v8
V8 is Google’s open source high-performance JavaScript and WebAssembly engine, written in C++.
Loading...
Searching...
No Matches
accessors.cc
Go to the documentation of this file.
1// Copyright 2012 the V8 project authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "src/builtins/accessors.h"
6
7#include "src/api/api-inl.h"
8#include "src/debug/debug.h"
9#include "src/deoptimizer/deoptimizer.h"
10#include "src/execution/execution.h"
11#include "src/execution/frames-inl.h"
12#include "src/execution/frames.h"
13#include "src/execution/isolate-inl.h"
14#include "src/execution/messages.h"
15#include "src/heap/factory.h"
16#include "src/logging/runtime-call-stats-scope.h"
17#include "src/objects/api-callbacks.h"
18#include "src/objects/contexts.h"
19#include "src/objects/field-index-inl.h"
20#include "src/objects/js-array-inl.h"
21#include "src/objects/js-shared-array-inl.h"
22#include "src/objects/module-inl.h"
23#include "src/objects/property-details.h"
24#include "src/objects/prototype.h"
25
26namespace v8 {
27namespace internal {
28
29DirectHandle<AccessorInfo> Accessors::MakeAccessor(
30 Isolate* isolate, DirectHandle<Name> name,
31 AccessorNameGetterCallback getter,
32 AccessorNameBooleanSetterCallback setter) {
33 Factory* factory = isolate->factory();
34 name = factory->InternalizeName(name);
35 DirectHandle<AccessorInfo> info = factory->NewAccessorInfo();
36 {
37 DisallowGarbageCollection no_gc;
38 Tagged<AccessorInfo> raw = *info;
39 raw->set_is_sloppy(false);
40 raw->set_replace_on_access(false);
41 raw->set_getter_side_effect_type(SideEffectType::kHasSideEffect);
42 raw->set_setter_side_effect_type(SideEffectType::kHasSideEffect);
43 raw->set_name(*name);
44 raw->set_getter(isolate, reinterpret_cast<Address>(getter));
45 if (setter == nullptr) setter = &ReconfigureToDataProperty;
46 raw->set_setter(isolate, reinterpret_cast<Address>(setter));
47 }
48 return info;
49}
50
51static V8_INLINE bool CheckForName(Isolate* isolate, DirectHandle<Name> name,
52 DirectHandle<String> property_name,
53 int offset, FieldIndex::Encoding encoding,
54 FieldIndex* index) {
55 if (Name::Equals(isolate, name, property_name)) {
56 *index = FieldIndex::ForInObjectOffset(offset, encoding);
57 return true;
58 }
59 return false;
60}
61
62// Returns true for properties that are accessors to object fields.
63// If true, *object_offset contains offset of object field.
64bool Accessors::IsJSObjectFieldAccessor(Isolate* isolate, DirectHandle<Map> map,
65 DirectHandle<Name> name,
66 FieldIndex* index) {
67 if (map->is_dictionary_map()) {
68 // There are not descriptors in a dictionary mode map.
69 return false;
70 }
71
72 switch (map->instance_type()) {
73 case JS_ARRAY_TYPE:
74 return CheckForName(isolate, name, isolate->factory()->length_string(),
75 JSArray::kLengthOffset, FieldIndex::kTagged, index);
76 default:
77 if (map->instance_type() < FIRST_NONSTRING_TYPE) {
78 return CheckForName(isolate, name, isolate->factory()->length_string(),
79 offsetof(String, length_), FieldIndex::kWord32,
80 index);
81 }
82
83 return false;
84 }
85}
86
87V8_WARN_UNUSED_RESULT MaybeDirectHandle<Object>
88Accessors::ReplaceAccessorWithDataProperty(Isolate* isolate,
89 DirectHandle<JSAny> receiver,
90 DirectHandle<JSObject> holder,
91 DirectHandle<Name> name,
92 DirectHandle<Object> value) {
93 LookupIterator it(isolate, receiver, PropertyKey(isolate, name), holder,
94 LookupIterator::OWN_SKIP_INTERCEPTOR);
95 // Skip any access checks we might hit. This accessor should never hit in a
96 // situation where the caller does not have access.
97 while (it.state() == LookupIterator::ACCESS_CHECK) {
98 CHECK(it.HasAccess());
99 it.Next();
100 }
101 DCHECK(holder.is_identical_to(it.GetHolder<JSObject>()));
102 CHECK_EQ(LookupIterator::ACCESSOR, it.state());
103 it.ReconfigureDataProperty(value, it.property_attributes());
104 return value;
105}
106
107// Allow usages of v8::PropertyCallbackInfo<T>::Holder() for now.
108// TODO(https://crbug.com/333672197): remove.
109START_ALLOW_USE_DEPRECATED()
110
111//
112// Accessors::ReconfigureToDataProperty
113//
114void Accessors::ReconfigureToDataProperty(
115 v8::Local<v8::Name> key, v8::Local<v8::Value> val,
116 const v8::PropertyCallbackInfo<v8::Boolean>& info) {
117 i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
118 RCS_SCOPE(isolate, RuntimeCallCounterId::kReconfigureToDataProperty);
119 HandleScope scope(isolate);
120 DirectHandle<JSReceiver> receiver = Utils::OpenDirectHandle(*info.This());
121 DirectHandle<JSObject> holder =
122 Cast<JSObject>(Utils::OpenDirectHandle(*info.Holder()));
123 DirectHandle<Name> name = Utils::OpenDirectHandle(*key);
124 DirectHandle<Object> value = Utils::OpenDirectHandle(*val);
125 MaybeDirectHandle<Object> result = Accessors::ReplaceAccessorWithDataProperty(
126 isolate, receiver, holder, name, value);
127 if (!result.is_null()) {
128 info.GetReturnValue().Set(true);
129 }
130}
131
132//
133// Accessors::ArgumentsIterator
134//
135
136void Accessors::ArgumentsIteratorGetter(
137 v8::Local<v8::Name> name, const v8::PropertyCallbackInfo<v8::Value>& info) {
138 i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
139 DisallowGarbageCollection no_gc;
140 HandleScope scope(isolate);
141 Tagged<Object> result = isolate->native_context()->array_values_iterator();
142 info.GetReturnValue().Set(
143 Utils::ToLocal(DirectHandle<Object>(result, isolate)));
144}
145
146DirectHandle<AccessorInfo> Accessors::MakeArgumentsIteratorInfo(
147 Isolate* isolate) {
148 DirectHandle<Name> name = isolate->factory()->iterator_symbol();
149 return MakeAccessor(isolate, name, &ArgumentsIteratorGetter, nullptr);
150}
151
152//
153// Accessors::ArrayLength
154//
155
156void Accessors::ArrayLengthGetter(
157 v8::Local<v8::Name> name, const v8::PropertyCallbackInfo<v8::Value>& info) {
158 i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
159 RCS_SCOPE(isolate, RuntimeCallCounterId::kArrayLengthGetter);
160 DisallowGarbageCollection no_gc;
161 HandleScope scope(isolate);
162 Tagged<JSArray> holder =
163 Cast<JSArray>(*Utils::OpenDirectHandle(*info.Holder()));
164 Tagged<Object> result = holder->length();
165 info.GetReturnValue().Set(
166 Utils::ToLocal(DirectHandle<Object>(result, isolate)));
167}
168
169void Accessors::ArrayLengthSetter(
170 v8::Local<v8::Name> name, v8::Local<v8::Value> val,
171 const v8::PropertyCallbackInfo<v8::Boolean>& info) {
172 i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
173 RCS_SCOPE(isolate, RuntimeCallCounterId::kArrayLengthSetter);
174 HandleScope scope(isolate);
175
176 DCHECK(Object::SameValue(*Utils::OpenDirectHandle(*name),
177 ReadOnlyRoots(isolate).length_string()));
178
179 DirectHandle<JSReceiver> object = Utils::OpenDirectHandle(*info.Holder());
180 DirectHandle<JSArray> array = Cast<JSArray>(object);
181 DirectHandle<Object> length_obj = Utils::OpenDirectHandle(*val);
182
183 bool was_readonly = JSArray::HasReadOnlyLength(array);
184
185 uint32_t length = 0;
186 if (!JSArray::AnythingToArrayLength(isolate, length_obj, &length)) {
187 return;
188 }
189
190 if (!was_readonly && V8_UNLIKELY(JSArray::HasReadOnlyLength(array))) {
191 // AnythingToArrayLength() may have called setter re-entrantly and modified
192 // its property descriptor. Don't perform this check if "length" was
193 // previously readonly, as this may have been called during
194 // DefineOwnPropertyIgnoreAttributes().
195 if (length == Object::NumberValue(array->length())) {
196 info.GetReturnValue().Set(true);
197 } else if (info.ShouldThrowOnError()) {
198 Factory* factory = isolate->factory();
199 isolate->Throw(
200 *factory->NewTypeError(MessageTemplate::kStrictReadOnlyProperty,
201 Utils::OpenDirectHandle(*name),
202 i::Object::TypeOf(isolate, object), object));
203 } else {
204 info.GetReturnValue().Set(false);
205 }
206 return;
207 }
208
209 if (JSArray::SetLength(array, length).IsNothing()) {
210 // TODO(victorgomes): AccessorNameBooleanSetterCallback does not handle
211 // exceptions.
212 FATAL("Fatal JavaScript invalid array length %u", length);
213 UNREACHABLE();
214 }
215
216 uint32_t actual_new_len = 0;
217 CHECK(Object::ToArrayLength(array->length(), &actual_new_len));
218 // Fail if there were non-deletable elements.
219 if (actual_new_len != length) {
220 if (info.ShouldThrowOnError()) {
221 Factory* factory = isolate->factory();
222 isolate->Throw(*factory->NewTypeError(
223 MessageTemplate::kStrictDeleteProperty,
224 factory->NewNumberFromUint(actual_new_len - 1), array));
225 } else {
226 info.GetReturnValue().Set(false);
227 }
228 } else {
229 info.GetReturnValue().Set(true);
230 }
231}
232
233DirectHandle<AccessorInfo> Accessors::MakeArrayLengthInfo(Isolate* isolate) {
234 return MakeAccessor(isolate, isolate->factory()->length_string(),
235 &ArrayLengthGetter, &ArrayLengthSetter);
236}
237
238//
239// Accessors::ModuleNamespaceEntry
240//
241
242void Accessors::ModuleNamespaceEntryGetter(
243 v8::Local<v8::Name> name, const v8::PropertyCallbackInfo<v8::Value>& info) {
244 i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
245 HandleScope scope(isolate);
246 Tagged<JSModuleNamespace> holder =
247 Cast<JSModuleNamespace>(*Utils::OpenDirectHandle(*info.Holder()));
248 DirectHandle<Object> result;
249 if (holder->GetExport(isolate, Cast<String>(Utils::OpenDirectHandle(*name)))
250 .ToHandle(&result)) {
251 info.GetReturnValue().Set(Utils::ToLocal(result));
252 }
253}
254
255void Accessors::ModuleNamespaceEntrySetter(
256 v8::Local<v8::Name> name, v8::Local<v8::Value> val,
257 const v8::PropertyCallbackInfo<v8::Boolean>& info) {
258 i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
259 HandleScope scope(isolate);
260 Factory* factory = isolate->factory();
261 DirectHandle<JSModuleNamespace> holder =
262 Cast<JSModuleNamespace>(Utils::OpenDirectHandle(*info.Holder()));
263
264 if (info.ShouldThrowOnError()) {
265 isolate->Throw(
266 *factory->NewTypeError(MessageTemplate::kStrictReadOnlyProperty,
267 Utils::OpenDirectHandle(*name),
268 i::Object::TypeOf(isolate, holder), holder));
269 } else {
270 info.GetReturnValue().Set(false);
271 }
272}
273
274DirectHandle<AccessorInfo> Accessors::MakeModuleNamespaceEntryInfo(
275 Isolate* isolate, DirectHandle<String> name) {
276 return MakeAccessor(isolate, name, &ModuleNamespaceEntryGetter,
277 &ModuleNamespaceEntrySetter);
278}
279
280//
281// Accessors::StringLength
282//
283
284void Accessors::StringLengthGetter(
285 v8::Local<v8::Name> name, const v8::PropertyCallbackInfo<v8::Value>& info) {
286 i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
287 RCS_SCOPE(isolate, RuntimeCallCounterId::kStringLengthGetter);
288 DisallowGarbageCollection no_gc;
289 HandleScope scope(isolate);
290
291 // We have a slight impedance mismatch between the external API and the way we
292 // use callbacks internally: Externally, callbacks can only be used with
293 // v8::Object, but internally we have callbacks on entities which are higher
294 // in the hierarchy, in this case for String values.
295
296 Tagged<Object> value =
297 *Utils::OpenDirectHandle(*v8::Local<v8::Value>(info.This()));
298 if (!IsString(value)) {
299 // Not a string value. That means that we either got a String wrapper or
300 // a Value with a String wrapper in its prototype chain.
301 value = Cast<JSPrimitiveWrapper>(*Utils::OpenDirectHandle(*info.Holder()))
302 ->value();
303 }
304 Tagged<Object> result = Smi::FromInt(Cast<String>(value)->length());
305 info.GetReturnValue().Set(
306 Utils::ToLocal(DirectHandle<Object>(result, isolate)));
307}
308
309DirectHandle<AccessorInfo> Accessors::MakeStringLengthInfo(Isolate* isolate) {
310 return MakeAccessor(isolate, isolate->factory()->length_string(),
311 &StringLengthGetter, nullptr);
312}
313
314//
315// Accessors::FunctionPrototype
316//
317
318static DirectHandle<Object> GetFunctionPrototype(
319 Isolate* isolate, DirectHandle<JSFunction> function) {
320 if (!function->has_prototype()) {
321 // We lazily allocate .prototype for functions, which confuses debug
322 // evaluate which assumes we can write to temporary objects we allocated
323 // during evaluation. We err on the side of caution here and prevent the
324 // newly allocated prototype from going into the temporary objects set,
325 // which means writes to it will be considered a side effect.
326 DisableTemporaryObjectTracking no_temp_tracking(isolate->debug());
327 DirectHandle<JSObject> proto =
328 isolate->factory()->NewFunctionPrototype(function);
329 JSFunction::SetPrototype(function, proto);
330 }
331 return DirectHandle<Object>(function->prototype(), isolate);
332}
333
334void Accessors::FunctionPrototypeGetter(
335 v8::Local<v8::Name> name, const v8::PropertyCallbackInfo<v8::Value>& info) {
336 i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
337 RCS_SCOPE(isolate, RuntimeCallCounterId::kFunctionPrototypeGetter);
338 HandleScope scope(isolate);
339 DirectHandle<JSFunction> function =
340 Cast<JSFunction>(Utils::OpenDirectHandle(*info.Holder()));
341 DCHECK(function->has_prototype_property());
342 DirectHandle<Object> result = GetFunctionPrototype(isolate, function);
343 info.GetReturnValue().Set(Utils::ToLocal(result));
344}
345
346void Accessors::FunctionPrototypeSetter(
347 v8::Local<v8::Name> name, v8::Local<v8::Value> val,
348 const v8::PropertyCallbackInfo<v8::Boolean>& info) {
349 i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
350 RCS_SCOPE(isolate, RuntimeCallCounterId::kFunctionPrototypeSetter);
351 HandleScope scope(isolate);
352 DirectHandle<Object> value = Utils::OpenDirectHandle(*val);
353 DirectHandle<JSFunction> object =
354 Cast<JSFunction>(Utils::OpenDirectHandle(*info.Holder()));
355 DCHECK(object->has_prototype_property());
356 JSFunction::SetPrototype(object, value);
357 info.GetReturnValue().Set(true);
358}
359
360DirectHandle<AccessorInfo> Accessors::MakeFunctionPrototypeInfo(
361 Isolate* isolate) {
362 return MakeAccessor(isolate, isolate->factory()->prototype_string(),
363 &FunctionPrototypeGetter, &FunctionPrototypeSetter);
364}
365
366//
367// Accessors::FunctionLength
368//
369
370void Accessors::FunctionLengthGetter(
371 v8::Local<v8::Name> name, const v8::PropertyCallbackInfo<v8::Value>& info) {
372 i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
373 RCS_SCOPE(isolate, RuntimeCallCounterId::kFunctionLengthGetter);
374 HandleScope scope(isolate);
375 auto function = Cast<JSFunction>(Utils::OpenDirectHandle(*info.Holder()));
376 int length = function->length();
377 DirectHandle<Object> result(Smi::FromInt(length), isolate);
378 info.GetReturnValue().Set(Utils::ToLocal(result));
379}
380
381DirectHandle<AccessorInfo> Accessors::MakeFunctionLengthInfo(Isolate* isolate) {
382 return MakeAccessor(isolate, isolate->factory()->length_string(),
383 &FunctionLengthGetter, &ReconfigureToDataProperty);
384}
385
386//
387// Accessors::FunctionName
388//
389
390void Accessors::FunctionNameGetter(
391 v8::Local<v8::Name> name, const v8::PropertyCallbackInfo<v8::Value>& info) {
392 i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
393 HandleScope scope(isolate);
394 auto function = Cast<JSFunction>(Utils::OpenDirectHandle(*info.Holder()));
395 DirectHandle<Object> result = JSFunction::GetName(isolate, function);
396 info.GetReturnValue().Set(Utils::ToLocal(result));
397}
398
399DirectHandle<AccessorInfo> Accessors::MakeFunctionNameInfo(Isolate* isolate) {
400 return MakeAccessor(isolate, isolate->factory()->name_string(),
401 &FunctionNameGetter, &ReconfigureToDataProperty);
402}
403
404//
405// Accessors::FunctionArguments
406//
407
408namespace {
409
410Handle<JSObject> ArgumentsFromDeoptInfo(JavaScriptFrame* frame,
411 int inlined_frame_index) {
412 Isolate* isolate = frame->isolate();
413 Factory* factory = isolate->factory();
414
415 TranslatedState translated_values(frame);
416 translated_values.Prepare(frame->fp());
417
418 int argument_count = 0;
419 TranslatedFrame* translated_frame =
420 translated_values.GetArgumentsInfoFromJSFrameIndex(inlined_frame_index,
421 &argument_count);
422 TranslatedFrame::iterator iter = translated_frame->begin();
423
424 // Materialize the function.
425 bool should_deoptimize = iter->IsMaterializedObject();
426 DirectHandle<JSFunction> function = Cast<JSFunction>(iter->GetValue());
427 iter++;
428
429 // Skip the receiver.
430 iter++;
431 argument_count--;
432
433 Handle<JSObject> arguments =
434 factory->NewArgumentsObject(function, argument_count);
435 DirectHandle<FixedArray> array = factory->NewFixedArray(argument_count);
436 for (int i = 0; i < argument_count; ++i) {
437 // If we materialize any object, we should deoptimize the frame because we
438 // might alias an object that was eliminated by escape analysis.
439 should_deoptimize = should_deoptimize || iter->IsMaterializedObject();
440 DirectHandle<Object> value = iter->GetValue();
441 array->set(i, *value);
442 iter++;
443 }
444 arguments->set_elements(*array);
445
446 if (should_deoptimize) {
447 translated_values.StoreMaterializedValuesAndDeopt(frame);
448 }
449
450 // Return the freshly allocated arguments object.
451 return arguments;
452}
453
454int FindFunctionInFrame(JavaScriptFrame* frame,
455 DirectHandle<JSFunction> function) {
456 FrameSummaries summaries = frame->Summarize();
457 for (int i = summaries.size(); i != 0; i--) {
458 if (*summaries.frames[i - 1].AsJavaScript().function() == *function) {
459 return static_cast<int>(i) - 1;
460 }
461 }
462 return -1;
463}
464
465Handle<JSObject> GetFrameArguments(Isolate* isolate,
466 JavaScriptStackFrameIterator* it,
467 int function_index) {
468 JavaScriptFrame* frame = it->frame();
469
470 if (function_index > 0) {
471 // The function in question was inlined. Inlined functions have the
472 // correct number of arguments and no allocated arguments object, so
473 // we can construct a fresh one by interpreting the function's
474 // deoptimization input data.
475 return ArgumentsFromDeoptInfo(frame, function_index);
476 }
477
478 // Construct an arguments object mirror for the right frame and the underlying
479 // function.
480 const int length = frame->GetActualArgumentCount();
481 DirectHandle<JSFunction> function(frame->function(), isolate);
482 Handle<JSObject> arguments =
483 isolate->factory()->NewArgumentsObject(function, length);
484 DirectHandle<FixedArray> array = isolate->factory()->NewFixedArray(length);
485
486 // Copy the parameters to the arguments object.
487 DCHECK(array->length() == length);
488 for (int i = 0; i < length; i++) {
489 Tagged<Object> value = frame->GetParameter(i);
490 if (IsTheHole(value, isolate)) {
491 // Generators currently use holes as dummy arguments when resuming. We
492 // must not leak those.
493 DCHECK(IsResumableFunction(function->shared()->kind()));
494 value = ReadOnlyRoots(isolate).undefined_value();
495 }
496 array->set(i, value);
497 }
498 arguments->set_elements(*array);
499
500 // For optimized functions, the frame arguments may be outdated, so we should
501 // update them with the deopt info, while keeping the length and extra
502 // arguments from the actual frame.
503 if (CodeKindCanDeoptimize(frame->LookupCode()->kind()) && length > 0) {
504 DirectHandle<JSObject> arguments_from_deopt_info =
505 ArgumentsFromDeoptInfo(frame, function_index);
506 DirectHandle<FixedArray> elements_from_deopt_info(
507 Cast<FixedArray>(arguments_from_deopt_info->elements()), isolate);
508 int common_length = std::min(length, elements_from_deopt_info->length());
509 for (int i = 0; i < common_length; i++) {
510 array->set(i, elements_from_deopt_info->get(i));
511 }
512 }
513
514 // Return the freshly allocated arguments object.
515 return arguments;
516}
517
518} // namespace
519
520Handle<JSObject> Accessors::FunctionGetArguments(JavaScriptFrame* frame,
521 int inlined_jsframe_index) {
522 Isolate* isolate = frame->isolate();
523 Address requested_frame_fp = frame->fp();
524 // Forward a frame iterator to the requested frame. This is needed because we
525 // potentially need for advance it to the inlined arguments frame later.
526 for (JavaScriptStackFrameIterator it(isolate); !it.done(); it.Advance()) {
527 if (it.frame()->fp() != requested_frame_fp) continue;
528 return GetFrameArguments(isolate, &it, inlined_jsframe_index);
529 }
530 UNREACHABLE(); // Requested frame not found.
531}
532
533void Accessors::FunctionArgumentsGetter(
534 v8::Local<v8::Name> name, const v8::PropertyCallbackInfo<v8::Value>& info) {
535 i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
536 isolate->CountUsage(v8::Isolate::kFunctionPrototypeArguments);
537 HandleScope scope(isolate);
538 auto function = Cast<JSFunction>(Utils::OpenDirectHandle(*info.Holder()));
539 DirectHandle<Object> result = isolate->factory()->null_value();
540 if (!function->shared()->native()) {
541 // Find the top invocation of the function by traversing frames.
542 for (JavaScriptStackFrameIterator it(isolate); !it.done(); it.Advance()) {
543 JavaScriptFrame* frame = it.frame();
544 int function_index = FindFunctionInFrame(frame, function);
545 if (function_index >= 0) {
546 result = GetFrameArguments(isolate, &it, function_index);
547 break;
548 }
549 }
550 }
551 info.GetReturnValue().Set(Utils::ToLocal(result));
552}
553
554DirectHandle<AccessorInfo> Accessors::MakeFunctionArgumentsInfo(
555 Isolate* isolate) {
556 return MakeAccessor(isolate, isolate->factory()->arguments_string(),
557 &FunctionArgumentsGetter, nullptr);
558}
559
560//
561// Accessors::FunctionCaller
562//
563
564static inline bool AllowAccessToFunction(Tagged<Context> current_context,
565 Tagged<JSFunction> function) {
566 return current_context->HasSameSecurityTokenAs(function->context());
567}
568
569class FrameFunctionIterator {
570 public:
571 explicit FrameFunctionIterator(Isolate* isolate)
572 : isolate_(isolate), frame_iterator_(isolate), inlined_frame_index_(-1) {
573 GetFrames();
574 }
575
576 // Iterate through functions until the first occurrence of 'function'.
577 // Returns true if one is found, and false if the iterator ends before.
578 bool Find(DirectHandle<JSFunction> function) {
579 do {
580 if (!next().ToHandle(&function_)) return false;
581 } while (!function_.is_identical_to(function));
582 return true;
583 }
584
585 // Iterate through functions, at least one step, until the first candidate
586 // is found that is not toplevel and either user-provided JavaScript or
587 // "native" (not defined in user-provided scripts, but directly exposed).
588 // Returns true if one is found, and false if the iterator ends before.
589 bool FindNextNonTopLevelNativeOrUserJavaScript() {
590 do {
591 if (!next().ToHandle(&function_)) return false;
592 } while (function_->shared()->is_toplevel() ||
593 (!function_->shared()->native() &&
594 !function_->shared()->IsUserJavaScript()));
595 return true;
596 }
597
598 // In case of inlined frames the function could have been materialized from
599 // deoptimization information. If that is the case we need to make sure that
600 // subsequent call will see the same function, since we are about to hand out
601 // the value to JavaScript. Make sure to store the materialized value and
602 // trigger a deoptimization of the underlying frame.
603 DirectHandle<JSFunction> MaterializeFunction() {
604 if (inlined_frame_index_ == 0) return function_;
605
606 JavaScriptFrame* frame = frame_iterator_.frame();
607 TranslatedState translated_values(frame);
608 translated_values.Prepare(frame->fp());
609
610 TranslatedFrame* translated_frame =
611 translated_values.GetFrameFromJSFrameIndex(inlined_frame_index_);
612 TranslatedFrame::iterator iter = translated_frame->begin();
613
614 // First value is the function.
615 bool should_deoptimize = iter->IsMaterializedObject();
616 DirectHandle<Object> value = iter->GetValue();
617 if (should_deoptimize) {
618 translated_values.StoreMaterializedValuesAndDeopt(frame);
619 }
620
621 return Cast<JSFunction>(value);
622 }
623
624 private:
625 MaybeDirectHandle<JSFunction> next() {
626 while (true) {
627 if (inlined_frame_index_ <= 0) {
628 if (!frame_iterator_.done()) {
629 frame_iterator_.Advance();
630 summaries_.frames.clear();
631 inlined_frame_index_ = -1;
632 GetFrames();
633 }
634 if (inlined_frame_index_ == -1) return {};
635 }
636
637 --inlined_frame_index_;
638 DirectHandle<JSFunction> next_function =
639 summaries_.frames[inlined_frame_index_].AsJavaScript().function();
640 // Skip functions from other origins.
641 if (!AllowAccessToFunction(isolate_->context(), *next_function)) continue;
642 return next_function;
643 }
644 }
645 void GetFrames() {
646 DCHECK_EQ(-1, inlined_frame_index_);
647 if (frame_iterator_.done()) return;
648 JavaScriptFrame* frame = frame_iterator_.frame();
649 summaries_ = frame->Summarize();
650 inlined_frame_index_ = static_cast<int>(summaries_.size());
651 DCHECK_LT(0, inlined_frame_index_);
652 }
653 Isolate* isolate_;
654 DirectHandle<JSFunction> function_;
655 JavaScriptStackFrameIterator frame_iterator_;
656 FrameSummaries summaries_;
657 int inlined_frame_index_;
658};
659
660MaybeDirectHandle<JSFunction> FindCaller(Isolate* isolate,
661 DirectHandle<JSFunction> function) {
662 FrameFunctionIterator it(isolate);
663 if (function->shared()->native()) {
664 return {};
665 }
666 // Find the function from the frames. Return null in case no frame
667 // corresponding to the given function was found.
668 if (!it.Find(function)) {
669 return {};
670 }
671 // Find previously called non-toplevel function that is also a user-land
672 // JavaScript function (or the entry point into native JavaScript builtins
673 // in case such a builtin was the caller).
674 if (!it.FindNextNonTopLevelNativeOrUserJavaScript()) {
675 return {};
676 }
677
678 // Materialize the function that the iterator is currently sitting on. Note
679 // that this might trigger deoptimization in case the function was actually
680 // materialized. Identity of the function must be preserved because we are
681 // going to return it to JavaScript after this point.
682 DirectHandle<JSFunction> caller = it.MaterializeFunction();
683
684 // Censor if the caller is not a sloppy mode function.
685 // Change from ES5, which used to throw, see:
686 // https://bugs.ecmascript.org/show_bug.cgi?id=310
687 if (is_strict(caller->shared()->language_mode())) {
688 return {};
689 }
690 // Don't return caller from another security context.
691 if (!AllowAccessToFunction(isolate->context(), *caller)) {
692 return {};
693 }
694 return caller;
695}
696
697void Accessors::FunctionCallerGetter(
698 v8::Local<v8::Name> name, const v8::PropertyCallbackInfo<v8::Value>& info) {
699 i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
700 isolate->CountUsage(v8::Isolate::kFunctionPrototypeCaller);
701 HandleScope scope(isolate);
702 DirectHandle<JSFunction> function =
703 Cast<JSFunction>(Utils::OpenDirectHandle(*info.Holder()));
704 DirectHandle<Object> result;
705 MaybeDirectHandle<JSFunction> maybe_caller;
706 maybe_caller = FindCaller(isolate, function);
707 DirectHandle<JSFunction> caller;
708 // We don't support caller access with correctness fuzzing.
709 if (!v8_flags.correctness_fuzzer_suppressions &&
710 maybe_caller.ToHandle(&caller)) {
711 result = caller;
712 } else {
713 result = isolate->factory()->null_value();
714 }
715 info.GetReturnValue().Set(Utils::ToLocal(result));
716}
717
718DirectHandle<AccessorInfo> Accessors::MakeFunctionCallerInfo(Isolate* isolate) {
719 return MakeAccessor(isolate, isolate->factory()->caller_string(),
720 &FunctionCallerGetter, nullptr);
721}
722
723//
724// Accessors::BoundFunctionLength
725//
726
727void Accessors::BoundFunctionLengthGetter(
728 v8::Local<v8::Name> name, const v8::PropertyCallbackInfo<v8::Value>& info) {
729 i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
730 RCS_SCOPE(isolate, RuntimeCallCounterId::kBoundFunctionLengthGetter);
731 HandleScope scope(isolate);
732 DirectHandle<JSBoundFunction> function =
733 Cast<JSBoundFunction>(Utils::OpenDirectHandle(*info.Holder()));
734
735 int length = 0;
736 if (!JSBoundFunction::GetLength(isolate, function).To(&length)) {
737 return;
738 }
739 DirectHandle<Object> result(Smi::FromInt(length), isolate);
740 info.GetReturnValue().Set(Utils::ToLocal(result));
741}
742
743DirectHandle<AccessorInfo> Accessors::MakeBoundFunctionLengthInfo(
744 Isolate* isolate) {
745 return MakeAccessor(isolate, isolate->factory()->length_string(),
746 &BoundFunctionLengthGetter, &ReconfigureToDataProperty);
747}
748
749//
750// Accessors::BoundFunctionName
751//
752
753void Accessors::BoundFunctionNameGetter(
754 v8::Local<v8::Name> name, const v8::PropertyCallbackInfo<v8::Value>& info) {
755 i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
756 RCS_SCOPE(isolate, RuntimeCallCounterId::kBoundFunctionNameGetter);
757 HandleScope scope(isolate);
758 DirectHandle<JSBoundFunction> function =
759 Cast<JSBoundFunction>(Utils::OpenDirectHandle(*info.Holder()));
760 DirectHandle<Object> result;
761 if (!JSBoundFunction::GetName(isolate, function).ToHandle(&result)) {
762 return;
763 }
764 info.GetReturnValue().Set(Utils::ToLocal(result));
765}
766
767DirectHandle<AccessorInfo> Accessors::MakeBoundFunctionNameInfo(
768 Isolate* isolate) {
769 return MakeAccessor(isolate, isolate->factory()->name_string(),
770 &BoundFunctionNameGetter, &ReconfigureToDataProperty);
771}
772
773//
774// Accessors::WrappedFunctionLength
775//
776
777void Accessors::WrappedFunctionLengthGetter(
778 v8::Local<v8::Name> name, const v8::PropertyCallbackInfo<v8::Value>& info) {
779 i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
780 RCS_SCOPE(isolate, RuntimeCallCounterId::kBoundFunctionLengthGetter);
781 HandleScope scope(isolate);
782 auto function =
783 Cast<JSWrappedFunction>(Utils::OpenDirectHandle(*info.Holder()));
784
785 int length = 0;
786 if (!JSWrappedFunction::GetLength(isolate, function).To(&length)) {
787 return;
788 }
789 DirectHandle<Object> result(Smi::FromInt(length), isolate);
790 info.GetReturnValue().Set(Utils::ToLocal(result));
791}
792
793DirectHandle<AccessorInfo> Accessors::MakeWrappedFunctionLengthInfo(
794 Isolate* isolate) {
795 return MakeAccessor(isolate, isolate->factory()->length_string(),
796 &WrappedFunctionLengthGetter, &ReconfigureToDataProperty);
797}
798
799//
800// Accessors::ValueUnavailable
801//
802
803void Accessors::ValueUnavailableGetter(
804 v8::Local<v8::Name> name, const v8::PropertyCallbackInfo<v8::Value>& info) {
805 Isolate* isolate = reinterpret_cast<Isolate*>(info.GetIsolate());
806 HandleScope scope(isolate);
807 isolate->Throw(*isolate->factory()->NewReferenceError(
808 MessageTemplate::kAccessedUnavailableVariable,
809 Utils::OpenDirectHandle(*name)));
810}
811
812DirectHandle<AccessorInfo> Accessors::MakeValueUnavailableInfo(
813 Isolate* isolate) {
814 return MakeAccessor(isolate, isolate->factory()->empty_string(),
815 &ValueUnavailableGetter, &ReconfigureToDataProperty);
816}
817
818//
819// Accessors::WrappedFunctionName
820//
821
822void Accessors::WrappedFunctionNameGetter(
823 v8::Local<v8::Name> name, const v8::PropertyCallbackInfo<v8::Value>& info) {
824 i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
825 RCS_SCOPE(isolate, RuntimeCallCounterId::kWrappedFunctionNameGetter);
826 HandleScope scope(isolate);
827 auto function =
828 Cast<JSWrappedFunction>(Utils::OpenDirectHandle(*info.Holder()));
829 DirectHandle<Object> result;
830 if (!JSWrappedFunction::GetName(isolate, function).ToHandle(&result)) {
831 return;
832 }
833 info.GetReturnValue().Set(Utils::ToLocal(result));
834}
835
836DirectHandle<AccessorInfo> Accessors::MakeWrappedFunctionNameInfo(
837 Isolate* isolate) {
838 return MakeAccessor(isolate, isolate->factory()->name_string(),
839 &WrappedFunctionNameGetter, &ReconfigureToDataProperty);
840}
841
842// Allow usages of v8::PropertyCallbackInfo<T>::Holder() for now.
843// TODO(https://crbug.com/333672197): remove.
844END_ALLOW_USE_DEPRECATED()
845
846//
847// Accessors::ErrorStack
848//
849
850void Accessors::ErrorStackGetter(
851 const v8::FunctionCallbackInfo<v8::Value>& info) {
852 Isolate* isolate = reinterpret_cast<Isolate*>(info.GetIsolate());
853 HandleScope scope(isolate);
854 DirectHandle<Object> formatted_stack = isolate->factory()->undefined_value();
855 DirectHandle<JSReceiver> maybe_error_object =
856 Utils::OpenDirectHandle(*info.This());
857 if (IsJSObject(*maybe_error_object)) {
858 if (!ErrorUtils::GetFormattedStack(isolate,
859 Cast<JSObject>(maybe_error_object))
860 .ToHandle(&formatted_stack)) {
861 return;
862 }
863 }
864 v8::Local<v8::Value> result = Utils::ToLocal(formatted_stack);
865 CHECK(result->IsValue());
866 info.GetReturnValue().Set(result);
867}
868
869void Accessors::ErrorStackSetter(
870 const v8::FunctionCallbackInfo<v8::Value>& info) {
871 Isolate* isolate = reinterpret_cast<Isolate*>(info.GetIsolate());
872 HandleScope scope(isolate);
873 DirectHandle<JSReceiver> maybe_error_object =
874 Utils::OpenDirectHandle(*info.This());
875 if (IsJSObject(*maybe_error_object)) {
876 v8::Local<v8::Value> value = info[0];
877 ErrorUtils::SetFormattedStack(isolate, Cast<JSObject>(maybe_error_object),
878 Utils::OpenDirectHandle(*value));
879 }
880}
881
882} // namespace internal
883} // namespace v8
getter
PropertyT * getter
Definition bytecode-generator.cc:1337
v8::Isolate::kFunctionPrototypeCaller
@ kFunctionPrototypeCaller
Definition v8-isolate.h:583
v8::Isolate::kFunctionPrototypeArguments
@ kFunctionPrototypeArguments
Definition v8-isolate.h:582
v8::Utils::OpenDirectHandle
static v8::internal::DirectHandle< To > OpenDirectHandle(v8::Local< From > handle)
Definition api.h:279
v8::internal::Accessors::ReplaceAccessorWithDataProperty
static MaybeDirectHandle< Object > ReplaceAccessorWithDataProperty(Isolate *isolate, DirectHandle< JSAny > receiver, DirectHandle< JSObject > holder, DirectHandle< Name > name, DirectHandle< Object > value)
Definition accessors.cc:88
v8::internal::Accessors::MakeModuleNamespaceEntryInfo
static DirectHandle< AccessorInfo > MakeModuleNamespaceEntryInfo(Isolate *isolate, DirectHandle< String > name)
Definition accessors.cc:274
v8::internal::Accessors::MakeAccessor
static V8_EXPORT_PRIVATE DirectHandle< AccessorInfo > MakeAccessor(Isolate *isolate, DirectHandle< Name > name, AccessorNameGetterCallback getter, AccessorNameBooleanSetterCallback setter)
Definition accessors.cc:29
v8::internal::Accessors::IsJSObjectFieldAccessor
static bool IsJSObjectFieldAccessor(Isolate *isolate, DirectHandle< Map > map, DirectHandle< Name > name, FieldIndex *field_index)
Definition accessors.cc:64
v8::internal::Accessors::FunctionGetArguments
static Handle< JSObject > FunctionGetArguments(JavaScriptFrame *frame, int inlined_jsframe_index)
Definition accessors.cc:520
v8::internal::Accessors::AccessorNameBooleanSetterCallback
void(*)(Local< v8::Name > property, Local< v8::Value > value, const PropertyCallbackInfo< v8::Boolean > &info) AccessorNameBooleanSetterCallback
Definition accessors.h:136
v8::internal::CommonFrameWithJSLinkage::Summarize
FrameSummaries Summarize() const override
Definition frames.cc:2479
v8::internal::DirectHandle::is_identical_to
V8_INLINE bool is_identical_to(Handle< S > other) const
Definition handles.h:716
v8::internal::ErrorUtils::GetFormattedStack
static MaybeDirectHandle< Object > GetFormattedStack(Isolate *isolate, DirectHandle< JSObject > maybe_error_object)
Definition messages.cc:1147
v8::internal::ErrorUtils::SetFormattedStack
static void SetFormattedStack(Isolate *isolate, DirectHandle< JSObject > maybe_error_object, DirectHandle< Object > formatted_stack)
Definition messages.cc:1192
v8::internal::Factory::NewAccessorInfo
DirectHandle< AccessorInfo > NewAccessorInfo()
Definition factory.cc:1512
v8::internal::Factory::InternalizeName
Handle< Name > InternalizeName(Handle< T > name)
Definition factory-inl.h:51
v8::internal::FieldIndex::ForInObjectOffset
static FieldIndex ForInObjectOffset(int offset, Encoding encoding)
Definition field-index-inl.h:20
v8::internal::FrameFunctionIterator::MaterializeFunction
DirectHandle< JSFunction > MaterializeFunction()
Definition accessors.cc:603
v8::internal::FrameFunctionIterator::Find
bool Find(DirectHandle< JSFunction > function)
Definition accessors.cc:578
v8::internal::FrameFunctionIterator::next
MaybeDirectHandle< JSFunction > next()
Definition accessors.cc:625
v8::internal::FrameFunctionIterator::function_
DirectHandle< JSFunction > function_
Definition accessors.cc:654
v8::internal::FrameFunctionIterator::frame_iterator_
JavaScriptStackFrameIterator frame_iterator_
Definition accessors.cc:655
v8::internal::FrameFunctionIterator::FrameFunctionIterator
FrameFunctionIterator(Isolate *isolate)
Definition accessors.cc:571
v8::internal::Isolate::CountUsage
void CountUsage(v8::Isolate::UseCounterFeature feature)
Definition isolate.cc:7028
v8::internal::Isolate::context
Tagged< Context > context() const
Definition isolate.h:800
v8::internal::JSArray::AnythingToArrayLength
static bool AnythingToArrayLength(Isolate *isolate, DirectHandle< Object > length_object, uint32_t *output)
Definition objects.cc:3188
v8::internal::JSArray::SetLength
static V8_EXPORT_PRIVATE Maybe< bool > SetLength(DirectHandle< JSArray > array, uint32_t length)
Definition objects.cc:4812
v8::internal::JSArray::HasReadOnlyLength
static bool HasReadOnlyLength(DirectHandle< JSArray > array)
Definition objects.cc:4962
v8::internal::JSBoundFunction::GetName
static MaybeHandle< String > GetName(Isolate *isolate, DirectHandle< JSBoundFunction > function)
Definition js-function.cc:441
v8::internal::JSBoundFunction::GetLength
static Maybe< int > GetLength(Isolate *isolate, DirectHandle< JSBoundFunction > function)
Definition js-function.cc:472
v8::internal::JSFunction::SetPrototype
static void SetPrototype(DirectHandle< JSFunction > function, DirectHandle< Object > value)
Definition js-function.cc:862
v8::internal::JSFunction::GetName
static Handle< String > GetName(Isolate *isolate, DirectHandle< JSFunction > function)
Definition js-function.cc:614
v8::internal::JSWrappedFunction::GetLength
static Maybe< int > GetLength(Isolate *isolate, DirectHandle< JSWrappedFunction > function)
Definition js-function.cc:538
v8::internal::JSWrappedFunction::GetName
static MaybeHandle< String > GetName(Isolate *isolate, DirectHandle< JSWrappedFunction > function)
Definition js-function.cc:516
v8::internal::JavaScriptStackFrameIterator::frame
JavaScriptFrame * frame() const
Definition frames.h:1760
v8::internal::JavaScriptStackFrameIterator::Advance
V8_EXPORT_PRIVATE void Advance()
Definition frames.cc:341
v8::internal::Name::Equals
bool Equals(Tagged< Name > other)
Definition name-inl.h:76
v8::internal::Object::ToArrayLength
static bool ToArrayLength(Tagged< Object > obj, uint32_t *index)
Definition objects-inl.h:1648
v8::internal::Object::NumberValue
static double NumberValue(Tagged< Number > obj)
Definition objects-inl.h:678
v8::internal::Object::SameValue
static V8_EXPORT_PRIVATE bool SameValue(Tagged< Object > obj, Tagged< Object > other)
Definition objects.cc:1706
v8::internal::Smi::FromInt
static constexpr Tagged< Smi > FromInt(int value)
Definition smi.h:38
v8::internal::StackFrame::isolate
Isolate * isolate() const
Definition frames.h:376
v8::internal::StackFrame::fp
Address fp() const
Definition frames.h:297
v8::internal::TranslatedState::StoreMaterializedValuesAndDeopt
void StoreMaterializedValuesAndDeopt(JavaScriptFrame *frame)
Definition translated-state.cc:2729
v8::internal::TranslatedState::GetFrameFromJSFrameIndex
TranslatedFrame * GetFrameFromJSFrameIndex(int jsframe_index)
Definition translated-state.cc:2665
v8::internal::TranslatedState::Prepare
void Prepare(Address stack_frame_pointer)
Definition translated-state.cc:1982
info
Handle< SharedFunctionInfo > info
Definition debug-coverage.cc:593
offset
int32_t offset
Definition instruction-selector-ia32.cc:67
receiver
TNode< Object > receiver
Definition js-call-reducer.cc:1498
result
ZoneVector< RpoNumber > & result
Definition jump-threading.cc:21
length_
const int length_
Definition mul-fft.cc:473
v8::internal::DisallowGarbageCollection
PerThreadAssertScopeDebugOnly< false, SAFEPOINTS_ASSERT, HEAP_ALLOCATION_ASSERT > DisallowGarbageCollection
Definition assert-scope.h:236
v8::internal::Tagged
Tagged(T object) -> Tagged< T >
v8::internal::AllowAccessToFunction
static bool AllowAccessToFunction(Tagged< Context > current_context, Tagged< JSFunction > function)
Definition accessors.cc:564
v8::internal::IsResumableFunction
bool IsResumableFunction(FunctionKind kind)
Definition function-kind.h:101
v8::internal::CheckForName
static V8_INLINE bool CheckForName(Isolate *isolate, DirectHandle< Name > name, DirectHandle< String > property_name, int offset, FieldIndex::Encoding encoding, FieldIndex *index)
Definition accessors.cc:51
v8::internal::is_strict
bool is_strict(LanguageMode language_mode)
Definition globals.h:777
v8::internal::v8_flags
V8_EXPORT_PRIVATE FlagValues v8_flags
v8::internal::value
return value
Definition map-inl.h:893
v8::internal::GetFunctionPrototype
static DirectHandle< Object > GetFunctionPrototype(Isolate *isolate, DirectHandle< JSFunction > function)
Definition accessors.cc:318
v8::internal::FindCaller
MaybeDirectHandle< JSFunction > FindCaller(Isolate *isolate, DirectHandle< JSFunction > function)
Definition accessors.cc:660
v8::internal::CodeKindCanDeoptimize
constexpr bool CodeKindCanDeoptimize(CodeKind kind)
Definition code-kind.h:83
v8::internal::Cast
Tagged< To > Cast(Tagged< From > value, const v8::SourceLocation &loc=INIT_SOURCE_LOCATION_IN_DEBUG)
Definition casting.h:150
v8::AccessorNameGetterCallback
void(*)(Local< Name > property, const PropertyCallbackInfo< Value > &info) AccessorNameGetterCallback
Definition v8-object.h:155
v8::Handle
Local< T > Handle
Definition v8-local-handle.h:621
RCS_SCOPE
#define RCS_SCOPE(...)
Definition runtime-call-stats-scope.h:49
FATAL
#define FATAL(...)
Definition logging.h:47
CHECK
#define CHECK(condition)
Definition logging.h:124
CHECK_EQ
#define CHECK_EQ(lhs, rhs)
DCHECK
#define DCHECK(condition)
Definition logging.h:482
DCHECK_LT
#define DCHECK_LT(v1, v2)
Definition logging.h:489
DCHECK_EQ
#define DCHECK_EQ(v1, v2)
Definition logging.h:485
v8::internal::FrameSummaries::frames
std::vector< FrameSummary > frames
Definition frames.h:631
V8_INLINE
#define V8_INLINE
Definition v8config.h:500
END_ALLOW_USE_DEPRECATED
#define END_ALLOW_USE_DEPRECATED()
Definition v8config.h:634
V8_WARN_UNUSED_RESULT
#define V8_WARN_UNUSED_RESULT
Definition v8config.h:671
V8_UNLIKELY
#define V8_UNLIKELY(condition)
Definition v8config.h:660
START_ALLOW_USE_DEPRECATED
#define START_ALLOW_USE_DEPRECATED()
Definition v8config.h:633