| Index: src/objects.cc
|
| diff --git a/src/objects.cc b/src/objects.cc
|
| index 85ba64600563b99c64eda307a03ecca263f7e973..17d2bc861ef9a81e38d66cec2f516e61dd588048 100644
|
| --- a/src/objects.cc
|
| +++ b/src/objects.cc
|
| @@ -9248,8 +9248,10 @@ bool JSObject::HasElementWithReceiver(JSReceiver* receiver, uint32_t index) {
|
|
|
| MaybeObject* JSObject::SetElementWithInterceptor(uint32_t index,
|
| Object* value,
|
| + PropertyAttributes attributes,
|
| StrictModeFlag strict_mode,
|
| - bool check_prototype) {
|
| + bool check_prototype,
|
| + SetPropertyMode set_mode) {
|
| Isolate* isolate = GetIsolate();
|
| // Make sure that the top context does not change when doing
|
| // callbacks or interceptor calls.
|
| @@ -9277,8 +9279,10 @@ MaybeObject* JSObject::SetElementWithInterceptor(uint32_t index,
|
| MaybeObject* raw_result =
|
| this_handle->SetElementWithoutInterceptor(index,
|
| *value_handle,
|
| + attributes,
|
| strict_mode,
|
| - check_prototype);
|
| + check_prototype,
|
| + set_mode);
|
| RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
| return raw_result;
|
| }
|
| @@ -9476,7 +9480,8 @@ MaybeObject* JSObject::SetFastElement(uint32_t index,
|
| if (convert_to_slow) {
|
| MaybeObject* result = NormalizeElements();
|
| if (result->IsFailure()) return result;
|
| - return SetDictionaryElement(index, value, strict_mode, check_prototype);
|
| + return SetDictionaryElement(index, value, NONE, strict_mode,
|
| + check_prototype);
|
| }
|
| }
|
| // Convert to fast double elements if appropriate.
|
| @@ -9526,8 +9531,10 @@ MaybeObject* JSObject::SetFastElement(uint32_t index,
|
|
|
| MaybeObject* JSObject::SetDictionaryElement(uint32_t index,
|
| Object* value,
|
| + PropertyAttributes attributes,
|
| StrictModeFlag strict_mode,
|
| - bool check_prototype) {
|
| + bool check_prototype,
|
| + SetPropertyMode set_mode) {
|
| ASSERT(HasDictionaryElements() || HasDictionaryArgumentsElements());
|
| Isolate* isolate = GetIsolate();
|
| Heap* heap = isolate->heap();
|
| @@ -9547,14 +9554,18 @@ MaybeObject* JSObject::SetDictionaryElement(uint32_t index,
|
| if (entry != SeededNumberDictionary::kNotFound) {
|
| Object* element = dictionary->ValueAt(entry);
|
| PropertyDetails details = dictionary->DetailsAt(entry);
|
| - if (details.type() == CALLBACKS) {
|
| + if (details.type() == CALLBACKS && set_mode == SET_PROPERTY) {
|
| return SetElementWithCallback(element, index, value, this, strict_mode);
|
| } else {
|
| dictionary->UpdateMaxNumberKey(index);
|
| // If a value has not been initialized we allow writing to it even if it
|
| - // is read-only (a declared const that has not been initialized).
|
| - if (!dictionary->DetailsAt(entry).IsReadOnly() ||
|
| - dictionary->ValueAt(entry)->IsTheHole()) {
|
| + // is read-only (a declared const that has not been initialized). If a
|
| + // value is being defined we skip attribute checks completely.
|
| + if (set_mode == DEFINE_PROPERTY) {
|
| + details = PropertyDetails(attributes, NORMAL, details.index());
|
| + dictionary->ValueAtPut(entry, value);
|
| + dictionary->DetailsAtPut(entry, details);
|
| + } else if (!details.IsReadOnly() || element->IsTheHole()) {
|
| dictionary->ValueAtPut(entry, value);
|
| } else if (strict_mode == kStrictMode) {
|
| Handle<Object> holder(this);
|
| @@ -9591,7 +9602,8 @@ MaybeObject* JSObject::SetDictionaryElement(uint32_t index,
|
| }
|
| }
|
| FixedArrayBase* new_dictionary;
|
| - MaybeObject* maybe = dictionary->AtNumberPut(index, value);
|
| + PropertyDetails details = PropertyDetails(attributes, NORMAL);
|
| + MaybeObject* maybe = dictionary->AddNumberEntry(index, value, details);
|
| if (!maybe->To<FixedArrayBase>(&new_dictionary)) return maybe;
|
| if (dictionary != SeededNumberDictionary::cast(new_dictionary)) {
|
| if (is_arguments) {
|
| @@ -9732,18 +9744,22 @@ MUST_USE_RESULT MaybeObject* JSObject::SetFastDoubleElement(
|
| if (!maybe_obj->ToObject(&obj)) return maybe_obj;
|
| }
|
| ASSERT(HasDictionaryElements());
|
| - return SetElement(index, value, strict_mode, check_prototype);
|
| + return SetElement(index, value, NONE, strict_mode, check_prototype);
|
| }
|
|
|
|
|
| MaybeObject* JSReceiver::SetElement(uint32_t index,
|
| Object* value,
|
| + PropertyAttributes attributes,
|
| StrictModeFlag strict_mode,
|
| bool check_proto) {
|
| - return IsJSProxy()
|
| - ? JSProxy::cast(this)->SetElementWithHandler(index, value, strict_mode)
|
| - : JSObject::cast(this)->SetElement(index, value, strict_mode, check_proto)
|
| - ;
|
| + if (IsJSProxy()) {
|
| + return JSProxy::cast(this)->SetElementWithHandler(
|
| + index, value, strict_mode);
|
| + } else {
|
| + return JSObject::cast(this)->SetElement(
|
| + index, value, attributes, strict_mode, check_proto);
|
| + }
|
| }
|
|
|
|
|
| @@ -9752,16 +9768,19 @@ Handle<Object> JSObject::SetOwnElement(Handle<JSObject> object,
|
| Handle<Object> value,
|
| StrictModeFlag strict_mode) {
|
| ASSERT(!object->HasExternalArrayElements());
|
| - CALL_HEAP_FUNCTION(object->GetIsolate(),
|
| - object->SetElement(index, *value, strict_mode, false),
|
| - Object);
|
| + CALL_HEAP_FUNCTION(
|
| + object->GetIsolate(),
|
| + object->SetElement(index, *value, NONE, strict_mode, false),
|
| + Object);
|
| }
|
|
|
|
|
| Handle<Object> JSObject::SetElement(Handle<JSObject> object,
|
| uint32_t index,
|
| Handle<Object> value,
|
| - StrictModeFlag strict_mode) {
|
| + PropertyAttributes attr,
|
| + StrictModeFlag strict_mode,
|
| + SetPropertyMode set_mode) {
|
| if (object->HasExternalArrayElements()) {
|
| if (!value->IsSmi() && !value->IsHeapNumber() && !value->IsUndefined()) {
|
| bool has_exception;
|
| @@ -9770,16 +9789,19 @@ Handle<Object> JSObject::SetElement(Handle<JSObject> object,
|
| value = number;
|
| }
|
| }
|
| - CALL_HEAP_FUNCTION(object->GetIsolate(),
|
| - object->SetElement(index, *value, strict_mode, true),
|
| - Object);
|
| + CALL_HEAP_FUNCTION(
|
| + object->GetIsolate(),
|
| + object->SetElement(index, *value, attr, strict_mode, true, set_mode),
|
| + Object);
|
| }
|
|
|
|
|
| MaybeObject* JSObject::SetElement(uint32_t index,
|
| Object* value,
|
| + PropertyAttributes attributes,
|
| StrictModeFlag strict_mode,
|
| - bool check_prototype) {
|
| + bool check_prototype,
|
| + SetPropertyMode set_mode) {
|
| // Check access rights if needed.
|
| if (IsAccessCheckNeeded()) {
|
| Heap* heap = GetHeap();
|
| @@ -9797,29 +9819,59 @@ MaybeObject* JSObject::SetElement(uint32_t index,
|
| ASSERT(proto->IsJSGlobalObject());
|
| return JSObject::cast(proto)->SetElement(index,
|
| value,
|
| + attributes,
|
| strict_mode,
|
| - check_prototype);
|
| + check_prototype,
|
| + set_mode);
|
| + }
|
| +
|
| + // Don't allow element properties to be redefined for external arrays.
|
| + if (HasExternalArrayElements() && set_mode == DEFINE_PROPERTY) {
|
| + Isolate* isolate = GetHeap()->isolate();
|
| + Handle<Object> number = isolate->factory()->NewNumberFromUint(index);
|
| + Handle<Object> args[] = { Handle<Object>(this), number };
|
| + Handle<Object> error = isolate->factory()->NewTypeError(
|
| + "redef_external_array_element", HandleVector(args, ARRAY_SIZE(args)));
|
| + return isolate->Throw(*error);
|
| + }
|
| +
|
| + // Normalize the elements to enable attributes on the property.
|
| + if ((attributes & (DONT_DELETE | DONT_ENUM | READ_ONLY)) != 0) {
|
| + SeededNumberDictionary* dictionary;
|
| + MaybeObject* maybe_object = NormalizeElements();
|
| + if (!maybe_object->To(&dictionary)) return maybe_object;
|
| + // Make sure that we never go back to fast case.
|
| + dictionary->set_requires_slow_elements();
|
| }
|
|
|
| // Check for lookup interceptor
|
| if (HasIndexedInterceptor()) {
|
| return SetElementWithInterceptor(index,
|
| value,
|
| + attributes,
|
| strict_mode,
|
| - check_prototype);
|
| + check_prototype,
|
| + set_mode);
|
| }
|
|
|
| return SetElementWithoutInterceptor(index,
|
| value,
|
| + attributes,
|
| strict_mode,
|
| - check_prototype);
|
| + check_prototype,
|
| + set_mode);
|
| }
|
|
|
|
|
| MaybeObject* JSObject::SetElementWithoutInterceptor(uint32_t index,
|
| Object* value,
|
| + PropertyAttributes attr,
|
| StrictModeFlag strict_mode,
|
| - bool check_prototype) {
|
| + bool check_prototype,
|
| + SetPropertyMode set_mode) {
|
| + ASSERT(HasDictionaryElements() ||
|
| + HasDictionaryArgumentsElements() ||
|
| + (attr & (DONT_DELETE | DONT_ENUM | READ_ONLY)) == 0);
|
| Isolate* isolate = GetIsolate();
|
| switch (GetElementsKind()) {
|
| case FAST_SMI_ONLY_ELEMENTS:
|
| @@ -9867,7 +9919,8 @@ MaybeObject* JSObject::SetElementWithoutInterceptor(uint32_t index,
|
| return array->SetValue(index, value);
|
| }
|
| case DICTIONARY_ELEMENTS:
|
| - return SetDictionaryElement(index, value, strict_mode, check_prototype);
|
| + return SetDictionaryElement(index, value, attr, strict_mode,
|
| + check_prototype, set_mode);
|
| case NON_STRICT_ARGUMENTS_ELEMENTS: {
|
| FixedArray* parameter_map = FixedArray::cast(elements());
|
| uint32_t length = parameter_map->length();
|
| @@ -9883,8 +9936,8 @@ MaybeObject* JSObject::SetElementWithoutInterceptor(uint32_t index,
|
| // Object is not mapped, defer to the arguments.
|
| FixedArray* arguments = FixedArray::cast(parameter_map->get(1));
|
| if (arguments->IsDictionary()) {
|
| - return SetDictionaryElement(index, value, strict_mode,
|
| - check_prototype);
|
| + return SetDictionaryElement(index, value, attr, strict_mode,
|
| + check_prototype, set_mode);
|
| } else {
|
| return SetFastElement(index, value, strict_mode, check_prototype);
|
| }
|
|
|
Chromium Code Reviews
Issue 9443014:
Fix redefinition of aliased elements in arguments. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge