Bug 853417 - Prevent self-hosted scripts from ever being visible to client scripts. r=jimb

--HG-- extra : rebase_source : b6f6d5a4ebd990d72d4fce36c5821fd5b3f0c0fb
2013-03-22 01:17:18 +01:00 · 2013-03-22 01:17:18 +01:00 · 5b5835242e
--- a/js/src/jsapi.cpp
+++ b/js/src/jsapi.cpp
@ -7066,7 +7066,7 @@ JS_DescribeScriptedCaller(JSContext *cx, JSScript **script, unsigned *lineno)
    if (lineno)
        *lineno = 0;

-    ScriptFrameIter i(cx);
+    NonBuiltinScriptFrameIter i(cx);
    if (i.done())
        return JS_FALSE;

--- a/js/src/jsdbgapi.cpp
+++ b/js/src/jsdbgapi.cpp
@ -84,14 +84,16 @@ js::ScriptDebugPrologue(JSContext *cx, AbstractFramePtr frame)
 {
    JS_ASSERT_IF(frame.isStackFrame(), frame.asStackFrame() == cx->fp());

-    if (frame.isFramePushedByExecute()) {
-        if (JSInterpreterHook hook = cx->runtime->debugHooks.executeHook)
-            frame.setHookData(hook(cx, Jsvalify(frame), IsTopFrameConstructing(cx, frame),
-                                   true, 0, cx->runtime->debugHooks.executeHookData));
-    } else {
-        if (JSInterpreterHook hook = cx->runtime->debugHooks.callHook)
-            frame.setHookData(hook(cx, Jsvalify(frame), IsTopFrameConstructing(cx, frame),
-                                   true, 0, cx->runtime->debugHooks.callHookData));
+    if (!frame.script()->selfHosted) {
+        if (frame.isFramePushedByExecute()) {
+            if (JSInterpreterHook hook = cx->runtime->debugHooks.executeHook)
+                frame.setHookData(hook(cx, Jsvalify(frame), IsTopFrameConstructing(cx, frame),
+                                       true, 0, cx->runtime->debugHooks.executeHookData));
+        } else {
+            if (JSInterpreterHook hook = cx->runtime->debugHooks.callHook)
+                frame.setHookData(hook(cx, Jsvalify(frame), IsTopFrameConstructing(cx, frame),
+                                       true, 0, cx->runtime->debugHooks.callHookData));
+        }
    }

    RootedValue rval(cx);
@ -931,7 +933,7 @@ JS_UnwrapObjectAndInnerize(JSObject *obj)
 JS_FRIEND_API(JSBool)
 js_CallContextDebugHandler(JSContext *cx)
 {
-    ScriptFrameIter iter(cx);
+    NonBuiltinScriptFrameIter iter(cx);
    JS_ASSERT(!iter.done());

    RootedValue rval(cx);
@ -955,9 +957,7 @@ JS::DescribeStack(JSContext *cx, unsigned maxFrames)
 {
    Vector<FrameDescription> frames(cx);

-    for (ScriptFrameIter i(cx); !i.done(); ++i) {
-        if (i.script()->selfHosted)
-            continue;
+    for (NonBuiltinScriptFrameIter i(cx); !i.done(); ++i) {
        FrameDescription desc;
        desc.script = i.script();
        desc.lineno = PCToLineNumber(i.script(), i.pc());
@ -1028,7 +1028,7 @@ FormatValue(JSContext *cx, const Value &v, JSAutoByteString &bytes)
 }

 static char *
-FormatFrame(JSContext *cx, const ScriptFrameIter &iter, char *buf, int num,
+FormatFrame(JSContext *cx, const NonBuiltinScriptFrameIter &iter, char *buf, int num,
            JSBool showArgs, JSBool showLocals, JSBool showThisProps)
 {
    RootedScript script(cx, iter.script());
@ -1206,7 +1206,7 @@ JS::FormatStackDump(JSContext *cx, char *buf,
 {
    int num = 0;

-    for (ScriptFrameIter i(cx); !i.done(); ++i) {
+    for (NonBuiltinScriptFrameIter i(cx); !i.done(); ++i) {
        buf = FormatFrame(cx, i, buf, num, showArgs, showLocals, showThisProps);
        num++;
    }
@ -1343,7 +1343,7 @@ JSAbstractFramePtr::evaluateUCInStackFrame(JSContext *cx,

 JSBrokenFrameIterator::JSBrokenFrameIterator(JSContext *cx)
 {
-    ScriptFrameIter iter(cx);
+    NonBuiltinScriptFrameIter iter(cx);
    data_ = iter.copyData();
 }

@ -1355,7 +1355,7 @@ JSBrokenFrameIterator::~JSBrokenFrameIterator()
 bool
 JSBrokenFrameIterator::done() const
 {
-    ScriptFrameIter iter(*(StackIter::Data *)data_);
+    NonBuiltinScriptFrameIter iter(*(StackIter::Data *)data_);
    return iter.done();
 }

@ -1363,7 +1363,7 @@ JSBrokenFrameIterator &
 JSBrokenFrameIterator::operator++()
 {
    StackIter::Data *data = (StackIter::Data *)data_;
-    ScriptFrameIter iter(*data);
+    NonBuiltinScriptFrameIter iter(*data);
    ++iter;
    *data = iter.data_;
    return *this;
@ -1372,20 +1372,20 @@ JSBrokenFrameIterator::operator++()
 JSAbstractFramePtr
 JSBrokenFrameIterator::abstractFramePtr() const
 {
-    ScriptFrameIter iter(*(StackIter::Data *)data_);
+    NonBuiltinScriptFrameIter iter(*(StackIter::Data *)data_);
    return Jsvalify(iter.abstractFramePtr());
 }

 jsbytecode *
 JSBrokenFrameIterator::pc() const
 {
-    ScriptFrameIter iter(*(StackIter::Data *)data_);
+    NonBuiltinScriptFrameIter iter(*(StackIter::Data *)data_);
    return iter.pc();
 }

 bool
 JSBrokenFrameIterator::isConstructing() const
 {
-    ScriptFrameIter iter(*(StackIter::Data *)data_);
+    NonBuiltinScriptFrameIter iter(*(StackIter::Data *)data_);
    return iter.isConstructing();
 }
--- a/js/src/jsscript.cpp
+++ b/js/src/jsscript.cpp
@ -405,7 +405,8 @@ js::XDRScript(XDRState<mode> *xdr, HandleObject enclosingScope, HandleScript enc
        IsGenerator,
        IsGeneratorExp,
        OwnSource,
-        ExplicitUseStrict
+        ExplicitUseStrict,
+        SelfHosted
    };

    uint32_t length, lineno, nslots;
@ -473,6 +474,8 @@ js::XDRScript(XDRState<mode> *xdr, HandleObject enclosingScope, HandleScript enc
            scriptBits |= (1 << Strict);
        if (script->explicitUseStrict)
            scriptBits |= (1 << ExplicitUseStrict);
+        if (script->selfHosted)
+            scriptBits |= (1 << SelfHosted);
        if (script->bindingsAccessedDynamically)
            scriptBits |= (1 << ContainsDynamicNameAccess);
        if (script->funHasExtensibleScope)
@ -531,7 +534,8 @@ js::XDRScript(XDRState<mode> *xdr, HandleObject enclosingScope, HandleScript enc
        // staticLevel is set below.
        CompileOptions options(cx);
        options.setVersion(version_)
-               .setNoScriptRval(!!(scriptBits & (1 << NoScriptRval)));
+               .setNoScriptRval(!!(scriptBits & (1 << NoScriptRval)))
+               .setSelfHostingMode(!!(scriptBits & (1 << SelfHosted)));
        ScriptSource *ss;
        if (scriptBits & (1 << OwnSource)) {
            ss = cx->new_<ScriptSource>();
--- a/js/src/vm/Stack.h
+++ b/js/src/vm/Stack.h
@ -2028,7 +2028,7 @@ class ScriptFrameIter : public StackIter
 class NonBuiltinScriptFrameIter : public StackIter
 {
    void settle() {
-        while (!done() && (!isScript() || (isFunctionFrame() && callee()->isSelfHostedBuiltin())))
+        while (!done() && (!isScript() || script()->selfHosted))
            StackIter::operator++();
    }

@ -2036,6 +2036,10 @@ class NonBuiltinScriptFrameIter : public StackIter
    NonBuiltinScriptFrameIter(JSContext *cx, StackIter::SavedOption opt = StackIter::STOP_AT_SAVED)
        : StackIter(cx, opt) { settle(); }

+    NonBuiltinScriptFrameIter(const StackIter::Data &data)
+      : StackIter(data)
+    {}
+
    NonBuiltinScriptFrameIter &operator++() { StackIter::operator++(); settle(); return *this; }
 };

--- a/js/src/vm/Xdr.h
+++ b/js/src/vm/Xdr.h
@ -25,7 +25,7 @@ namespace js {
 * and saved versions. If deserialization fails, the data should be
 * invalidated if possible.
 */
-static const uint32_t XDR_BYTECODE_VERSION = uint32_t(0xb973c0de - 140);
+static const uint32_t XDR_BYTECODE_VERSION = uint32_t(0xb973c0de - 141);

 class XDRBuffer {
  public: