Object.observe: generate change records for indexed properties.

src/objects.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 2743 matching lines @@
 
   int attributes = NONE;
   if (enumerable->ToBoolean()->IsFalse()) attributes |= DONT_ENUM;
   if (configurable->ToBoolean()->IsFalse()) attributes |= DONT_DELETE;
   if (writable->ToBoolean()->IsFalse()) attributes |= READ_ONLY;
   return static_cast<PropertyAttributes>(attributes);
 }
 
 
 MUST_USE_RESULT PropertyAttributes JSProxy::GetElementAttributeWithHandler(
-    JSReceiver* receiver,
+    JSReceiver* receiver_raw,
     uint32_t index) {
   Isolate* isolate = GetIsolate();
   HandleScope scope(isolate);
+  Handle<JSProxy> proxy(this);
+  Handle<JSReceiver> receiver(receiver_raw);
   Handle<String> name = isolate->factory()->Uint32ToString(index);
-  return GetPropertyAttributeWithHandler(receiver, *name);
+  return proxy->GetPropertyAttributeWithHandler(*receiver, *name);
 }
 
 
 void JSProxy::Fix() {
   Isolate* isolate = GetIsolate();
   HandleScope scope(isolate);
   Handle<JSProxy> self(this);
 
   // Save identity hash.
   MaybeObject* maybe_hash = GetIdentityHash(OMIT_CREATION);
@@ skipping 113 matching lines @@
     if (strict_mode == kStrictMode) {
       Handle<Object> args[] = { name, self };
       return heap->isolate()->Throw(*heap->isolate()->factory()->NewTypeError(
           "strict_read_only_property", HandleVector(args, ARRAY_SIZE(args))));
     } else {
       return *value;
     }
   }
 
   Handle<Object> old_value(heap->the_hole_value());
+  PropertyAttributes old_attributes;
   if (FLAG_harmony_observation && map()->is_observed()) {
-    // TODO(observe): save oldValue
+    switch (lookup->type()) {
+      case NORMAL:
+      case FIELD:
+      case CONSTANT_FUNCTION:
+      case INTERCEPTOR:
+        old_value =
+            Object::GetProperty(self, self, lookup, name, &old_attributes);
+      case CALLBACKS:
+      case TRANSITION:
+      case HANDLER:
+      case NONEXISTENT:
+        break;
+    }
   }
 
   // This is a real property that is not read-only, or it is a
   // transition or null descriptor and there are no setters in the prototypes.
   MaybeObject* result = *value;
   switch (lookup->type()) {
     case NORMAL:
       result = self->SetNormalizedProperty(lookup, *value);
       break;
     case FIELD:
@@ skipping 59 matching lines @@
     }
     case HANDLER:
     case NONEXISTENT:
       UNREACHABLE();
   }
 
   Handle<Object> hresult;
   if (!result->ToHandle(&hresult)) return result;
 
   if (FLAG_harmony_observation && map()->is_observed()) {
-    this->EnqueueChangeRecord("updated", name, old_value);
+    PropertyAttributes new_attributes = self->GetLocalPropertyAttribute(*name);
+    if (lookup->IsTransition()) {
+      self->EnqueueChangeRecord("new", name, old_value);
+    } else if (new_attributes != old_attributes) {
+      self->EnqueueChangeRecord("reconfigured", name, old_value);
+    } else {
+      PropertyAttributes attributes;
+      Handle<Object> new_value =
+          Object::GetProperty(self, self, lookup, name, &attributes);
+      if (!new_value->SameValue(*old_value))
+        self->EnqueueChangeRecord("updated", name, old_value);
+    }
   }
 
   return *hresult;
 }
 
 
 // Set a real local property, even if it is READ_ONLY.  If the property is not
 // present, add it with attributes NONE.  This code is an exact clone of
 // SetProperty, with the check for IsReadOnly and the check for a
 // callback setter removed.  The two lines looking up the LookupResult
 // result are also added.  If one of the functions is changed, the other
 // should be.
 // Note that this method cannot be used to set the prototype of a function
 // because ConvertDescriptorToField() which is called in "case CALLBACKS:"
 // doesn't handle function prototypes correctly.
 Handle<Object> JSObject::SetLocalPropertyIgnoreAttributes(
     Handle<JSObject> object,
     Handle<String> key,
     Handle<Object> value,
     PropertyAttributes attributes) {
   CALL_HEAP_FUNCTION(
     object->GetIsolate(),
     object->SetLocalPropertyIgnoreAttributes(*key, *value, attributes),
     Object);
 }
 
 
 MaybeObject* JSObject::SetLocalPropertyIgnoreAttributes(
-    String* name,
-    Object* value,
+    String* name_raw,
+    Object* value_raw,
     PropertyAttributes attributes) {
   // Make sure that the top context does not change when doing callbacks or
   // interceptor calls.
   AssertNoContextChange ncc;
   Isolate* isolate = GetIsolate();
   LookupResult lookup(isolate);
-  LocalLookup(name, &lookup);
-  if (!lookup.IsFound()) map()->LookupTransition(this, name, &lookup);
+  LocalLookup(name_raw, &lookup);
+  if (!lookup.IsFound()) map()->LookupTransition(this, name_raw, &lookup);
   // Check access rights if needed.
   if (IsAccessCheckNeeded()) {
-    if (!isolate->MayNamedAccess(this, name, v8::ACCESS_SET)) {
+    if (!isolate->MayNamedAccess(this, name_raw, v8::ACCESS_SET)) {
       return SetPropertyWithFailedAccessCheck(&lookup,
-                                              name,
-                                              value,
+                                              name_raw,
+                                              value_raw,
                                               false,
                                               kNonStrictMode);
     }
   }
 
   if (IsJSGlobalProxy()) {
     Object* proto = GetPrototype();
-    if (proto->IsNull()) return value;
+    if (proto->IsNull()) return value_raw;
     ASSERT(proto->IsJSGlobalObject());
     return JSObject::cast(proto)->SetLocalPropertyIgnoreAttributes(
-        name,
-        value,
+        name_raw,
+        value_raw,
         attributes);
   }
 
   // Check for accessor in prototype chain removed here in clone.
   if (!lookup.IsFound()) {
     // Neither properties nor transitions found.
-    return AddProperty(name, value, attributes, kNonStrictMode);
+    return AddProperty(name_raw, value_raw, attributes, kNonStrictMode);
   }
 
+  // From this point on everything needs to be handlified.
+  HandleScope scope(GetIsolate());
+  Handle<JSObject> self(this);
+  Handle<String> name(name_raw);
+  Handle<Object> value(value_raw);
+
   Handle<Object> old_value(isolate->heap()->the_hole_value());
+  PropertyAttributes old_attributes;
   if (FLAG_harmony_observation && map()->is_observed()) {
-    // TODO(observe): save oldValue
+    switch (lookup.type()) {
+      case NORMAL:
+      case FIELD:
+      case CONSTANT_FUNCTION:
+      case INTERCEPTOR:
+        old_value =
+            Object::GetProperty(self, self, &lookup, name, &old_attributes);
+      case CALLBACKS:
+      case TRANSITION:
+      case HANDLER:
+      case NONEXISTENT:
+        break;
+    }
   }
 
   // Check of IsReadOnly removed from here in clone.
-  MaybeObject* result = value;
+  MaybeObject* result = *value;
   switch (lookup.type()) {
     case NORMAL: {
       PropertyDetails details = PropertyDetails(attributes, NORMAL);
-      result = SetNormalizedProperty(name, value, details);
+      result = self->SetNormalizedProperty(*name, *value, details);
       break;
     }
     case FIELD:
-      result = FastPropertyAtPut(lookup.GetFieldIndex(), value);
+      result = self->FastPropertyAtPut(lookup.GetFieldIndex(), *value);
       break;
     case CONSTANT_FUNCTION:
       // Only replace the function if necessary.
-      if (value == lookup.GetConstantFunction()) return value;
-      // Preserve the attributes of this existing property.
-      attributes = lookup.GetAttributes();
-      result = ConvertDescriptorToField(name, value, attributes);
+      if (*value != lookup.GetConstantFunction()) {
+        // Preserve the attributes of this existing property.
+        attributes = lookup.GetAttributes();
+        result = self->ConvertDescriptorToField(*name, *value, attributes);
+      }
       break;
     case CALLBACKS:
     case INTERCEPTOR:
       // Override callback in clone
-      result = ConvertDescriptorToField(name, value, attributes);
+      result = self->ConvertDescriptorToField(*name, *value, attributes);
       break;
     case TRANSITION: {
       Map* transition_map = lookup.GetTransitionTarget();
       int descriptor = transition_map->LastAdded();
 
       DescriptorArray* descriptors = transition_map->instance_descriptors();
       PropertyDetails details = descriptors->GetDetails(descriptor);
 
       if (details.type() == FIELD) {
         if (attributes == details.attributes()) {
           int field_index = descriptors->GetFieldIndex(descriptor);
-          result = AddFastPropertyUsingMap(transition_map,
-                                           name,
-                                           value,
-                                           field_index);
+          result = self->AddFastPropertyUsingMap(
+              transition_map, *name, *value, field_index);
         } else {
-          result = ConvertDescriptorToField(name, value, attributes);
+          result = self->ConvertDescriptorToField(*name, *value, attributes);
         }
       } else if (details.type() == CALLBACKS) {
-        result = ConvertDescriptorToField(name, value, attributes);
+        result = self->ConvertDescriptorToField(*name, *value, attributes);
       } else {
         ASSERT(details.type() == CONSTANT_FUNCTION);
 
         // Replace transition to CONSTANT FUNCTION with a map transition to a
         // new map with a FIELD, even if the value is a function.
-        result = ConvertTransitionToMapTransition(
-            lookup.GetTransitionIndex(), name, value, attributes);
+        result = self->ConvertTransitionToMapTransition(
+            lookup.GetTransitionIndex(), *name, *value, attributes);
       }
       break;
     }
     case HANDLER:
     case NONEXISTENT:
       UNREACHABLE();
   }
 
   Handle<Object> hresult;
   if (!result->ToHandle(&hresult)) return result;
 
   if (FLAG_harmony_observation && map()->is_observed()) {
-    const char* type =
-        attributes == lookup.GetAttributes() ? "updated" : "reconfigured";
-    this->EnqueueChangeRecord(type, handle(name), old_value);
+    PropertyAttributes new_attributes = self->GetLocalPropertyAttribute(*name);
+    if (lookup.IsTransition()) {
+      self->EnqueueChangeRecord("new", name, old_value);
+    } else if (new_attributes != old_attributes) {
+      self->EnqueueChangeRecord("reconfigured", name, old_value);
+    } else {
+      Handle<Object> new_value =
+          Object::GetProperty(self, self, &lookup, name, &old_attributes);
+      if (!new_value->SameValue(*old_value))
+        self->EnqueueChangeRecord("updated", name, old_value);
+    }
   }
 
   return *hresult;
 }
 
 
 PropertyAttributes JSObject::GetPropertyAttributePostInterceptor(
       JSObject* receiver,
       String* name,
       bool continue_search) {
@@ skipping 63 matching lines @@
                                                             *name_handle,
                                                             continue_search);
 }
 
 
 PropertyAttributes JSReceiver::GetPropertyAttributeWithReceiver(
       JSReceiver* receiver,
       String* key) {
   uint32_t index = 0;
   if (IsJSObject() && key->AsArrayIndex(&index)) {
-    return JSObject::cast(this)->HasElementWithReceiver(receiver, index)
-        ? NONE : ABSENT;
+    return JSObject::cast(this)->GetElementAttributeWithReceiver(
+        receiver, index, true);
   }
   // Named property.
-  LookupResult result(GetIsolate());
-  Lookup(key, &result);
-  return GetPropertyAttribute(receiver, &result, key, true);
+  LookupResult lookup(GetIsolate());
+  Lookup(key, &lookup);
+  return GetPropertyAttributeForResult(receiver, &lookup, key, true);
 }
 
 
-PropertyAttributes JSReceiver::GetPropertyAttribute(JSReceiver* receiver,
-                                                    LookupResult* result,
-                                                    String* name,
-                                                    bool continue_search) {
+PropertyAttributes JSReceiver::GetPropertyAttributeForResult(
+    JSReceiver* receiver,
+    LookupResult* lookup,
+    String* name,
+    bool continue_search) {
   // Check access rights if needed.
   if (IsAccessCheckNeeded()) {
     JSObject* this_obj = JSObject::cast(this);
     Heap* heap = GetHeap();
     if (!heap->isolate()->MayNamedAccess(this_obj, name, v8::ACCESS_HAS)) {
       return this_obj->GetPropertyAttributeWithFailedAccessCheck(
-          receiver, result, name, continue_search);
+          receiver, lookup, name, continue_search);
     }
   }
-  if (result->IsFound()) {
-    switch (result->type()) {
+  if (lookup->IsFound()) {
+    switch (lookup->type()) {
       case NORMAL:  // fall through
       case FIELD:
       case CONSTANT_FUNCTION:
       case CALLBACKS:
-        return result->GetAttributes();
+        return lookup->GetAttributes();
       case HANDLER: {
-        return JSProxy::cast(result->proxy())->GetPropertyAttributeWithHandler(
+        return JSProxy::cast(lookup->proxy())->GetPropertyAttributeWithHandler(
             receiver, name);
       }
       case INTERCEPTOR:
-        return result->holder()->GetPropertyAttributeWithInterceptor(
+        return lookup->holder()->GetPropertyAttributeWithInterceptor(
             JSObject::cast(receiver), name, continue_search);
       case TRANSITION:
       case NONEXISTENT:
         UNREACHABLE();
     }
   }
   return ABSENT;
 }
 
 
 PropertyAttributes JSReceiver::GetLocalPropertyAttribute(String* name) {
   // Check whether the name is an array index.
   uint32_t index = 0;
   if (IsJSObject() && name->AsArrayIndex(&index)) {
-    if (JSObject::cast(this)->HasLocalElement(index)) return NONE;
-    return ABSENT;
+    return GetLocalElementAttribute(index);
   }
   // Named property.
-  LookupResult result(GetIsolate());
-  LocalLookup(name, &result);
-  return GetPropertyAttribute(this, &result, name, false);
+  LookupResult lookup(GetIsolate());
+  LocalLookup(name, &lookup);
+  return GetPropertyAttributeForResult(this, &lookup, name, false);
 }
 
 
+PropertyAttributes JSObject::GetElementAttributeWithReceiver(
+    JSReceiver* receiver, uint32_t index, bool continue_search) {
+  Isolate* isolate = GetIsolate();
+
+  // Check access rights if needed.
+  if (IsAccessCheckNeeded()) {
+    if (!isolate->MayIndexedAccess(this, index, v8::ACCESS_HAS)) {
+      isolate->ReportFailedAccessCheck(this, v8::ACCESS_HAS);
+      return ABSENT;
+    }
+  }
+
+  if (IsJSGlobalProxy()) {
+    Object* proto = GetPrototype();
+    if (proto->IsNull()) return ABSENT;
+    ASSERT(proto->IsJSGlobalObject());
+    return JSReceiver::cast(proto)->GetLocalElementAttribute(index);
+  }
+
+  // Check for lookup interceptor except when bootstrapping.
+  if (HasIndexedInterceptor() && !isolate->bootstrapper()->IsActive()) {
+    return GetElementAttributeWithInterceptor(this, index, continue_search);
+  }
+
+  return GetElementAttributeWithoutInterceptor(this, index, continue_search);
+}
+
+
+PropertyAttributes JSObject::GetElementAttributeWithInterceptor(
+    JSReceiver* receiver, uint32_t index, bool continue_search) {
+  Isolate* isolate = GetIsolate();
+  // Make sure that the top context does not change when doing
+  // callbacks or interceptor calls.
+  AssertNoContextChange ncc;
+  HandleScope scope(isolate);
+  Handle<InterceptorInfo> interceptor(GetIndexedInterceptor());
+  Handle<JSReceiver> hreceiver(receiver);
+  Handle<JSObject> holder(this);
+  CustomArguments args(isolate, interceptor->data(), receiver, this);
+  v8::AccessorInfo info(args.end());
+  if (!interceptor->query()->IsUndefined()) {
+    v8::IndexedPropertyQuery query =
+        v8::ToCData<v8::IndexedPropertyQuery>(interceptor->query());
+    LOG(isolate,
+        ApiIndexedPropertyAccess("interceptor-indexed-has", this, index));
+    v8::Handle<v8::Integer> result;
+    {
+      // Leaving JavaScript.
+      VMState state(isolate, EXTERNAL);
+      result = query(index, info);
+    }
+    if (!result.IsEmpty())
+      return static_cast<PropertyAttributes>(result->Int32Value());
+  } else if (!interceptor->getter()->IsUndefined()) {
+    v8::IndexedPropertyGetter getter =
+        v8::ToCData<v8::IndexedPropertyGetter>(interceptor->getter());
+    LOG(isolate,
+        ApiIndexedPropertyAccess("interceptor-indexed-get-has", this, index));
+    v8::Handle<v8::Value> result;
+    {
+      // Leaving JavaScript.
+      VMState state(isolate, EXTERNAL);
+      result = getter(index, info);
+    }
+    if (!result.IsEmpty()) return DONT_ENUM;
+  }
+
+  return holder->GetElementAttributeWithoutInterceptor(
+      *hreceiver, index, continue_search);
+}
+
+
+PropertyAttributes JSObject::GetElementAttributeWithoutInterceptor(
+      JSReceiver* receiver, uint32_t index, bool continue_search) {
+  Isolate* isolate = GetIsolate();
+  HandleScope scope(isolate);
+  Handle<JSReceiver> hreceiver(receiver);
+  Handle<JSObject> holder(this);
+  PropertyAttributes attr = holder->GetElementsAccessor()->GetAttributes(
+      *hreceiver, *holder, index);
+  if (attr != ABSENT) return attr;
+
+  if (holder->IsStringObjectWithCharacterAt(index)) {
+    return static_cast<PropertyAttributes>(READ_ONLY | DONT_DELETE);
+  }
+
+  if (!continue_search) return ABSENT;
+
+  Object* pt = holder->GetPrototype();
+  if (pt->IsJSProxy()) {
+    // We need to follow the spec and simulate a call to [[GetOwnProperty]].
+    return JSProxy::cast(pt)->GetElementAttributeWithHandler(*hreceiver, index);
+  }
+  if (pt->IsNull()) return ABSENT;
+  return JSObject::cast(pt)->GetElementAttributeWithReceiver(
+      *hreceiver, index, true);
+}
+
+
 MaybeObject* NormalizedMapCache::Get(JSObject* obj,
                                      PropertyNormalizationMode mode) {
   Isolate* isolate = obj->GetIsolate();
   Map* fast = obj->map();
   int index = fast->Hash() % kEntries;
   Object* result = get(index);
   if (result->IsMap() &&
       Map::cast(result)->EquivalentToForNormalization(fast, mode)) {
 #ifdef VERIFY_HEAP
     if (FLAG_verify_heap) {
@@ skipping 701 matching lines @@
     return isolate->heap()->false_value();
   }
 
   if (IsJSGlobalProxy()) {
     Object* proto = GetPrototype();
     if (proto->IsNull()) return isolate->heap()->false_value();
     ASSERT(proto->IsJSGlobalObject());
     return JSGlobalObject::cast(proto)->DeleteElement(index, mode);
   }
 
-  if (HasIndexedInterceptor()) {
-    // Skip interceptor if forcing deletion.
-    if (mode != FORCE_DELETION) {
-      return DeleteElementWithInterceptor(index);
+  // From this point on everything needs to be handlified.
+  HandleScope scope(isolate);
+  Handle<JSObject> self(this);
+
+  Handle<String> name;
+  Handle<Object> old_value(isolate->heap()->the_hole_value());
+  bool preexists = false;
+  if (FLAG_harmony_observation && map()->is_observed()) {
+    name = isolate->factory()->Uint32ToString(index);
+    preexists = self->HasLocalElement(index);
+    if (preexists) {
+      // TODO(observe): only read & set old_value if it's not an accessor
+      old_value = Object::GetElement(self, index);
     }
-    mode = JSReceiver::FORCE_DELETION;
   }
 
-  return GetElementsAccessor()->Delete(this, index, mode);
+  MaybeObject* result;
+  // Skip interceptor if forcing deletion.
+  if (self->HasIndexedInterceptor() && mode != FORCE_DELETION) {
+    result = self->DeleteElementWithInterceptor(index);
+  } else {
+    result = self->GetElementsAccessor()->Delete(*self, index, mode);
+  }
+
+  Handle<Object> hresult;
+  if (!result->ToHandle(&hresult)) return result;
+
+  if (FLAG_harmony_observation && map()->is_observed()) {
+    if (preexists && !self->HasLocalElement(index))
+      self->EnqueueChangeRecord("deleted", name, old_value);
+  }
+
+  return *hresult;
 }
 
 
 Handle<Object> JSObject::DeleteProperty(Handle<JSObject> obj,
                               Handle<String> prop) {
   CALL_HEAP_FUNCTION(obj->GetIsolate(),
                      obj->DeleteProperty(*prop, JSObject::NORMAL_DELETION),
                      Object);
 }
 
@@ skipping 30 matching lines @@
     if (mode == STRICT_DELETION) {
       // Deleting a non-configurable property in strict mode.
       HandleScope scope(isolate);
       Handle<Object> args[2] = { Handle<Object>(name), Handle<Object>(this) };
       return isolate->Throw(*isolate->factory()->NewTypeError(
           "strict_delete_property", HandleVector(args, 2)));
     }
     return isolate->heap()->false_value();
   }
 
+  // From this point on everything needs to be handlified.
   HandleScope scope(isolate);
+  Handle<JSObject> self(this);
+  Handle<String> hname(name);
+
   Handle<Object> old_value(isolate->heap()->the_hole_value());
   if (FLAG_harmony_observation && map()->is_observed()) {
-    // TODO(observe): save oldValue
+    switch (lookup.type()) {
+      case NORMAL:
+      case FIELD:
+      case CONSTANT_FUNCTION:
+      case INTERCEPTOR: {
+        PropertyAttributes old_attributes;
+        old_value =
+            Object::GetProperty(self, self, &lookup, hname, &old_attributes);
+      }
+      case CALLBACKS:
+      case TRANSITION:
+      case HANDLER:
+      case NONEXISTENT:
+        break;
+    }
   }
   MaybeObject* result;
 
   // Check for interceptor.
   if (lookup.IsInterceptor()) {
     // Skip interceptor if forcing a deletion.
     if (mode == FORCE_DELETION) {
-      result = DeletePropertyPostInterceptor(name, mode);
+      result = self->DeletePropertyPostInterceptor(*hname, mode);
     } else {
-      result = DeletePropertyWithInterceptor(name);
+      result = self->DeletePropertyWithInterceptor(*hname);
     }
   } else {
     // Normalize object if needed.
     Object* obj;
-    result = NormalizeProperties(CLEAR_INOBJECT_PROPERTIES, 0);
-    if (!result->ToObject(&obj)) return result;
+    result = self->NormalizeProperties(CLEAR_INOBJECT_PROPERTIES, 0);
+    if (!result->To(&obj)) return result;
     // Make sure the properties are normalized before removing the entry.
-    result = DeleteNormalizedProperty(name, mode);
+    result = self->DeleteNormalizedProperty(*hname, mode);
   }
 
   Handle<Object> hresult;
   if (!result->ToHandle(&hresult)) return result;
 
   if (FLAG_harmony_observation && map()->is_observed()) {
-    this->EnqueueChangeRecord("deleted", handle(name), old_value);
+    if (!self->HasLocalProperty(*hname))
+      self->EnqueueChangeRecord("deleted", hname, old_value);
   }
 
   return *hresult;
 }
 
 
 MaybeObject* JSReceiver::DeleteElement(uint32_t index, DeleteMode mode) {
   if (IsJSProxy()) {
     return JSProxy::cast(this)->DeleteElementWithHandler(index, mode);
   }
@@ skipping 581 matching lines @@
 void JSObject::DefineAccessor(Handle<JSObject> object,
                               Handle<String> name,
                               Handle<Object> getter,
                               Handle<Object> setter,
                               PropertyAttributes attributes) {
   CALL_HEAP_FUNCTION_VOID(
       object->GetIsolate(),
       object->DefineAccessor(*name, *getter, *setter, attributes));
 }
 
-MaybeObject* JSObject::DefineAccessor(String* name,
-                                      Object* getter,
-                                      Object* setter,
+MaybeObject* JSObject::DefineAccessor(String* name_raw,
+                                      Object* getter_raw,
+                                      Object* setter_raw,
                                       PropertyAttributes attributes) {
   Isolate* isolate = GetIsolate();
   // Check access rights if needed.
   if (IsAccessCheckNeeded() &&
-      !isolate->MayNamedAccess(this, name, v8::ACCESS_SET)) {
+      !isolate->MayNamedAccess(this, name_raw, v8::ACCESS_SET)) {
     isolate->ReportFailedAccessCheck(this, v8::ACCESS_SET);
     return isolate->heap()->undefined_value();
   }
 
   if (IsJSGlobalProxy()) {
     Object* proto = GetPrototype();
     if (proto->IsNull()) return this;
     ASSERT(proto->IsJSGlobalObject());
     return JSObject::cast(proto)->DefineAccessor(
-        name, getter, setter, attributes);
+        name_raw, getter_raw, setter_raw, attributes);
   }
 
   // Make sure that the top context does not change when doing callbacks or
   // interceptor calls.
   AssertNoContextChange ncc;
 
   // Try to flatten before operating on the string.
-  name->TryFlatten();
+  name_raw->TryFlatten();
 
-  if (!CanSetCallback(name)) return isolate->heap()->undefined_value();
+  if (!CanSetCallback(name_raw)) return isolate->heap()->undefined_value();
+
+  // From this point on everything needs to be handlified.
+  HandleScope scope(GetIsolate());
+  Handle<JSObject> self(this);
+  Handle<String> name(name_raw);
+  Handle<Object> getter(getter_raw);
+  Handle<Object> setter(setter_raw);
+
+  uint32_t index = 0;
+  bool is_element = name->AsArrayIndex(&index);
 
   Handle<Object> old_value(isolate->heap()->the_hole_value());
   bool preexists = false;
   if (FLAG_harmony_observation && map()->is_observed()) {
-    LookupResult result(isolate);
-    LocalLookup(name, &result);
-    preexists = result.IsFound();
-    // TODO(observe): save oldValue
+    if (is_element) {
+      preexists = HasLocalElement(index);
+      if (preexists) {
+        // TODO(observe): distinguish the case where it's an accessor
+        old_value = Object::GetElement(self, index);
+      }
+    } else {
+      LookupResult lookup(isolate);
+      LocalLookup(*name, &lookup);
+      preexists = lookup.IsProperty();
+      if (preexists) {
+        switch (lookup.type()) {
+          case NORMAL:
+          case FIELD:
+          case CONSTANT_FUNCTION:
+          case INTERCEPTOR: {
+            PropertyAttributes old_attributes;
+            old_value =
+                Object::GetProperty(self, self, &lookup, name, &old_attributes);
+          }
+          case CALLBACKS:
+          case TRANSITION:
+          case HANDLER:
+          case NONEXISTENT:
+            break;
+        }
+    }
+    }
   }
 
-  uint32_t index = 0;
-  MaybeObject* result = name->AsArrayIndex(&index)
-      ? DefineElementAccessor(index, getter, setter, attributes)
-      : DefinePropertyAccessor(name, getter, setter, attributes);
+  MaybeObject* result = is_element ?
+    self->DefineElementAccessor(index, *getter, *setter, attributes) :
+    self->DefinePropertyAccessor(*name, *getter, *setter, attributes);
 
   Handle<Object> hresult;
   if (!result->ToHandle(&hresult)) return result;
 
   if (FLAG_harmony_observation && map()->is_observed()) {
     const char* type = preexists ? "reconfigured" : "new";
-    this->EnqueueChangeRecord(type, handle(name), old_value);
+    self->EnqueueChangeRecord(type, name, old_value);
   }
 
   return *hresult;
 }
 
 
 static MaybeObject* TryAccessorTransition(JSObject* self,
                                           Map* transitioned_map,
                                           int target_descriptor,
                                           AccessorComponent component,
@@ skipping 5271 matching lines @@
     }
   }
   CALL_HEAP_FUNCTION(
       object->GetIsolate(),
       object->SetElement(index, *value, attr, strict_mode, true, set_mode),
       Object);
 }
 
 
 MaybeObject* JSObject::SetElement(uint32_t index,
-                                  Object* value,
+                                  Object* value_raw,
                                   PropertyAttributes attributes,
                                   StrictModeFlag strict_mode,
                                   bool check_prototype,
                                   SetPropertyMode set_mode) {
+  Isolate* isolate = GetIsolate();
+  HandleScope scope(isolate);
+  Handle<JSObject> self(this);
+  Handle<Object> value(value_raw);
+
   // Check access rights if needed.
   if (IsAccessCheckNeeded()) {
     Heap* heap = GetHeap();
-    if (!heap->isolate()->MayIndexedAccess(this, index, v8::ACCESS_SET)) {
-      HandleScope scope(heap->isolate());
-      Handle<Object> value_handle(value);
-      heap->isolate()->ReportFailedAccessCheck(this, v8::ACCESS_SET);
-      return *value_handle;
+    if (!heap->isolate()->MayIndexedAccess(*self, index, v8::ACCESS_SET)) {
+      heap->isolate()->ReportFailedAccessCheck(*self, v8::ACCESS_SET);
+      return *value;
     }
   }
 
   if (IsJSGlobalProxy()) {
     Object* proto = GetPrototype();
-    if (proto->IsNull()) return value;
+    if (proto->IsNull()) return *value;
     ASSERT(proto->IsJSGlobalObject());
     return JSObject::cast(proto)->SetElement(index,
-                                             value,
+                                             *value,
                                              attributes,
                                              strict_mode,
                                              check_prototype,
                                              set_mode);
   }
 
   // Don't allow element properties to be redefined for external arrays.
   if (HasExternalArrayElements() && set_mode == DEFINE_PROPERTY) {
-    Isolate* isolate = GetHeap()->isolate();
-    Handle<Object> receiver(this);
     Handle<Object> number = isolate->factory()->NewNumberFromUint(index);
-    Handle<Object> args[] = { receiver, number };
+    Handle<Object> args[] = { self, number };
     Handle<Object> error = isolate->factory()->NewTypeError(
         "redef_external_array_element", HandleVector(args, ARRAY_SIZE(args)));
     return isolate->Throw(*error);
   }
 
   // Normalize the elements to enable attributes on the property.
   if ((attributes & (DONT_DELETE | DONT_ENUM | READ_ONLY)) != 0) {
     SeededNumberDictionary* dictionary;
     MaybeObject* maybe_object = NormalizeElements();
     if (!maybe_object->To(&dictionary)) return maybe_object;
     // Make sure that we never go back to fast case.
     dictionary->set_requires_slow_elements();
   }
 
-  // Check for lookup interceptor
-  if (HasIndexedInterceptor()) {
-    return SetElementWithInterceptor(index,
-                                     value,
-                                     attributes,
-                                     strict_mode,
-                                     check_prototype,
-                                     set_mode);
+  // From here on, everything has to be handlified.
+  Handle<String> name;
+  Handle<Object> old_value(isolate->heap()->the_hole_value());
+  PropertyAttributes old_attributes;
+  bool preexists = false;
+  if (FLAG_harmony_observation && map()->is_observed()) {
+    name = isolate->factory()->Uint32ToString(index);
+    preexists = self->HasLocalElement(index);
+    if (preexists) {
+      old_attributes = self->GetLocalPropertyAttribute(*name);
+      // TODO(observe): only read & set old_value if we have a data property
+      old_value = Object::GetElement(self, index);
+    }
   }
 
-  return SetElementWithoutInterceptor(index,
-                                      value,
-                                      attributes,
-                                      strict_mode,
-                                      check_prototype,
-                                      set_mode);
+  // Check for lookup interceptor
+  MaybeObject* result = self->HasIndexedInterceptor()
+    ? self->SetElementWithInterceptor(
+        index, *value, attributes, strict_mode, check_prototype, set_mode)
+    : self->SetElementWithoutInterceptor(
+        index, *value, attributes, strict_mode, check_prototype, set_mode);
+
+  Handle<Object> hresult;
+  if (!result->ToHandle(&hresult)) return result;
+
+  if (FLAG_harmony_observation && map()->is_observed()) {
+    PropertyAttributes new_attributes = self->GetLocalPropertyAttribute(*name);
+    if (!preexists) {
+      self->EnqueueChangeRecord("new", name, old_value);
+    } else if (new_attributes != old_attributes || old_value->IsTheHole()) {
+      self->EnqueueChangeRecord("reconfigured", name, old_value);
+    } else {
+      Handle<Object> newValue = Object::GetElement(self, index);
+      if (!newValue->SameValue(*old_value))
+        self->EnqueueChangeRecord("updated", name, old_value);
+    }
+  }
+
+  return *hresult;
 }
 
 
 MaybeObject* JSObject::SetElementWithoutInterceptor(uint32_t index,
                                                     Object* value,
                                                     PropertyAttributes attr,
                                                     StrictModeFlag strict_mode,
                                                     bool check_prototype,
                                                     SetPropertyMode set_mode) {
   ASSERT(HasDictionaryElements() ||
@@ skipping 3491 matching lines @@
   set_year(Smi::FromInt(year), SKIP_WRITE_BARRIER);
   set_month(Smi::FromInt(month), SKIP_WRITE_BARRIER);
   set_day(Smi::FromInt(day), SKIP_WRITE_BARRIER);
   set_weekday(Smi::FromInt(weekday), SKIP_WRITE_BARRIER);
   set_hour(Smi::FromInt(hour), SKIP_WRITE_BARRIER);
   set_min(Smi::FromInt(min), SKIP_WRITE_BARRIER);
   set_sec(Smi::FromInt(sec), SKIP_WRITE_BARRIER);
 }
 
 } }  // namespace v8::internal