Summary:
The code previously used a depth tracker in entry points to
Proxy to avoid infinite recursion in proxy cases when the trap was not
called. This is insufficient, since there are some cases where an
infinite recursion can be caused in the target descriptor invariant
checks. This diff moves the depth tracker to be used on all proxy
calls, trap or not, to avoid any other lurking bugs. As each entry
point creates a GCScope, there's no need for a second one where the
depth tracker used to be, so those are removed. A repro for the bug
is added to the proxy test case.
Reviewed By: avp
Differential Revision: D26142146
fbshipit-source-id: 9a54a7628ddc257d0c08257eeef677fd5db5038b
Summary:
This is the same as c772fb6383,
but since it was in a different file, it was missed at the time.
Reviewed By: tmikov
Differential Revision: D25313998
fbshipit-source-id: 953a6434945d8af898c08ab141daa77982c29e59
Summary:
Sufficiently devious code can revoke the proxy when the trap
is retrieved, which should still operate on the original target.
Reviewed By: tmikov
Differential Revision: D24656075
fbshipit-source-id: 5e758a013bd290b1fdb065cb3f06c5cbcad6c337
Summary:
Update JSProxy methods which start with a marker to use a new GCScope instead. These are generally very complex methods.
fixes#358
Reviewed By: avp
Differential Revision: D24006143
fbshipit-source-id: 09802aa5871b7e49e5b80bfda9dde8f993a84982
Summary:
Internally, Hermes will sometimes keep keys as numbers for
efficiency. In copyDataPropertiesSlowPath_RJS, which is for Proxy,
ensure numeric keys are converted to strings before calling functions
which might call into JSProxy.
Reviewed By: avp
Differential Revision: D23834086
fbshipit-source-id: b1df8e16573c15b63e3993793f6f484848bb89af
Summary:
This assert could fire with the code in the test, which uses
a non-Object newTarget. The assert was testing an otherwise unused
argument, so it's safe to remove.
Reviewed By: avp
Differential Revision: D23834087
fbshipit-source-id: c48647a903b7283edee86c4378745d50460f038d
Summary:
A proxy whose target or handler is another proxy can result
in native stack exhaustion. Insert checks for this case.
Reviewed By: avp
Differential Revision: D23662553
fbshipit-source-id: ec62795e8afdaafc83c301106c3229e8aa451586
Summary:
If putComputed is called on a proxy whose target's prototype
is an array with a propname of 'length', then internalSetter will be
true, and the receiver will be a proxy. In that case, proxy needs to
win; the behavior may assert or be UB otherwise.
Reviewed By: tmikov
Differential Revision: D23916279
fbshipit-source-id: c760356d48a02ece565fb4bc1acdafd7ccad7c68
Summary:
JSProxy::defineOwnProperty was implemented to call
JSObject::defineOwnProperty. Recently, this would start to assert if
a prop which looks like an array index was used. In order to avoid
this, change JSProxy::defineOwnProperty to take a Handle<> as the
name, and call JSObject::defineOwnComputedProperty, which knows how to
handle index-ish properties. This has the downside of converting a
named property from SymbolID to Handle to SymbolID in some proxy
cases, but the perf loss is preferable to writing a SymbolID overload
of JSProxy::defineOwnProperty.
closes#371
Reviewed By: tmikov
Differential Revision: D23914310
fbshipit-source-id: 633ad089bccf1aef559ffb95e05deaf6a22c52af
Summary:
Standard JSLib function that collects all the property descriptors
for a given object.
The current implementation is not fully optimized, as we don't have a
callback-style API for enumerating all properties in an object including
indexed properties, so we use an intermediate array to store them.
This can be improved upon in the future, but this diff provides
the functionality necessary to be standards-compliant.
Reviewed By: tmikov
Differential Revision: D22140163
fbshipit-source-id: 536ef66d76e0e9b7b8084d8304f4d2b597e386af
Summary:
Modify Hermes Proxy to allow creation using revoked Proxies, following requests in the PR ebe4001346
This diff is intended to replace a prior one D22049784
Reviewed By: mhorowitz
Differential Revision: D22105842
fbshipit-source-id: cd2b46a6f5afd1f564d3184ba5859a0f83494585
Summary:
HermesBuiltin `arraySpread` was deliberately written originally to be
compliant but not fast.
Make it fast when the source of the spread is an array by using
specialized JSArray functions.
Reviewed By: mhorowitz
Differential Revision: D19201544
fbshipit-source-id: 67e65178d45332bf462fdea3c7600257fed657dd
Summary:
Now that the Proxy implementation and all use cases are done,
it's possible to test it. Adding tests piecemeal could be done, but I
think it would make it harder to understand the scope of the tests.
Reviewed By: avp
Differential Revision: D18284932
fbshipit-source-id: 048969fa44d55b4cafac799f42f242969f6abde2
Vladimir Morozov
Andres Suarez
Marc Horowitz
Aakash Patel
Everest Chen