1 // Copyright 2016 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "src/builtins/builtins-utils-inl.h"
6 #include "src/builtins/builtins.h"
7 #include "src/code-factory.h"
8 #include "src/compiler.h"
9 #include "src/conversions.h"
10 #include "src/counters.h"
11 #include "src/lookup.h"
12 #include "src/objects-inl.h"
13 #include "src/objects/api-callbacks.h"
14 #include "src/string-builder-inl.h"
15
16 namespace v8 {
17 namespace internal {
18
19 namespace {
20
21 // ES6 section 19.2.1.1.1 CreateDynamicFunction
CreateDynamicFunction(Isolate * isolate,BuiltinArguments args,const char * token)22 MaybeHandle<Object> CreateDynamicFunction(Isolate* isolate,
23 BuiltinArguments args,
24 const char* token) {
25 // Compute number of arguments, ignoring the receiver.
26 DCHECK_LE(1, args.length());
27 int const argc = args.length() - 1;
28
29 Handle<JSFunction> target = args.target();
30 Handle<JSObject> target_global_proxy(target->global_proxy(), isolate);
31
32 if (!Builtins::AllowDynamicFunction(isolate, target, target_global_proxy)) {
33 isolate->CountUsage(v8::Isolate::kFunctionConstructorReturnedUndefined);
34 return isolate->factory()->undefined_value();
35 }
36
37 // Build the source string.
38 Handle<String> source;
39 int parameters_end_pos = kNoSourcePosition;
40 {
41 IncrementalStringBuilder builder(isolate);
42 builder.AppendCharacter('(');
43 builder.AppendCString(token);
44 if (FLAG_harmony_function_tostring) {
45 builder.AppendCString(" anonymous(");
46 } else {
47 builder.AppendCharacter('(');
48 }
49 bool parenthesis_in_arg_string = false;
50 if (argc > 1) {
51 for (int i = 1; i < argc; ++i) {
52 if (i > 1) builder.AppendCharacter(',');
53 Handle<String> param;
54 ASSIGN_RETURN_ON_EXCEPTION(
55 isolate, param, Object::ToString(isolate, args.at(i)), Object);
56 param = String::Flatten(isolate, param);
57 builder.AppendString(param);
58 if (!FLAG_harmony_function_tostring) {
59 // If the formal parameters string include ) - an illegal
60 // character - it may make the combined function expression
61 // compile. We avoid this problem by checking for this early on.
62 DisallowHeapAllocation no_gc; // Ensure vectors stay valid.
63 String::FlatContent param_content = param->GetFlatContent();
64 for (int i = 0, length = param->length(); i < length; ++i) {
65 if (param_content.Get(i) == ')') {
66 parenthesis_in_arg_string = true;
67 break;
68 }
69 }
70 }
71 }
72 if (!FLAG_harmony_function_tostring) {
73 // If the formal parameters include an unbalanced block comment, the
74 // function must be rejected. Since JavaScript does not allow nested
75 // comments we can include a trailing block comment to catch this.
76 builder.AppendCString("\n/*``*/");
77 }
78 }
79 if (FLAG_harmony_function_tostring) {
80 builder.AppendCharacter('\n');
81 parameters_end_pos = builder.Length();
82 }
83 builder.AppendCString(") {\n");
84 if (argc > 0) {
85 Handle<String> body;
86 ASSIGN_RETURN_ON_EXCEPTION(
87 isolate, body, Object::ToString(isolate, args.at(argc)), Object);
88 builder.AppendString(body);
89 }
90 builder.AppendCString("\n})");
91 ASSIGN_RETURN_ON_EXCEPTION(isolate, source, builder.Finish(), Object);
92
93 // The SyntaxError must be thrown after all the (observable) ToString
94 // conversions are done.
95 if (parenthesis_in_arg_string) {
96 THROW_NEW_ERROR(isolate,
97 NewSyntaxError(MessageTemplate::kParenthesisInArgString),
98 Object);
99 }
100 }
101
102 // Compile the string in the constructor and not a helper so that errors to
103 // come from here.
104 Handle<JSFunction> function;
105 {
106 ASSIGN_RETURN_ON_EXCEPTION(
107 isolate, function,
108 Compiler::GetFunctionFromString(
109 handle(target->native_context(), isolate), source,
110 ONLY_SINGLE_FUNCTION_LITERAL, parameters_end_pos),
111 Object);
112 Handle<Object> result;
113 ASSIGN_RETURN_ON_EXCEPTION(
114 isolate, result,
115 Execution::Call(isolate, function, target_global_proxy, 0, nullptr),
116 Object);
117 function = Handle<JSFunction>::cast(result);
118 function->shared()->set_name_should_print_as_anonymous(true);
119 }
120
121 // If new.target is equal to target then the function created
122 // is already correctly setup and nothing else should be done
123 // here. But if new.target is not equal to target then we are
124 // have a Function builtin subclassing case and therefore the
125 // function has wrong initial map. To fix that we create a new
126 // function object with correct initial map.
127 Handle<Object> unchecked_new_target = args.new_target();
128 if (!unchecked_new_target->IsUndefined(isolate) &&
129 !unchecked_new_target.is_identical_to(target)) {
130 Handle<JSReceiver> new_target =
131 Handle<JSReceiver>::cast(unchecked_new_target);
132 Handle<Map> initial_map;
133 ASSIGN_RETURN_ON_EXCEPTION(
134 isolate, initial_map,
135 JSFunction::GetDerivedMap(isolate, target, new_target), Object);
136
137 Handle<SharedFunctionInfo> shared_info(function->shared(), isolate);
138 Handle<Map> map = Map::AsLanguageMode(isolate, initial_map, shared_info);
139
140 Handle<Context> context(function->context(), isolate);
141 function = isolate->factory()->NewFunctionFromSharedFunctionInfo(
142 map, shared_info, context, NOT_TENURED);
143 }
144 return function;
145 }
146
147 } // namespace
148
149 // ES6 section 19.2.1.1 Function ( p1, p2, ... , pn, body )
BUILTIN(FunctionConstructor)150 BUILTIN(FunctionConstructor) {
151 HandleScope scope(isolate);
152 Handle<Object> result;
153 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
154 isolate, result, CreateDynamicFunction(isolate, args, "function"));
155 return *result;
156 }
157
158 // ES6 section 25.2.1.1 GeneratorFunction (p1, p2, ... , pn, body)
BUILTIN(GeneratorFunctionConstructor)159 BUILTIN(GeneratorFunctionConstructor) {
160 HandleScope scope(isolate);
161 RETURN_RESULT_OR_FAILURE(isolate,
162 CreateDynamicFunction(isolate, args, "function*"));
163 }
164
BUILTIN(AsyncFunctionConstructor)165 BUILTIN(AsyncFunctionConstructor) {
166 HandleScope scope(isolate);
167 Handle<Object> maybe_func;
168 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
169 isolate, maybe_func,
170 CreateDynamicFunction(isolate, args, "async function"));
171 if (!maybe_func->IsJSFunction()) return *maybe_func;
172
173 // Do not lazily compute eval position for AsyncFunction, as they may not be
174 // determined after the function is resumed.
175 Handle<JSFunction> func = Handle<JSFunction>::cast(maybe_func);
176 Handle<Script> script =
177 handle(Script::cast(func->shared()->script()), isolate);
178 int position = script->GetEvalPosition();
179 USE(position);
180
181 return *func;
182 }
183
BUILTIN(AsyncGeneratorFunctionConstructor)184 BUILTIN(AsyncGeneratorFunctionConstructor) {
185 HandleScope scope(isolate);
186 Handle<Object> maybe_func;
187 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
188 isolate, maybe_func,
189 CreateDynamicFunction(isolate, args, "async function*"));
190 if (!maybe_func->IsJSFunction()) return *maybe_func;
191
192 // Do not lazily compute eval position for AsyncFunction, as they may not be
193 // determined after the function is resumed.
194 Handle<JSFunction> func = Handle<JSFunction>::cast(maybe_func);
195 Handle<Script> script =
196 handle(Script::cast(func->shared()->script()), isolate);
197 int position = script->GetEvalPosition();
198 USE(position);
199
200 return *func;
201 }
202
203 namespace {
204
DoFunctionBind(Isolate * isolate,BuiltinArguments args)205 Object* DoFunctionBind(Isolate* isolate, BuiltinArguments args) {
206 HandleScope scope(isolate);
207 DCHECK_LE(1, args.length());
208 if (!args.receiver()->IsCallable()) {
209 THROW_NEW_ERROR_RETURN_FAILURE(
210 isolate, NewTypeError(MessageTemplate::kFunctionBind));
211 }
212
213 // Allocate the bound function with the given {this_arg} and {args}.
214 Handle<JSReceiver> target = args.at<JSReceiver>(0);
215 Handle<Object> this_arg = isolate->factory()->undefined_value();
216 ScopedVector<Handle<Object>> argv(std::max(0, args.length() - 2));
217 if (args.length() > 1) {
218 this_arg = args.at(1);
219 for (int i = 2; i < args.length(); ++i) {
220 argv[i - 2] = args.at(i);
221 }
222 }
223 Handle<JSBoundFunction> function;
224 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
225 isolate, function,
226 isolate->factory()->NewJSBoundFunction(target, this_arg, argv));
227
228 LookupIterator length_lookup(target, isolate->factory()->length_string(),
229 target, LookupIterator::OWN);
230 // Setup the "length" property based on the "length" of the {target}.
231 // If the targets length is the default JSFunction accessor, we can keep the
232 // accessor that's installed by default on the JSBoundFunction. It lazily
233 // computes the value from the underlying internal length.
234 if (!target->IsJSFunction() ||
235 length_lookup.state() != LookupIterator::ACCESSOR ||
236 !length_lookup.GetAccessors()->IsAccessorInfo()) {
237 Handle<Object> length(Smi::kZero, isolate);
238 Maybe<PropertyAttributes> attributes =
239 JSReceiver::GetPropertyAttributes(&length_lookup);
240 if (attributes.IsNothing()) return ReadOnlyRoots(isolate).exception();
241 if (attributes.FromJust() != ABSENT) {
242 Handle<Object> target_length;
243 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, target_length,
244 Object::GetProperty(&length_lookup));
245 if (target_length->IsNumber()) {
246 length = isolate->factory()->NewNumber(std::max(
247 0.0, DoubleToInteger(target_length->Number()) - argv.length()));
248 }
249 }
250 LookupIterator it(function, isolate->factory()->length_string(), function);
251 DCHECK_EQ(LookupIterator::ACCESSOR, it.state());
252 RETURN_FAILURE_ON_EXCEPTION(isolate,
253 JSObject::DefineOwnPropertyIgnoreAttributes(
254 &it, length, it.property_attributes()));
255 }
256
257 // Setup the "name" property based on the "name" of the {target}.
258 // If the target's name is the default JSFunction accessor, we can keep the
259 // accessor that's installed by default on the JSBoundFunction. It lazily
260 // computes the value from the underlying internal name.
261 LookupIterator name_lookup(target, isolate->factory()->name_string(), target);
262 if (!target->IsJSFunction() ||
263 name_lookup.state() != LookupIterator::ACCESSOR ||
264 !name_lookup.GetAccessors()->IsAccessorInfo() ||
265 (name_lookup.IsFound() && !name_lookup.HolderIsReceiver())) {
266 Handle<Object> target_name;
267 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, target_name,
268 Object::GetProperty(&name_lookup));
269 Handle<String> name;
270 if (target_name->IsString()) {
271 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
272 isolate, name,
273 Name::ToFunctionName(isolate, Handle<String>::cast(target_name)));
274 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
275 isolate, name, isolate->factory()->NewConsString(
276 isolate->factory()->bound__string(), name));
277 } else {
278 name = isolate->factory()->bound__string();
279 }
280 LookupIterator it(isolate, function, isolate->factory()->name_string());
281 DCHECK_EQ(LookupIterator::ACCESSOR, it.state());
282 RETURN_FAILURE_ON_EXCEPTION(isolate,
283 JSObject::DefineOwnPropertyIgnoreAttributes(
284 &it, name, it.property_attributes()));
285 }
286 return *function;
287 }
288
289 } // namespace
290
291 // ES6 section 19.2.3.2 Function.prototype.bind ( thisArg, ...args )
BUILTIN(FunctionPrototypeBind)292 BUILTIN(FunctionPrototypeBind) { return DoFunctionBind(isolate, args); }
293
294 // ES6 section 19.2.3.5 Function.prototype.toString ( )
BUILTIN(FunctionPrototypeToString)295 BUILTIN(FunctionPrototypeToString) {
296 HandleScope scope(isolate);
297 Handle<Object> receiver = args.receiver();
298 if (receiver->IsJSBoundFunction()) {
299 return *JSBoundFunction::ToString(Handle<JSBoundFunction>::cast(receiver));
300 }
301 if (receiver->IsJSFunction()) {
302 return *JSFunction::ToString(Handle<JSFunction>::cast(receiver));
303 }
304 // With the revised toString behavior, all callable objects are valid
305 // receivers for this method.
306 if (FLAG_harmony_function_tostring && receiver->IsJSReceiver() &&
307 JSReceiver::cast(*receiver)->map()->is_callable()) {
308 return ReadOnlyRoots(isolate).function_native_code_string();
309 }
310 THROW_NEW_ERROR_RETURN_FAILURE(
311 isolate, NewTypeError(MessageTemplate::kNotGeneric,
312 isolate->factory()->NewStringFromAsciiChecked(
313 "Function.prototype.toString"),
314 isolate->factory()->Function_string()));
315 }
316
317 } // namespace internal
318 } // namespace v8
319