1 // Copyright 2016 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "src/api/api-inl.h"
6 #include "src/builtins/builtins-utils-inl.h"
7 #include "src/builtins/builtins.h"
8 #include "src/codegen/code-factory.h"
9 #include "src/codegen/compiler.h"
10 #include "src/logging/counters.h"
11 #include "src/numbers/conversions.h"
12 #include "src/objects/api-callbacks.h"
13 #include "src/objects/lookup.h"
14 #include "src/objects/objects-inl.h"
15 #include "src/strings/string-builder-inl.h"
16
17 namespace v8 {
18 namespace internal {
19
20 namespace {
21
22 // ES6 section 19.2.1.1.1 CreateDynamicFunction
CreateDynamicFunction(Isolate * isolate,BuiltinArguments args,const char * token)23 MaybeHandle<Object> CreateDynamicFunction(Isolate* isolate,
24 BuiltinArguments args,
25 const char* token) {
26 // Compute number of arguments, ignoring the receiver.
27 DCHECK_LE(1, args.length());
28 int const argc = args.length() - 1;
29
30 Handle<JSFunction> target = args.target();
31 Handle<JSObject> target_global_proxy(target->global_proxy(), isolate);
32
33 if (!Builtins::AllowDynamicFunction(isolate, target, target_global_proxy)) {
34 isolate->CountUsage(v8::Isolate::kFunctionConstructorReturnedUndefined);
35 // TODO(verwaest): We would like to throw using the calling context instead
36 // of the entered context but we don't currently have access to that.
37 HandleScopeImplementer* impl = isolate->handle_scope_implementer();
38 SaveAndSwitchContext save(
39 isolate, impl->LastEnteredOrMicrotaskContext()->native_context());
40 THROW_NEW_ERROR(isolate, NewTypeError(MessageTemplate::kNoAccess), Object);
41 }
42
43 // Build the source string.
44 Handle<String> source;
45 int parameters_end_pos = kNoSourcePosition;
46 {
47 IncrementalStringBuilder builder(isolate);
48 builder.AppendCharacter('(');
49 builder.AppendCString(token);
50 builder.AppendCString(" anonymous(");
51 bool parenthesis_in_arg_string = false;
52 if (argc > 1) {
53 for (int i = 1; i < argc; ++i) {
54 if (i > 1) builder.AppendCharacter(',');
55 Handle<String> param;
56 ASSIGN_RETURN_ON_EXCEPTION(
57 isolate, param, Object::ToString(isolate, args.at(i)), Object);
58 param = String::Flatten(isolate, param);
59 builder.AppendString(param);
60 }
61 }
62 builder.AppendCharacter('\n');
63 parameters_end_pos = builder.Length();
64 builder.AppendCString(") {\n");
65 if (argc > 0) {
66 Handle<String> body;
67 ASSIGN_RETURN_ON_EXCEPTION(
68 isolate, body, Object::ToString(isolate, args.at(argc)), Object);
69 builder.AppendString(body);
70 }
71 builder.AppendCString("\n})");
72 ASSIGN_RETURN_ON_EXCEPTION(isolate, source, builder.Finish(), Object);
73
74 // The SyntaxError must be thrown after all the (observable) ToString
75 // conversions are done.
76 if (parenthesis_in_arg_string) {
77 THROW_NEW_ERROR(isolate,
78 NewSyntaxError(MessageTemplate::kParenthesisInArgString),
79 Object);
80 }
81 }
82
83 bool is_code_like = true;
84 for (int i = 0; i < argc; ++i) {
85 if (!args.at(i + 1)->IsCodeLike(isolate)) {
86 is_code_like = false;
87 break;
88 }
89 }
90
91 // Compile the string in the constructor and not a helper so that errors to
92 // come from here.
93 Handle<JSFunction> function;
94 {
95 ASSIGN_RETURN_ON_EXCEPTION(
96 isolate, function,
97 Compiler::GetFunctionFromString(
98 handle(target->native_context(), isolate), source,
99 ONLY_SINGLE_FUNCTION_LITERAL, parameters_end_pos, is_code_like),
100 Object);
101 Handle<Object> result;
102 ASSIGN_RETURN_ON_EXCEPTION(
103 isolate, result,
104 Execution::Call(isolate, function, target_global_proxy, 0, nullptr),
105 Object);
106 function = Handle<JSFunction>::cast(result);
107 function->shared().set_name_should_print_as_anonymous(true);
108 }
109
110 // If new.target is equal to target then the function created
111 // is already correctly setup and nothing else should be done
112 // here. But if new.target is not equal to target then we are
113 // have a Function builtin subclassing case and therefore the
114 // function has wrong initial map. To fix that we create a new
115 // function object with correct initial map.
116 Handle<Object> unchecked_new_target = args.new_target();
117 if (!unchecked_new_target->IsUndefined(isolate) &&
118 !unchecked_new_target.is_identical_to(target)) {
119 Handle<JSReceiver> new_target =
120 Handle<JSReceiver>::cast(unchecked_new_target);
121 Handle<Map> initial_map;
122 ASSIGN_RETURN_ON_EXCEPTION(
123 isolate, initial_map,
124 JSFunction::GetDerivedMap(isolate, target, new_target), Object);
125
126 Handle<SharedFunctionInfo> shared_info(function->shared(), isolate);
127 Handle<Map> map = Map::AsLanguageMode(isolate, initial_map, shared_info);
128
129 Handle<Context> context(function->context(), isolate);
130 function = isolate->factory()->NewFunctionFromSharedFunctionInfo(
131 map, shared_info, context, AllocationType::kYoung);
132 }
133 return function;
134 }
135
136 } // namespace
137
138 // ES6 section 19.2.1.1 Function ( p1, p2, ... , pn, body )
BUILTIN(FunctionConstructor)139 BUILTIN(FunctionConstructor) {
140 HandleScope scope(isolate);
141 Handle<Object> result;
142 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
143 isolate, result, CreateDynamicFunction(isolate, args, "function"));
144 return *result;
145 }
146
147 // ES6 section 25.2.1.1 GeneratorFunction (p1, p2, ... , pn, body)
BUILTIN(GeneratorFunctionConstructor)148 BUILTIN(GeneratorFunctionConstructor) {
149 HandleScope scope(isolate);
150 RETURN_RESULT_OR_FAILURE(isolate,
151 CreateDynamicFunction(isolate, args, "function*"));
152 }
153
BUILTIN(AsyncFunctionConstructor)154 BUILTIN(AsyncFunctionConstructor) {
155 HandleScope scope(isolate);
156 Handle<Object> maybe_func;
157 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
158 isolate, maybe_func,
159 CreateDynamicFunction(isolate, args, "async function"));
160 if (!maybe_func->IsJSFunction()) return *maybe_func;
161
162 // Do not lazily compute eval position for AsyncFunction, as they may not be
163 // determined after the function is resumed.
164 Handle<JSFunction> func = Handle<JSFunction>::cast(maybe_func);
165 Handle<Script> script =
166 handle(Script::cast(func->shared().script()), isolate);
167 int position = Script::GetEvalPosition(isolate, script);
168 USE(position);
169
170 return *func;
171 }
172
BUILTIN(AsyncGeneratorFunctionConstructor)173 BUILTIN(AsyncGeneratorFunctionConstructor) {
174 HandleScope scope(isolate);
175 Handle<Object> maybe_func;
176 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
177 isolate, maybe_func,
178 CreateDynamicFunction(isolate, args, "async function*"));
179 if (!maybe_func->IsJSFunction()) return *maybe_func;
180
181 // Do not lazily compute eval position for AsyncFunction, as they may not be
182 // determined after the function is resumed.
183 Handle<JSFunction> func = Handle<JSFunction>::cast(maybe_func);
184 Handle<Script> script =
185 handle(Script::cast(func->shared().script()), isolate);
186 int position = Script::GetEvalPosition(isolate, script);
187 USE(position);
188
189 return *func;
190 }
191
192 namespace {
193
DoFunctionBind(Isolate * isolate,BuiltinArguments args)194 Object DoFunctionBind(Isolate* isolate, BuiltinArguments args) {
195 HandleScope scope(isolate);
196 DCHECK_LE(1, args.length());
197 if (!args.receiver()->IsCallable()) {
198 THROW_NEW_ERROR_RETURN_FAILURE(
199 isolate, NewTypeError(MessageTemplate::kFunctionBind));
200 }
201
202 // Allocate the bound function with the given {this_arg} and {args}.
203 Handle<JSReceiver> target = args.at<JSReceiver>(0);
204 Handle<Object> this_arg = isolate->factory()->undefined_value();
205 ScopedVector<Handle<Object>> argv(std::max(0, args.length() - 2));
206 if (args.length() > 1) {
207 this_arg = args.at(1);
208 for (int i = 2; i < args.length(); ++i) {
209 argv[i - 2] = args.at(i);
210 }
211 }
212 Handle<JSBoundFunction> function;
213 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
214 isolate, function,
215 isolate->factory()->NewJSBoundFunction(target, this_arg, argv));
216
217 LookupIterator length_lookup(isolate, target,
218 isolate->factory()->length_string(), target,
219 LookupIterator::OWN);
220 // Setup the "length" property based on the "length" of the {target}.
221 // If the targets length is the default JSFunction accessor, we can keep the
222 // accessor that's installed by default on the JSBoundFunction. It lazily
223 // computes the value from the underlying internal length.
224 if (!target->IsJSFunction() ||
225 length_lookup.state() != LookupIterator::ACCESSOR ||
226 !length_lookup.GetAccessors()->IsAccessorInfo()) {
227 Handle<Object> length(Smi::zero(), isolate);
228 Maybe<PropertyAttributes> attributes =
229 JSReceiver::GetPropertyAttributes(&length_lookup);
230 if (attributes.IsNothing()) return ReadOnlyRoots(isolate).exception();
231 if (attributes.FromJust() != ABSENT) {
232 Handle<Object> target_length;
233 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, target_length,
234 Object::GetProperty(&length_lookup));
235 if (target_length->IsNumber()) {
236 length = isolate->factory()->NewNumber(std::max(
237 0.0, DoubleToInteger(target_length->Number()) - argv.length()));
238 }
239 }
240 LookupIterator it(isolate, function, isolate->factory()->length_string(),
241 function);
242 DCHECK_EQ(LookupIterator::ACCESSOR, it.state());
243 RETURN_FAILURE_ON_EXCEPTION(isolate,
244 JSObject::DefineOwnPropertyIgnoreAttributes(
245 &it, length, it.property_attributes()));
246 }
247
248 // Setup the "name" property based on the "name" of the {target}.
249 // If the target's name is the default JSFunction accessor, we can keep the
250 // accessor that's installed by default on the JSBoundFunction. It lazily
251 // computes the value from the underlying internal name.
252 LookupIterator name_lookup(isolate, target, isolate->factory()->name_string(),
253 target);
254 if (!target->IsJSFunction() ||
255 name_lookup.state() != LookupIterator::ACCESSOR ||
256 !name_lookup.GetAccessors()->IsAccessorInfo() ||
257 (name_lookup.IsFound() && !name_lookup.HolderIsReceiver())) {
258 Handle<Object> target_name;
259 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, target_name,
260 Object::GetProperty(&name_lookup));
261 Handle<String> name;
262 if (target_name->IsString()) {
263 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
264 isolate, name,
265 Name::ToFunctionName(isolate, Handle<String>::cast(target_name)));
266 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
267 isolate, name, isolate->factory()->NewConsString(
268 isolate->factory()->bound__string(), name));
269 } else {
270 name = isolate->factory()->bound__string();
271 }
272 LookupIterator it(isolate, function, isolate->factory()->name_string());
273 DCHECK_EQ(LookupIterator::ACCESSOR, it.state());
274 RETURN_FAILURE_ON_EXCEPTION(isolate,
275 JSObject::DefineOwnPropertyIgnoreAttributes(
276 &it, name, it.property_attributes()));
277 }
278 return *function;
279 }
280
281 } // namespace
282
283 // ES6 section 19.2.3.2 Function.prototype.bind ( thisArg, ...args )
BUILTIN(FunctionPrototypeBind)284 BUILTIN(FunctionPrototypeBind) { return DoFunctionBind(isolate, args); }
285
286 // ES6 section 19.2.3.5 Function.prototype.toString ( )
BUILTIN(FunctionPrototypeToString)287 BUILTIN(FunctionPrototypeToString) {
288 HandleScope scope(isolate);
289 Handle<Object> receiver = args.receiver();
290 if (receiver->IsJSBoundFunction()) {
291 return *JSBoundFunction::ToString(Handle<JSBoundFunction>::cast(receiver));
292 }
293 if (receiver->IsJSFunction()) {
294 return *JSFunction::ToString(Handle<JSFunction>::cast(receiver));
295 }
296 // With the revised toString behavior, all callable objects are valid
297 // receivers for this method.
298 if (receiver->IsJSReceiver() &&
299 JSReceiver::cast(*receiver).map().is_callable()) {
300 return ReadOnlyRoots(isolate).function_native_code_string();
301 }
302 THROW_NEW_ERROR_RETURN_FAILURE(
303 isolate, NewTypeError(MessageTemplate::kNotGeneric,
304 isolate->factory()->NewStringFromAsciiChecked(
305 "Function.prototype.toString"),
306 isolate->factory()->Function_string()));
307 }
308
309 } // namespace internal
310 } // namespace v8
311