mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1103368, part 2 - Ban stub getter/setter arguments to js::baseops::Define{Property,Generic,Element}, DefineNativeProperty, and DefinePropertyOrElement. r=bhackett. 

--HG--
extra : rebase_source : 5f80c2060ad8d637b15e2649a83e64e06860b63a
This commit is contained in:
Jason Orendorff 2014-11-21 21:07:13 -06:00
Родитель 85c0ebfb2b
Коммит 7fd6ed055d
13 изменённых файлов: 90 добавлений и 79 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

8
js/src/frontend/BytecodeEmitter.cpp
Просмотреть файл

@ -2224,10 +2224,14 @@ IteratorResultShape(ExclusiveContext *cx, BytecodeEmitter *bce, unsigned *shape)
Rooted<jsid> done_id(cx, AtomToId(cx->names().done));
if (!DefineNativeProperty(cx, obj, value_id, UndefinedHandleValue, nullptr, nullptr,
JSPROP_ENUMERATE))
{
return false;
}
if (!DefineNativeProperty(cx, obj, done_id, UndefinedHandleValue, nullptr, nullptr,
JSPROP_ENUMERATE))
{
return false;
}
ObjectBox *objbox = bce->parser->newObjectBox(obj);
if (!objbox)
@ -6495,8 +6499,8 @@ EmitObject(ExclusiveContext *cx, BytecodeEmitter *bce, ParseNode *pn)
MOZ_ASSERT(!obj->inDictionaryMode());
Rooted<jsid> id(cx, AtomToId(key->pn_atom));
RootedValue undefinedValue(cx, UndefinedValue());
if (!DefineNativeProperty(cx, obj, id, undefinedValue, nullptr,
nullptr, JSPROP_ENUMERATE))
if (!DefineNativeProperty(cx, obj, id, undefinedValue, nullptr, nullptr,
JSPROP_ENUMERATE))
{
return false;
}

4
js/src/jit/BaselineIC.cpp
Просмотреть файл

@ -7934,8 +7934,8 @@ DoSetPropFallback(JSContext *cx, BaselineFrame *frame, ICSetProp_Fallback *stub_
if (op == JSOP_INITPROP) {
MOZ_ASSERT(obj->is<JSObject>());
if (!DefineNativeProperty(cx, obj.as<NativeObject>(), id, rhs,
nullptr, nullptr, JSPROP_ENUMERATE))
if (!DefineNativeProperty(cx, obj.as<NativeObject>(), id, rhs, nullptr, nullptr,
JSPROP_ENUMERATE))
{
return false;
}

2
js/src/jsdate.cpp
Просмотреть файл

@ -3013,7 +3013,7 @@ FinishDateClassInit(JSContext *cx, HandleObject ctor, HandleObject proto)
RootedId toGMTStringId(cx, NameToId(cx->names().toGMTString));
return baseops::GetProperty(cx, proto.as<NativeObject>(), toUTCStringId, &toUTCStringFun) &&
baseops::DefineGeneric(cx, proto.as<NativeObject>(), toGMTStringId, toUTCStringFun,
JS_PropertyStub, JS_StrictPropertyStub, 0);
nullptr, nullptr, 0);
}
const Class DateObject::class_ = {

2
js/src/jsfun.cpp
Просмотреть файл

@ -499,7 +499,7 @@ js::fun_resolve(JSContext *cx, HandleObject obj, HandleId id, bool *resolvedp)
v.setString(fun->atom() == nullptr ? cx->runtime()->emptyString : fun->atom());
}
if (!DefineNativeProperty(cx, fun, id, v, JS_PropertyStub, JS_StrictPropertyStub,
if (!DefineNativeProperty(cx, fun, id, v, nullptr, nullptr,
JSPROP_PERMANENT | JSPROP_READONLY)) {
return false;
}

6
js/src/jsnum.cpp
Просмотреть файл

@ -1212,11 +1212,9 @@ js_InitNumberClass(JSContext *cx, HandleObject obj)
RootedValue valueInfinity(cx, cx->runtime()->positiveInfinityValue);
/* ES5 15.1.1.1, 15.1.1.2 */
if (!DefineNativeProperty(cx, global, cx->names().NaN, valueNaN,
JS_PropertyStub, JS_StrictPropertyStub,
if (!DefineNativeProperty(cx, global, cx->names().NaN, valueNaN, nullptr, nullptr,
JSPROP_PERMANENT | JSPROP_READONLY) ||
!DefineNativeProperty(cx, global, cx->names().Infinity, valueInfinity,
JS_PropertyStub, JS_StrictPropertyStub,
!DefineNativeProperty(cx, global, cx->names().Infinity, valueInfinity, nullptr, nullptr,
JSPROP_PERMANENT | JSPROP_READONLY))
{
return nullptr;

39
js/src/jsobj.cpp
Просмотреть файл

@ -742,9 +742,7 @@ DefinePropertyOnObject(JSContext *cx, HandleNativeObject obj, HandleId id, const
if (desc.isGenericDescriptor() || desc.isDataDescriptor()) {
MOZ_ASSERT(!obj->getOps()->defineProperty);
RootedValue v(cx, desc.hasValue() ? desc.value() : UndefinedValue());
return baseops::DefineGeneric(cx, obj, id, v,
JS_PropertyStub, JS_StrictPropertyStub,
desc.attributes());
return baseops::DefineGeneric(cx, obj, id, v, nullptr, nullptr, desc.attributes());
}
MOZ_ASSERT(desc.isAccessorDescriptor());
@ -951,8 +949,8 @@ DefinePropertyOnObject(JSContext *cx, HandleNativeObject obj, HandleId id, const
changed |= JSPROP_ENUMERATE;
attrs = (shapeAttributes & ~changed) | (desc.attributes() & changed);
getter = IsImplicitDenseOrTypedArrayElement(shape) ? JS_PropertyStub : shape->getter();
setter = IsImplicitDenseOrTypedArrayElement(shape) ? JS_StrictPropertyStub : shape->setter();
getter = IsImplicitDenseOrTypedArrayElement(shape) ? nullptr : shape->getter();
setter = IsImplicitDenseOrTypedArrayElement(shape) ? nullptr : shape->setter();
} else if (desc.isDataDescriptor()) {
unsigned unchanged = 0;
if (!desc.hasConfigurable())
@ -966,8 +964,8 @@ DefinePropertyOnObject(JSContext *cx, HandleNativeObject obj, HandleId id, const
if (desc.hasValue())
v = desc.value();
attrs = (desc.attributes() & ~unchanged) | (shapeAttributes & unchanged);
getter = JS_PropertyStub;
setter = JS_StrictPropertyStub;
getter = nullptr;
setter = nullptr;
} else {
MOZ_ASSERT(desc.isAccessorDescriptor());
@ -987,14 +985,14 @@ DefinePropertyOnObject(JSContext *cx, HandleNativeObject obj, HandleId id, const
getter = desc.getter();
} else {
getter = (shapeHasDefaultGetter && !shapeHasGetterValue)
? JS_PropertyStub
? nullptr
: shape->getter();
}
if (desc.hasSet()) {
setter = desc.setter();
} else {
setter = (shapeHasDefaultSetter && !shapeHasSetterValue)
? JS_StrictPropertyStub
? nullptr
: shape->setter();
}
}
@ -2248,8 +2246,11 @@ js::XDRObjectLiteral(XDRState<mode> *xdr, MutableHandleNativeObject obj)
return false;
if (mode == XDR_DECODE) {
if (!DefineNativeProperty(cx, obj, id, tmpValue, NULL, NULL, JSPROP_ENUMERATE))
if (!DefineNativeProperty(cx, obj, id, tmpValue, nullptr, nullptr,
JSPROP_ENUMERATE))
{
return false;
}
}
}
@ -3028,6 +3029,15 @@ JSObject::defineGeneric(ExclusiveContext *cx, HandleObject obj,
return false;
return op(cx->asJSContext(), obj, id, value, getter, setter, attrs);
}
if (getter == nullptr)
getter = obj->getClass()->getProperty;
if (setter == nullptr)
setter = obj->getClass()->setProperty;
if (getter == JS_PropertyStub)
getter = nullptr;
if (setter == JS_StrictPropertyStub)
setter = nullptr;
return baseops::DefineGeneric(cx, obj.as<NativeObject>(), id, value, getter, setter, attrs);
}
@ -3051,6 +3061,15 @@ JSObject::defineElement(ExclusiveContext *cx, HandleObject obj,
return false;
return op(cx->asJSContext(), obj, index, value, getter, setter, attrs);
}
if (!getter)
getter = obj->getClass()->getProperty;
if (!setter)
setter = obj->getClass()->setProperty;
if (getter == JS_PropertyStub)
getter = nullptr;
if (setter == JS_StrictPropertyStub)
setter = nullptr;
return baseops::DefineElement(cx, obj.as<NativeObject>(), index, value, getter, setter, attrs);
}

5
js/src/json.cpp
Просмотреть файл

@ -668,11 +668,8 @@ js_Stringify(JSContext *cx, MutableHandleValue vp, JSObject *replacer_, Value sp
/* Step 10. */
RootedId emptyId(cx, NameToId(cx->names().empty));
if (!DefineNativeProperty(cx, wrapper, emptyId, vp, JS_PropertyStub, JS_StrictPropertyStub,
JSPROP_ENUMERATE))
{
if (!DefineNativeProperty(cx, wrapper, emptyId, vp, nullptr, nullptr, JSPROP_ENUMERATE))
return false;
}
/* Step 11. */
StringifyContext scx(cx, sb, gap, replacer, propertyList);

18
js/src/vm/ArgumentsObject.cpp
Просмотреть файл

@ -346,12 +346,11 @@ ArgSetter(JSContext *cx, HandleObject obj, HandleId id, bool strict, MutableHand
}
/*
* For simplicity we use delete/define to replace the property with one
* backed by the default Object getter and setter. Note that we rely on
* args_delProperty to clear the corresponding reserved slot so the GC can
* collect its value. Note also that we must define the property instead
* of setting it in case the user has changed the prototype to an object
* that has a setter for this id.
* For simplicity we use delete/define to replace the property with a
* simple data property. Note that we rely on args_delProperty to clear the
* corresponding reserved slot so the GC can collect its value. Note also
* that we must define the property instead of setting it in case the user
* has changed the prototype to an object that has a setter for this id.
*/
bool succeeded;
return baseops::DeleteGeneric(cx, argsobj, id, &succeeded) &&
@ -462,10 +461,9 @@ StrictArgSetter(JSContext *cx, HandleObject obj, HandleId id, bool strict, Mutab
}
/*
* For simplicity we use delete/define to replace the property with one
* backed by the default Object getter and setter. Note that we rely on
* args_delProperty to clear the corresponding reserved slot so the GC can
* collect its value.
* For simplicity we use delete/define to replace the property with a
* simple data property. Note that we rely on args_delProperty to clear the
* corresponding reserved slot so the GC can collect its value.
*/
bool succeeded;
return baseops::DeleteGeneric(cx, argsobj, id, &succeeded) &&

6
js/src/vm/Debugger.cpp
Просмотреть файл

@ -1048,8 +1048,7 @@ Debugger::newCompletionValue(JSContext *cx, JSTrapStatus status, Value value_,
RootedNativeObject obj(cx, NewNativeBuiltinClassInstance(cx, &JSObject::class_));
if (!obj ||
!wrapDebuggeeValue(cx, &value) ||
!DefineNativeProperty(cx, obj, key, value, JS_PropertyStub, JS_StrictPropertyStub,
JSPROP_ENUMERATE))
!DefineNativeProperty(cx, obj, key, value, nullptr, nullptr, JSPROP_ENUMERATE))
{
return false;
}
@ -5438,8 +5437,7 @@ DebuggerFrame_getArguments(JSContext *cx, unsigned argc, Value *vp)
MOZ_ASSERT(frame.numActualArgs() <= 0x7fffffff);
unsigned fargc = frame.numActualArgs();
RootedValue fargcVal(cx, Int32Value(fargc));
if (!DefineNativeProperty(cx, argsobj, cx->names().length,
fargcVal, nullptr, nullptr,
if (!DefineNativeProperty(cx, argsobj, cx->names().length, fargcVal, nullptr, nullptr,
JSPROP_PERMANENT | JSPROP_READONLY))
{
return false;

4
js/src/vm/JSONParser.cpp
Просмотреть файл

@ -606,10 +606,8 @@ JSONParserBase::createFinishedObject(PropertyVector &properties)
for (size_t i = 0; i < properties.length(); i++) {
propid = properties[i].id;
value = properties[i].value;
if (!DefineNativeProperty(cx, obj, propid, value, JS_PropertyStub, JS_StrictPropertyStub,
JSPROP_ENUMERATE)) {
if (!DefineNativeProperty(cx, obj, propid, value, nullptr, nullptr, JSPROP_ENUMERATE))
return nullptr;
}
}
/*

3
js/src/vm/NativeObject-inl.h
Просмотреть файл

@ -648,6 +648,9 @@ DefineNativeProperty(ExclusiveContext *cx, HandleNativeObject obj,
PropertyName *name, HandleValue value,
PropertyOp getter, StrictPropertyOp setter, unsigned attrs)
{
MOZ_ASSERT(getter != JS_PropertyStub);
MOZ_ASSERT(setter != JS_StrictPropertyStub);
RootedId id(cx, NameToId(name));
return DefineNativeProperty(cx, obj, id, value, getter, setter, attrs);
}

60
js/src/vm/NativeObject.cpp
Просмотреть файл

@ -1072,11 +1072,10 @@ NativeObject::addDataProperty(ExclusiveContext *cx, HandlePropertyName name,
template <ExecutionMode mode>
static inline bool
CallAddPropertyHook(typename ExecutionModeTraits<mode>::ExclusiveContextType cxArg,
const Class *clasp, HandleNativeObject obj, HandleShape shape,
HandleValue nominal)
HandleNativeObject obj, HandleShape shape, HandleValue nominal)
{
if (clasp->addProperty) {
MOZ_ASSERT(clasp->addProperty != JS_PropertyStub);
if (JSPropertyOp addProperty = obj->getClass()->addProperty) {
MOZ_ASSERT(addProperty != JS_PropertyStub);
if (mode == ParallelExecution)
return false;
@ -1089,7 +1088,7 @@ CallAddPropertyHook(typename ExecutionModeTraits<mode>::ExclusiveContextType cxA
RootedValue value(cx, nominal);
Rooted<jsid> id(cx, shape->propid());
if (!CallJSPropertyOp(cx->asJSContext(), clasp->addProperty, obj, id, &value)) {
if (!CallJSPropertyOp(cx->asJSContext(), addProperty, obj, id, &value)) {
obj->removeProperty(cx, shape->propid());
return false;
}
@ -1104,8 +1103,7 @@ CallAddPropertyHook(typename ExecutionModeTraits<mode>::ExclusiveContextType cxA
template <ExecutionMode mode>
static inline bool
CallAddPropertyHookDense(typename ExecutionModeTraits<mode>::ExclusiveContextType cxArg,
const Class *clasp, HandleNativeObject obj, uint32_t index,
HandleValue nominal)
HandleNativeObject obj, uint32_t index, HandleValue nominal)
{
/* Inline addProperty for array objects. */
if (obj->is<ArrayObject>()) {
@ -1124,8 +1122,8 @@ CallAddPropertyHookDense(typename ExecutionModeTraits<mode>::ExclusiveContextTyp
return true;
}
if (clasp->addProperty) {
MOZ_ASSERT(clasp->addProperty != JS_PropertyStub);
if (JSPropertyOp addProperty = obj->getClass()->addProperty) {
MOZ_ASSERT(addProperty != JS_PropertyStub);
if (mode == ParallelExecution)
return false;
@ -1141,7 +1139,7 @@ CallAddPropertyHookDense(typename ExecutionModeTraits<mode>::ExclusiveContextTyp
RootedValue value(cx, nominal);
Rooted<jsid> id(cx, INT_TO_JSID(index));
if (!CallJSPropertyOp(cx->asJSContext(), clasp->addProperty, obj, id, &value)) {
if (!CallJSPropertyOp(cx->asJSContext(), addProperty, obj, id, &value)) {
obj->setDenseElementHole(cx, index);
return false;
}
@ -1207,10 +1205,13 @@ DefinePropertyOrElement(typename ExecutionModeTraits<mode>::ExclusiveContextType
unsigned attrs, HandleValue value,
bool callSetterAfterwards, bool setterIsStrict)
{
MOZ_ASSERT(getter != JS_PropertyStub);
MOZ_ASSERT(setter != JS_StrictPropertyStub);
/* Use dense storage for new indexed properties where possible. */
if (JSID_IS_INT(id) &&
getter == JS_PropertyStub &&
setter == JS_StrictPropertyStub &&
!getter &&
!setter &&
attrs == JSPROP_ENUMERATE &&
(!obj->isIndexed() || !obj->containsPure(id)) &&
!IsAnyTypedArray(obj))
@ -1240,7 +1241,7 @@ DefinePropertyOrElement(typename ExecutionModeTraits<mode>::ExclusiveContextType
} else {
obj->setDenseElementWithType(cx->asExclusiveContext(), index, value);
}
return CallAddPropertyHookDense<mode>(cx, obj->getClass(), obj, index, value);
return CallAddPropertyHookDense<mode>(cx, obj, index, value);
}
}
@ -1271,11 +1272,6 @@ DefinePropertyOrElement(typename ExecutionModeTraits<mode>::ExclusiveContextType
}
AutoRooterGetterSetter gsRoot(cx, attrs, &getter, &setter);
if (getter == JS_PropertyStub)
getter = nullptr;
if (setter == JS_StrictPropertyStub)
setter = nullptr;
RootedShape shape(cx, NativeObject::putProperty<mode>(cx, obj, id, getter, setter,
SHAPE_INVALID_SLOT, attrs, 0));
if (!shape)
@ -1303,11 +1299,11 @@ DefinePropertyOrElement(typename ExecutionModeTraits<mode>::ExclusiveContextType
return false;
if (result == NativeObject::ED_OK) {
MOZ_ASSERT(!setter);
return CallAddPropertyHookDense<mode>(cx, obj->getClass(), obj, index, value);
return CallAddPropertyHookDense<mode>(cx, obj, index, value);
}
}
if (!CallAddPropertyHook<mode>(cx, obj->getClass(), obj, shape, value))
if (!CallAddPropertyHook<mode>(cx, obj, shape, value))
return false;
if (callSetterAfterwards && setter) {
@ -1405,6 +1401,8 @@ bool
js::DefineNativeProperty(ExclusiveContext *cx, HandleNativeObject obj, HandleId id, HandleValue value,
PropertyOp getter, StrictPropertyOp setter, unsigned attrs)
{
MOZ_ASSERT(getter != JS_PropertyStub);
MOZ_ASSERT(setter != JS_StrictPropertyStub);
MOZ_ASSERT(!(attrs & JSPROP_PROPOP_ACCESSORS));
AutoRooterGetterSetter gsRoot(cx, attrs, &getter, &setter);
@ -1437,10 +1435,6 @@ js::DefineNativeProperty(ExclusiveContext *cx, HandleNativeObject obj, HandleId
}
if (shape->isAccessorDescriptor()) {
attrs = ApplyOrDefaultAttributes(attrs, shape);
if (getter == JS_PropertyStub)
getter = nullptr;
if (setter == JS_StrictPropertyStub)
setter = nullptr;
shape = NativeObject::changeProperty<SequentialExecution>(cx, obj, shape, attrs,
JSPROP_GETTER | JSPROP_SETTER,
(attrs & JSPROP_GETTER)
@ -1514,13 +1508,6 @@ js::DefineNativeProperty(ExclusiveContext *cx, HandleNativeObject obj, HandleId
if (!PurgeScopeChain(cx, obj, id))
return false;
/* Use the object's class getter and setter by default. */
const Class *clasp = obj->getClass();
if (!getter && !(attrs & JSPROP_GETTER))
getter = clasp->getProperty;
if (!setter && !(attrs & JSPROP_SETTER))
setter = clasp->setProperty;
if (shouldDefine) {
// Handle the default cases here. Anyone that wanted to set non-default attributes has
// cleared the IGNORE flags by now. Since we can never get here with JSPROP_IGNORE_VALUE
@ -1534,7 +1521,7 @@ js::DefineNativeProperty(ExclusiveContext *cx, HandleNativeObject obj, HandleId
JS_ALWAYS_TRUE(UpdateShapeTypeAndValue<SequentialExecution>(cx, obj, shape, updateValue));
return CallAddPropertyHook<SequentialExecution>(cx, clasp, obj, shape, updateValue);
return CallAddPropertyHook<SequentialExecution>(cx, obj, shape, updateValue);
}
static bool
@ -2008,8 +1995,13 @@ SetPropertyByDefining(typename ExecutionModeTraits<mode>::ContextType cxArg,
clasp->getProperty, clasp->setProperty, JSPROP_ENUMERATE);
}
Rooted<NativeObject*> nativeReceiver(cxArg, &receiver->as<NativeObject>());
return DefinePropertyOrElement<mode>(cxArg, nativeReceiver, id,
clasp->getProperty, clasp->setProperty,
JSPropertyOp getter = clasp->getProperty;
if (getter == JS_PropertyStub)
getter = nullptr;
JSStrictPropertyOp setter = clasp->setProperty;
if (setter == JS_StrictPropertyStub)
setter = nullptr;
return DefinePropertyOrElement<mode>(cxArg, nativeReceiver, id, getter, setter,
JSPROP_ENUMERATE, v, true, strict);
}

12
js/src/vm/RegExpObject.cpp
Просмотреть файл

@ -719,15 +719,19 @@ RegExpCompartment::createMatchResultTemplateObject(JSContext *cx)
/* Set dummy index property */
RootedValue index(cx, Int32Value(0));
if (!baseops::DefineProperty(cx, templateObject, cx->names().index, index,
JS_PropertyStub, JS_StrictPropertyStub, JSPROP_ENUMERATE))
if (!baseops::DefineProperty(cx, templateObject, cx->names().index, index, nullptr, nullptr,
JSPROP_ENUMERATE))
{
return matchResultTemplateObject_; // = nullptr
}
/* Set dummy input property */
RootedValue inputVal(cx, StringValue(cx->runtime()->emptyString));
if (!baseops::DefineProperty(cx, templateObject, cx->names().input, inputVal,
JS_PropertyStub, JS_StrictPropertyStub, JSPROP_ENUMERATE))
if (!baseops::DefineProperty(cx, templateObject, cx->names().input, inputVal, nullptr, nullptr,
JSPROP_ENUMERATE))
{
return matchResultTemplateObject_; // = nullptr
}
// Make sure that the properties are in the right slots.
DebugOnly<Shape *> shape = templateObject->lastProperty();