropertyWithAccessor(LookupIterator* it) {
  Isolate* isolate = it->isolate();
  Handle<Object> structure = it->GetAccessors();
  Handle<Object> receiver = it->GetReceiver();
-  // In case of global IC, the receiver is the global object. Replace by the
-  // global proxy.
-  if (receiver->IsJSGlobalObject()) {
-    receiver = handle(JSGlobalObject::cast(*receiver)->global_proxy(), isolate);
-  }

  // We should never get here to initialize a const with the hole value since a
  // const declaration would conflict with the getter.
@ -1468,11 +1463,6 @@ Maybe<bool> Object::SetPropertyWithAccessor(LookupIterator* it,
  Isolate* isolate = it->isolate();
  Handle<Object> structure = it->GetAccessors();
  Handle<Object> receiver = it->GetReceiver();
-  // In case of global IC, the receiver is the global object. Replace by the
-  // global proxy.
-  if (receiver->IsJSGlobalObject()) {
-    receiver = handle(JSGlobalObject::cast(*receiver)->global_proxy(), isolate);
-  }

  // We should never get here to initialize a const with the hole value since a
  // const declaration would conflict with the setter.
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@ -26588,24 +26588,6 @@ TEST(SetPrototypeTemplate) {
  ExpectTrue("Image.prototype === HTMLImageElement.prototype");
 }

-void ensure_receiver_is_global_proxy(
-    v8::Local<v8::Name>, const v8::PropertyCallbackInfo<v8::Value>& info) {
-  CHECK(v8::Utils::OpenHandle(*info.This())->IsJSGlobalProxy());
-}
-
-THREADED_TEST(GlobalAccessorInfo) {
-  v8::Isolate* isolate = CcTest::isolate();
-  v8::HandleScope scope(isolate);
-  Local<v8::ObjectTemplate> global_template = v8::ObjectTemplate::New(isolate);
-  global_template->SetAccessor(
-      v8::String::NewFromUtf8(isolate, "prop", v8::NewStringType::kInternalized)
-          .ToLocalChecked(),
-      &ensure_receiver_is_global_proxy);
-  LocalContext env(NULL, global_template);
-  CompileRun("for (var i = 0; i < 10; i++) this.prop");
-  CompileRun("for (var i = 0; i < 10; i++) prop");
-}
-
 UNINITIALIZED_TEST(IncreaseHeapLimitForDebugging) {
  using namespace i;
  v8::Isolate::CreateParams create_params;