1 // Copyright 2013 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "src/keys.h"
6
7 #include "src/api-arguments.h"
8 #include "src/elements.h"
9 #include "src/factory.h"
10 #include "src/identity-map.h"
11 #include "src/isolate-inl.h"
12 #include "src/objects-inl.h"
13 #include "src/property-descriptor.h"
14 #include "src/prototype.h"
15
16 namespace v8 {
17 namespace internal {
18
~KeyAccumulator()19 KeyAccumulator::~KeyAccumulator() {
20 }
21
22 namespace {
23
ContainsOnlyValidKeys(Handle<FixedArray> array)24 static bool ContainsOnlyValidKeys(Handle<FixedArray> array) {
25 int len = array->length();
26 for (int i = 0; i < len; i++) {
27 Object* e = array->get(i);
28 if (!(e->IsName() || e->IsNumber())) return false;
29 }
30 return true;
31 }
32
33 } // namespace
GetKeys(Handle<JSReceiver> object,KeyCollectionMode mode,PropertyFilter filter,GetKeysConversion keys_conversion,bool filter_proxy_keys,bool is_for_in)34 MaybeHandle<FixedArray> KeyAccumulator::GetKeys(
35 Handle<JSReceiver> object, KeyCollectionMode mode, PropertyFilter filter,
36 GetKeysConversion keys_conversion, bool filter_proxy_keys, bool is_for_in) {
37 Isolate* isolate = object->GetIsolate();
38 KeyAccumulator accumulator(isolate, mode, filter);
39 accumulator.set_filter_proxy_keys(filter_proxy_keys);
40 accumulator.set_is_for_in(is_for_in);
41 MAYBE_RETURN(accumulator.CollectKeys(object, object),
42 MaybeHandle<FixedArray>());
43 return accumulator.GetKeys(keys_conversion);
44 }
45
GetKeys(GetKeysConversion convert)46 Handle<FixedArray> KeyAccumulator::GetKeys(GetKeysConversion convert) {
47 if (keys_.is_null()) {
48 return isolate_->factory()->empty_fixed_array();
49 }
50 if (mode_ == KeyCollectionMode::kOwnOnly &&
51 keys_->map() == isolate_->heap()->fixed_array_map()) {
52 return Handle<FixedArray>::cast(keys_);
53 }
54 USE(ContainsOnlyValidKeys);
55 Handle<FixedArray> result =
56 OrderedHashSet::ConvertToKeysArray(keys(), convert);
57 DCHECK(ContainsOnlyValidKeys(result));
58 return result;
59 }
60
AddKey(Object * key,AddKeyConversion convert)61 void KeyAccumulator::AddKey(Object* key, AddKeyConversion convert) {
62 AddKey(handle(key, isolate_), convert);
63 }
64
AddKey(Handle<Object> key,AddKeyConversion convert)65 void KeyAccumulator::AddKey(Handle<Object> key, AddKeyConversion convert) {
66 if (key->IsSymbol()) {
67 if (filter_ & SKIP_SYMBOLS) return;
68 if (Handle<Symbol>::cast(key)->is_private()) return;
69 } else if (filter_ & SKIP_STRINGS) {
70 return;
71 }
72 if (keys_.is_null()) {
73 keys_ = OrderedHashSet::Allocate(isolate_, 16);
74 }
75 uint32_t index;
76 if (convert == CONVERT_TO_ARRAY_INDEX && key->IsString() &&
77 Handle<String>::cast(key)->AsArrayIndex(&index)) {
78 key = isolate_->factory()->NewNumberFromUint(index);
79 }
80 keys_ = OrderedHashSet::Add(keys(), key);
81 }
82
AddKeys(Handle<FixedArray> array,AddKeyConversion convert)83 void KeyAccumulator::AddKeys(Handle<FixedArray> array,
84 AddKeyConversion convert) {
85 int add_length = array->length();
86 for (int i = 0; i < add_length; i++) {
87 Handle<Object> current(array->get(i), isolate_);
88 AddKey(current, convert);
89 }
90 }
91
AddKeys(Handle<JSObject> array_like,AddKeyConversion convert)92 void KeyAccumulator::AddKeys(Handle<JSObject> array_like,
93 AddKeyConversion convert) {
94 DCHECK(array_like->IsJSArray() || array_like->HasSloppyArgumentsElements());
95 ElementsAccessor* accessor = array_like->GetElementsAccessor();
96 accessor->AddElementsToKeyAccumulator(array_like, this, convert);
97 }
98
FilterProxyKeys(Isolate * isolate,Handle<JSProxy> owner,Handle<FixedArray> keys,PropertyFilter filter)99 MaybeHandle<FixedArray> FilterProxyKeys(Isolate* isolate, Handle<JSProxy> owner,
100 Handle<FixedArray> keys,
101 PropertyFilter filter) {
102 if (filter == ALL_PROPERTIES) {
103 // Nothing to do.
104 return keys;
105 }
106 int store_position = 0;
107 for (int i = 0; i < keys->length(); ++i) {
108 Handle<Name> key(Name::cast(keys->get(i)), isolate);
109 if (key->FilterKey(filter)) continue; // Skip this key.
110 if (filter & ONLY_ENUMERABLE) {
111 PropertyDescriptor desc;
112 Maybe<bool> found =
113 JSProxy::GetOwnPropertyDescriptor(isolate, owner, key, &desc);
114 MAYBE_RETURN(found, MaybeHandle<FixedArray>());
115 if (!found.FromJust() || !desc.enumerable()) continue; // Skip this key.
116 }
117 // Keep this key.
118 if (store_position != i) {
119 keys->set(store_position, *key);
120 }
121 store_position++;
122 }
123 if (store_position == 0) return isolate->factory()->empty_fixed_array();
124 keys->Shrink(store_position);
125 return keys;
126 }
127
128 // Returns "nothing" in case of exception, "true" on success.
AddKeysFromJSProxy(Handle<JSProxy> proxy,Handle<FixedArray> keys)129 Maybe<bool> KeyAccumulator::AddKeysFromJSProxy(Handle<JSProxy> proxy,
130 Handle<FixedArray> keys) {
131 if (filter_proxy_keys_) {
132 DCHECK(!is_for_in_);
133 ASSIGN_RETURN_ON_EXCEPTION_VALUE(
134 isolate_, keys, FilterProxyKeys(isolate_, proxy, keys, filter_),
135 Nothing<bool>());
136 }
137 if (mode_ == KeyCollectionMode::kOwnOnly && !is_for_in_) {
138 // If we collect only the keys from a JSProxy do not sort or deduplicate it.
139 keys_ = keys;
140 return Just(true);
141 }
142 AddKeys(keys, is_for_in_ ? CONVERT_TO_ARRAY_INDEX : DO_NOT_CONVERT);
143 return Just(true);
144 }
145
CollectKeys(Handle<JSReceiver> receiver,Handle<JSReceiver> object)146 Maybe<bool> KeyAccumulator::CollectKeys(Handle<JSReceiver> receiver,
147 Handle<JSReceiver> object) {
148 // Proxies have no hidden prototype and we should not trigger the
149 // [[GetPrototypeOf]] trap on the last iteration when using
150 // AdvanceFollowingProxies.
151 if (mode_ == KeyCollectionMode::kOwnOnly && object->IsJSProxy()) {
152 MAYBE_RETURN(CollectOwnJSProxyKeys(receiver, Handle<JSProxy>::cast(object)),
153 Nothing<bool>());
154 return Just(true);
155 }
156
157 PrototypeIterator::WhereToEnd end = mode_ == KeyCollectionMode::kOwnOnly
158 ? PrototypeIterator::END_AT_NON_HIDDEN
159 : PrototypeIterator::END_AT_NULL;
160 for (PrototypeIterator iter(isolate_, object, kStartAtReceiver, end);
161 !iter.IsAtEnd();) {
162 Handle<JSReceiver> current =
163 PrototypeIterator::GetCurrent<JSReceiver>(iter);
164 Maybe<bool> result = Just(false); // Dummy initialization.
165 if (current->IsJSProxy()) {
166 result = CollectOwnJSProxyKeys(receiver, Handle<JSProxy>::cast(current));
167 } else {
168 DCHECK(current->IsJSObject());
169 result = CollectOwnKeys(receiver, Handle<JSObject>::cast(current));
170 }
171 MAYBE_RETURN(result, Nothing<bool>());
172 if (!result.FromJust()) break; // |false| means "stop iterating".
173 // Iterate through proxies but ignore access checks for the ALL_CAN_READ
174 // case on API objects for OWN_ONLY keys handled in CollectOwnKeys.
175 if (!iter.AdvanceFollowingProxiesIgnoringAccessChecks()) {
176 return Nothing<bool>();
177 }
178 if (!last_non_empty_prototype_.is_null() &&
179 *last_non_empty_prototype_ == *current) {
180 break;
181 }
182 }
183 return Just(true);
184 }
185
186 namespace {
187
TrySettingEmptyEnumCache(JSReceiver * object)188 void TrySettingEmptyEnumCache(JSReceiver* object) {
189 Map* map = object->map();
190 DCHECK_EQ(kInvalidEnumCacheSentinel, map->EnumLength());
191 if (!map->OnlyHasSimpleProperties()) return;
192 if (map->IsJSProxyMap()) return;
193 if (map->NumberOfOwnDescriptors() > 0) {
194 int number_of_enumerable_own_properties =
195 map->NumberOfDescribedProperties(OWN_DESCRIPTORS, ENUMERABLE_STRINGS);
196 if (number_of_enumerable_own_properties > 0) return;
197 }
198 DCHECK(object->IsJSObject());
199 map->SetEnumLength(0);
200 }
201
CheckAndInitalizeSimpleEnumCache(JSReceiver * object)202 bool CheckAndInitalizeSimpleEnumCache(JSReceiver* object) {
203 if (object->map()->EnumLength() == kInvalidEnumCacheSentinel) {
204 TrySettingEmptyEnumCache(object);
205 }
206 if (object->map()->EnumLength() != 0) return false;
207 DCHECK(object->IsJSObject());
208 return !JSObject::cast(object)->HasEnumerableElements();
209 }
210 } // namespace
211
Prepare()212 void FastKeyAccumulator::Prepare() {
213 DisallowHeapAllocation no_gc;
214 // Directly go for the fast path for OWN_ONLY keys.
215 if (mode_ == KeyCollectionMode::kOwnOnly) return;
216 // Fully walk the prototype chain and find the last prototype with keys.
217 is_receiver_simple_enum_ = false;
218 has_empty_prototype_ = true;
219 JSReceiver* last_prototype = nullptr;
220 for (PrototypeIterator iter(isolate_, *receiver_); !iter.IsAtEnd();
221 iter.Advance()) {
222 JSReceiver* current = iter.GetCurrent<JSReceiver>();
223 bool has_no_properties = CheckAndInitalizeSimpleEnumCache(current);
224 if (has_no_properties) continue;
225 last_prototype = current;
226 has_empty_prototype_ = false;
227 }
228 if (has_empty_prototype_) {
229 is_receiver_simple_enum_ =
230 receiver_->map()->EnumLength() != kInvalidEnumCacheSentinel &&
231 !JSObject::cast(*receiver_)->HasEnumerableElements();
232 } else if (last_prototype != nullptr) {
233 last_non_empty_prototype_ = handle(last_prototype, isolate_);
234 }
235 }
236
237 namespace {
ReduceFixedArrayTo(Isolate * isolate,Handle<FixedArray> array,int length)238 static Handle<FixedArray> ReduceFixedArrayTo(Isolate* isolate,
239 Handle<FixedArray> array,
240 int length) {
241 DCHECK_LE(length, array->length());
242 if (array->length() == length) return array;
243 return isolate->factory()->CopyFixedArrayUpTo(array, length);
244 }
245
GetFastEnumPropertyKeys(Isolate * isolate,Handle<JSObject> object)246 Handle<FixedArray> GetFastEnumPropertyKeys(Isolate* isolate,
247 Handle<JSObject> object) {
248 Handle<Map> map(object->map());
249 bool cache_enum_length = map->OnlyHasSimpleProperties();
250
251 Handle<DescriptorArray> descs =
252 Handle<DescriptorArray>(map->instance_descriptors(), isolate);
253 int own_property_count = map->EnumLength();
254 // If the enum length of the given map is set to kInvalidEnumCache, this
255 // means that the map itself has never used the present enum cache. The
256 // first step to using the cache is to set the enum length of the map by
257 // counting the number of own descriptors that are ENUMERABLE_STRINGS.
258 if (own_property_count == kInvalidEnumCacheSentinel) {
259 own_property_count =
260 map->NumberOfDescribedProperties(OWN_DESCRIPTORS, ENUMERABLE_STRINGS);
261 } else {
262 DCHECK(
263 own_property_count ==
264 map->NumberOfDescribedProperties(OWN_DESCRIPTORS, ENUMERABLE_STRINGS));
265 }
266
267 if (descs->HasEnumCache()) {
268 Handle<FixedArray> keys(descs->GetEnumCache(), isolate);
269 // In case the number of properties required in the enum are actually
270 // present, we can reuse the enum cache. Otherwise, this means that the
271 // enum cache was generated for a previous (smaller) version of the
272 // Descriptor Array. In that case we regenerate the enum cache.
273 if (own_property_count <= keys->length()) {
274 isolate->counters()->enum_cache_hits()->Increment();
275 if (cache_enum_length) map->SetEnumLength(own_property_count);
276 return ReduceFixedArrayTo(isolate, keys, own_property_count);
277 }
278 }
279
280 if (descs->IsEmpty()) {
281 isolate->counters()->enum_cache_hits()->Increment();
282 if (cache_enum_length) map->SetEnumLength(0);
283 return isolate->factory()->empty_fixed_array();
284 }
285
286 isolate->counters()->enum_cache_misses()->Increment();
287
288 Handle<FixedArray> storage =
289 isolate->factory()->NewFixedArray(own_property_count);
290 Handle<FixedArray> indices =
291 isolate->factory()->NewFixedArray(own_property_count);
292
293 int size = map->NumberOfOwnDescriptors();
294 int index = 0;
295
296 for (int i = 0; i < size; i++) {
297 PropertyDetails details = descs->GetDetails(i);
298 if (details.IsDontEnum()) continue;
299 Object* key = descs->GetKey(i);
300 if (key->IsSymbol()) continue;
301 storage->set(index, key);
302 if (!indices.is_null()) {
303 if (details.type() != DATA) {
304 indices = Handle<FixedArray>();
305 } else {
306 FieldIndex field_index = FieldIndex::ForDescriptor(*map, i);
307 int load_by_field_index = field_index.GetLoadByFieldIndex();
308 indices->set(index, Smi::FromInt(load_by_field_index));
309 }
310 }
311 index++;
312 }
313 DCHECK(index == storage->length());
314
315 DescriptorArray::SetEnumCache(descs, isolate, storage, indices);
316 if (cache_enum_length) {
317 map->SetEnumLength(own_property_count);
318 }
319 return storage;
320 }
321
322 template <bool fast_properties>
GetOwnKeysWithElements(Isolate * isolate,Handle<JSObject> object,GetKeysConversion convert)323 Handle<FixedArray> GetOwnKeysWithElements(Isolate* isolate,
324 Handle<JSObject> object,
325 GetKeysConversion convert) {
326 Handle<FixedArray> keys;
327 ElementsAccessor* accessor = object->GetElementsAccessor();
328 if (fast_properties) {
329 keys = GetFastEnumPropertyKeys(isolate, object);
330 } else {
331 // TODO(cbruni): preallocate big enough array to also hold elements.
332 keys = KeyAccumulator::GetEnumPropertyKeys(isolate, object);
333 }
334 Handle<FixedArray> result =
335 accessor->PrependElementIndices(object, keys, convert, ONLY_ENUMERABLE);
336
337 if (FLAG_trace_for_in_enumerate) {
338 PrintF("| strings=%d symbols=0 elements=%u || prototypes>=1 ||\n",
339 keys->length(), result->length() - keys->length());
340 }
341 return result;
342 }
343
GetOwnKeysWithUninitializedEnumCache(Isolate * isolate,Handle<JSObject> object)344 MaybeHandle<FixedArray> GetOwnKeysWithUninitializedEnumCache(
345 Isolate* isolate, Handle<JSObject> object) {
346 // Uninitalized enum cache
347 Map* map = object->map();
348 if (object->elements() != isolate->heap()->empty_fixed_array() ||
349 object->elements() != isolate->heap()->empty_slow_element_dictionary()) {
350 // Assume that there are elements.
351 return MaybeHandle<FixedArray>();
352 }
353 int number_of_own_descriptors = map->NumberOfOwnDescriptors();
354 if (number_of_own_descriptors == 0) {
355 map->SetEnumLength(0);
356 return isolate->factory()->empty_fixed_array();
357 }
358 // We have no elements but possibly enumerable property keys, hence we can
359 // directly initialize the enum cache.
360 return GetFastEnumPropertyKeys(isolate, object);
361 }
362
OnlyHasSimpleProperties(Map * map)363 bool OnlyHasSimpleProperties(Map* map) {
364 return map->instance_type() > LAST_CUSTOM_ELEMENTS_RECEIVER;
365 }
366
367 } // namespace
368
GetKeys(GetKeysConversion keys_conversion)369 MaybeHandle<FixedArray> FastKeyAccumulator::GetKeys(
370 GetKeysConversion keys_conversion) {
371 Handle<FixedArray> keys;
372 if (filter_ == ENUMERABLE_STRINGS &&
373 GetKeysFast(keys_conversion).ToHandle(&keys)) {
374 return keys;
375 }
376 return GetKeysSlow(keys_conversion);
377 }
378
GetKeysFast(GetKeysConversion keys_conversion)379 MaybeHandle<FixedArray> FastKeyAccumulator::GetKeysFast(
380 GetKeysConversion keys_conversion) {
381 bool own_only = has_empty_prototype_ || mode_ == KeyCollectionMode::kOwnOnly;
382 Map* map = receiver_->map();
383 if (!own_only || !OnlyHasSimpleProperties(map)) {
384 return MaybeHandle<FixedArray>();
385 }
386
387 // From this point on we are certiain to only collect own keys.
388 DCHECK(receiver_->IsJSObject());
389 Handle<JSObject> object = Handle<JSObject>::cast(receiver_);
390
391 // Do not try to use the enum-cache for dict-mode objects.
392 if (map->is_dictionary_map()) {
393 return GetOwnKeysWithElements<false>(isolate_, object, keys_conversion);
394 }
395 int enum_length = receiver_->map()->EnumLength();
396 if (enum_length == kInvalidEnumCacheSentinel) {
397 Handle<FixedArray> keys;
398 // Try initializing the enum cache and return own properties.
399 if (GetOwnKeysWithUninitializedEnumCache(isolate_, object)
400 .ToHandle(&keys)) {
401 if (FLAG_trace_for_in_enumerate) {
402 PrintF("| strings=%d symbols=0 elements=0 || prototypes>=1 ||\n",
403 keys->length());
404 }
405 is_receiver_simple_enum_ =
406 object->map()->EnumLength() != kInvalidEnumCacheSentinel;
407 return keys;
408 }
409 }
410 // The properties-only case failed because there were probably elements on the
411 // receiver.
412 return GetOwnKeysWithElements<true>(isolate_, object, keys_conversion);
413 }
414
GetKeysSlow(GetKeysConversion keys_conversion)415 MaybeHandle<FixedArray> FastKeyAccumulator::GetKeysSlow(
416 GetKeysConversion keys_conversion) {
417 KeyAccumulator accumulator(isolate_, mode_, filter_);
418 accumulator.set_filter_proxy_keys(filter_proxy_keys_);
419 accumulator.set_is_for_in(is_for_in_);
420 accumulator.set_last_non_empty_prototype(last_non_empty_prototype_);
421
422 MAYBE_RETURN(accumulator.CollectKeys(receiver_, receiver_),
423 MaybeHandle<FixedArray>());
424 return accumulator.GetKeys(keys_conversion);
425 }
426
427 namespace {
428
429 enum IndexedOrNamed { kIndexed, kNamed };
430
431 // Returns |true| on success, |nothing| on exception.
432 template <class Callback, IndexedOrNamed type>
CollectInterceptorKeysInternal(Handle<JSReceiver> receiver,Handle<JSObject> object,Handle<InterceptorInfo> interceptor,KeyAccumulator * accumulator)433 Maybe<bool> CollectInterceptorKeysInternal(Handle<JSReceiver> receiver,
434 Handle<JSObject> object,
435 Handle<InterceptorInfo> interceptor,
436 KeyAccumulator* accumulator) {
437 Isolate* isolate = accumulator->isolate();
438 PropertyCallbackArguments args(isolate, interceptor->data(), *receiver,
439 *object, Object::DONT_THROW);
440 Handle<JSObject> result;
441 if (!interceptor->enumerator()->IsUndefined(isolate)) {
442 Callback enum_fun = v8::ToCData<Callback>(interceptor->enumerator());
443 const char* log_tag = type == kIndexed ? "interceptor-indexed-enum"
444 : "interceptor-named-enum";
445 LOG(isolate, ApiObjectAccess(log_tag, *object));
446 result = args.Call(enum_fun);
447 }
448 RETURN_VALUE_IF_SCHEDULED_EXCEPTION(isolate, Nothing<bool>());
449 if (result.is_null()) return Just(true);
450 accumulator->AddKeys(
451 result, type == kIndexed ? CONVERT_TO_ARRAY_INDEX : DO_NOT_CONVERT);
452 return Just(true);
453 }
454
455 template <class Callback, IndexedOrNamed type>
CollectInterceptorKeys(Handle<JSReceiver> receiver,Handle<JSObject> object,KeyAccumulator * accumulator)456 Maybe<bool> CollectInterceptorKeys(Handle<JSReceiver> receiver,
457 Handle<JSObject> object,
458 KeyAccumulator* accumulator) {
459 Isolate* isolate = accumulator->isolate();
460 if (type == kIndexed) {
461 if (!object->HasIndexedInterceptor()) return Just(true);
462 } else {
463 if (!object->HasNamedInterceptor()) return Just(true);
464 }
465 Handle<InterceptorInfo> interceptor(type == kIndexed
466 ? object->GetIndexedInterceptor()
467 : object->GetNamedInterceptor(),
468 isolate);
469 if ((accumulator->filter() & ONLY_ALL_CAN_READ) &&
470 !interceptor->all_can_read()) {
471 return Just(true);
472 }
473 return CollectInterceptorKeysInternal<Callback, type>(
474 receiver, object, interceptor, accumulator);
475 }
476
477 } // namespace
478
CollectOwnElementIndices(Handle<JSReceiver> receiver,Handle<JSObject> object)479 Maybe<bool> KeyAccumulator::CollectOwnElementIndices(
480 Handle<JSReceiver> receiver, Handle<JSObject> object) {
481 if (filter_ & SKIP_STRINGS || skip_indices_) return Just(true);
482
483 ElementsAccessor* accessor = object->GetElementsAccessor();
484 accessor->CollectElementIndices(object, this);
485
486 return CollectInterceptorKeys<v8::IndexedPropertyEnumeratorCallback,
487 kIndexed>(receiver, object, this);
488 }
489
490 namespace {
491
492 template <bool skip_symbols>
CollectOwnPropertyNamesInternal(Handle<JSObject> object,KeyAccumulator * keys,Handle<DescriptorArray> descs,int start_index,int limit)493 int CollectOwnPropertyNamesInternal(Handle<JSObject> object,
494 KeyAccumulator* keys,
495 Handle<DescriptorArray> descs,
496 int start_index, int limit) {
497 int first_skipped = -1;
498 for (int i = start_index; i < limit; i++) {
499 PropertyDetails details = descs->GetDetails(i);
500 if ((details.attributes() & keys->filter()) != 0) continue;
501 if (keys->filter() & ONLY_ALL_CAN_READ) {
502 if (details.kind() != kAccessor) continue;
503 Object* accessors = descs->GetValue(i);
504 if (!accessors->IsAccessorInfo()) continue;
505 if (!AccessorInfo::cast(accessors)->all_can_read()) continue;
506 }
507 Name* key = descs->GetKey(i);
508 if (skip_symbols == key->IsSymbol()) {
509 if (first_skipped == -1) first_skipped = i;
510 continue;
511 }
512 if (key->FilterKey(keys->filter())) continue;
513 keys->AddKey(key, DO_NOT_CONVERT);
514 }
515 return first_skipped;
516 }
517
518 } // namespace
519
CollectOwnPropertyNames(Handle<JSReceiver> receiver,Handle<JSObject> object)520 Maybe<bool> KeyAccumulator::CollectOwnPropertyNames(Handle<JSReceiver> receiver,
521 Handle<JSObject> object) {
522 if (filter_ == ENUMERABLE_STRINGS) {
523 Handle<FixedArray> enum_keys =
524 KeyAccumulator::GetEnumPropertyKeys(isolate_, object);
525 AddKeys(enum_keys, DO_NOT_CONVERT);
526 } else {
527 if (object->HasFastProperties()) {
528 int limit = object->map()->NumberOfOwnDescriptors();
529 Handle<DescriptorArray> descs(object->map()->instance_descriptors(),
530 isolate_);
531 // First collect the strings,
532 int first_symbol =
533 CollectOwnPropertyNamesInternal<true>(object, this, descs, 0, limit);
534 // then the symbols.
535 if (first_symbol != -1) {
536 CollectOwnPropertyNamesInternal<false>(object, this, descs,
537 first_symbol, limit);
538 }
539 } else if (object->IsJSGlobalObject()) {
540 GlobalDictionary::CollectKeysTo(
541 handle(object->global_dictionary(), isolate_), this, filter_);
542 } else {
543 NameDictionary::CollectKeysTo(
544 handle(object->property_dictionary(), isolate_), this, filter_);
545 }
546 }
547 // Add the property keys from the interceptor.
548 return CollectInterceptorKeys<v8::GenericNamedPropertyEnumeratorCallback,
549 kNamed>(receiver, object, this);
550 }
551
CollectAccessCheckInterceptorKeys(Handle<AccessCheckInfo> access_check_info,Handle<JSReceiver> receiver,Handle<JSObject> object)552 Maybe<bool> KeyAccumulator::CollectAccessCheckInterceptorKeys(
553 Handle<AccessCheckInfo> access_check_info, Handle<JSReceiver> receiver,
554 Handle<JSObject> object) {
555 MAYBE_RETURN(
556 (CollectInterceptorKeysInternal<v8::IndexedPropertyEnumeratorCallback,
557 kIndexed>(
558 receiver, object,
559 handle(
560 InterceptorInfo::cast(access_check_info->indexed_interceptor()),
561 isolate_),
562 this)),
563 Nothing<bool>());
564 MAYBE_RETURN(
565 (CollectInterceptorKeysInternal<
566 v8::GenericNamedPropertyEnumeratorCallback, kNamed>(
567 receiver, object,
568 handle(InterceptorInfo::cast(access_check_info->named_interceptor()),
569 isolate_),
570 this)),
571 Nothing<bool>());
572 return Just(true);
573 }
574
575 // Returns |true| on success, |false| if prototype walking should be stopped,
576 // |nothing| if an exception was thrown.
CollectOwnKeys(Handle<JSReceiver> receiver,Handle<JSObject> object)577 Maybe<bool> KeyAccumulator::CollectOwnKeys(Handle<JSReceiver> receiver,
578 Handle<JSObject> object) {
579 // Check access rights if required.
580 if (object->IsAccessCheckNeeded() &&
581 !isolate_->MayAccess(handle(isolate_->context()), object)) {
582 // The cross-origin spec says that [[Enumerate]] shall return an empty
583 // iterator when it doesn't have access...
584 if (mode_ == KeyCollectionMode::kIncludePrototypes) {
585 return Just(false);
586 }
587 // ...whereas [[OwnPropertyKeys]] shall return whitelisted properties.
588 DCHECK(KeyCollectionMode::kOwnOnly == mode_);
589 Handle<AccessCheckInfo> access_check_info;
590 {
591 DisallowHeapAllocation no_gc;
592 AccessCheckInfo* maybe_info = AccessCheckInfo::Get(isolate_, object);
593 if (maybe_info) access_check_info = handle(maybe_info, isolate_);
594 }
595 // We always have both kinds of interceptors or none.
596 if (!access_check_info.is_null() &&
597 access_check_info->named_interceptor()) {
598 MAYBE_RETURN(CollectAccessCheckInterceptorKeys(access_check_info,
599 receiver, object),
600 Nothing<bool>());
601 return Just(false);
602 }
603 filter_ = static_cast<PropertyFilter>(filter_ | ONLY_ALL_CAN_READ);
604 }
605 MAYBE_RETURN(CollectOwnElementIndices(receiver, object), Nothing<bool>());
606 MAYBE_RETURN(CollectOwnPropertyNames(receiver, object), Nothing<bool>());
607 return Just(true);
608 }
609
610 // static
GetEnumPropertyKeys(Isolate * isolate,Handle<JSObject> object)611 Handle<FixedArray> KeyAccumulator::GetEnumPropertyKeys(
612 Isolate* isolate, Handle<JSObject> object) {
613 if (object->HasFastProperties()) {
614 return GetFastEnumPropertyKeys(isolate, object);
615 } else if (object->IsJSGlobalObject()) {
616 Handle<GlobalDictionary> dictionary(object->global_dictionary(), isolate);
617 int length = dictionary->NumberOfEnumElements();
618 if (length == 0) {
619 return isolate->factory()->empty_fixed_array();
620 }
621 Handle<FixedArray> storage = isolate->factory()->NewFixedArray(length);
622 dictionary->CopyEnumKeysTo(*storage);
623 return storage;
624 } else {
625 Handle<NameDictionary> dictionary(object->property_dictionary(), isolate);
626 int length = dictionary->NumberOfEnumElements();
627 if (length == 0) {
628 return isolate->factory()->empty_fixed_array();
629 }
630 Handle<FixedArray> storage = isolate->factory()->NewFixedArray(length);
631 dictionary->CopyEnumKeysTo(*storage);
632 return storage;
633 }
634 }
635
636 // ES6 9.5.12
637 // Returns |true| on success, |nothing| in case of exception.
CollectOwnJSProxyKeys(Handle<JSReceiver> receiver,Handle<JSProxy> proxy)638 Maybe<bool> KeyAccumulator::CollectOwnJSProxyKeys(Handle<JSReceiver> receiver,
639 Handle<JSProxy> proxy) {
640 STACK_CHECK(isolate_, Nothing<bool>());
641 // 1. Let handler be the value of the [[ProxyHandler]] internal slot of O.
642 Handle<Object> handler(proxy->handler(), isolate_);
643 // 2. If handler is null, throw a TypeError exception.
644 // 3. Assert: Type(handler) is Object.
645 if (proxy->IsRevoked()) {
646 isolate_->Throw(*isolate_->factory()->NewTypeError(
647 MessageTemplate::kProxyRevoked, isolate_->factory()->ownKeys_string()));
648 return Nothing<bool>();
649 }
650 // 4. Let target be the value of the [[ProxyTarget]] internal slot of O.
651 Handle<JSReceiver> target(proxy->target(), isolate_);
652 // 5. Let trap be ? GetMethod(handler, "ownKeys").
653 Handle<Object> trap;
654 ASSIGN_RETURN_ON_EXCEPTION_VALUE(
655 isolate_, trap, Object::GetMethod(Handle<JSReceiver>::cast(handler),
656 isolate_->factory()->ownKeys_string()),
657 Nothing<bool>());
658 // 6. If trap is undefined, then
659 if (trap->IsUndefined(isolate_)) {
660 // 6a. Return target.[[OwnPropertyKeys]]().
661 return CollectOwnJSProxyTargetKeys(proxy, target);
662 }
663 // 7. Let trapResultArray be Call(trap, handler, «target»).
664 Handle<Object> trap_result_array;
665 Handle<Object> args[] = {target};
666 ASSIGN_RETURN_ON_EXCEPTION_VALUE(
667 isolate_, trap_result_array,
668 Execution::Call(isolate_, trap, handler, arraysize(args), args),
669 Nothing<bool>());
670 // 8. Let trapResult be ? CreateListFromArrayLike(trapResultArray,
671 // «String, Symbol»).
672 Handle<FixedArray> trap_result;
673 ASSIGN_RETURN_ON_EXCEPTION_VALUE(
674 isolate_, trap_result,
675 Object::CreateListFromArrayLike(isolate_, trap_result_array,
676 ElementTypes::kStringAndSymbol),
677 Nothing<bool>());
678 // 9. Let extensibleTarget be ? IsExtensible(target).
679 Maybe<bool> maybe_extensible = JSReceiver::IsExtensible(target);
680 MAYBE_RETURN(maybe_extensible, Nothing<bool>());
681 bool extensible_target = maybe_extensible.FromJust();
682 // 10. Let targetKeys be ? target.[[OwnPropertyKeys]]().
683 Handle<FixedArray> target_keys;
684 ASSIGN_RETURN_ON_EXCEPTION_VALUE(isolate_, target_keys,
685 JSReceiver::OwnPropertyKeys(target),
686 Nothing<bool>());
687 // 11. (Assert)
688 // 12. Let targetConfigurableKeys be an empty List.
689 // To save memory, we're re-using target_keys and will modify it in-place.
690 Handle<FixedArray> target_configurable_keys = target_keys;
691 // 13. Let targetNonconfigurableKeys be an empty List.
692 Handle<FixedArray> target_nonconfigurable_keys =
693 isolate_->factory()->NewFixedArray(target_keys->length());
694 int nonconfigurable_keys_length = 0;
695 // 14. Repeat, for each element key of targetKeys:
696 for (int i = 0; i < target_keys->length(); ++i) {
697 // 14a. Let desc be ? target.[[GetOwnProperty]](key).
698 PropertyDescriptor desc;
699 Maybe<bool> found = JSReceiver::GetOwnPropertyDescriptor(
700 isolate_, target, handle(target_keys->get(i), isolate_), &desc);
701 MAYBE_RETURN(found, Nothing<bool>());
702 // 14b. If desc is not undefined and desc.[[Configurable]] is false, then
703 if (found.FromJust() && !desc.configurable()) {
704 // 14b i. Append key as an element of targetNonconfigurableKeys.
705 target_nonconfigurable_keys->set(nonconfigurable_keys_length,
706 target_keys->get(i));
707 nonconfigurable_keys_length++;
708 // The key was moved, null it out in the original list.
709 target_keys->set(i, Smi::FromInt(0));
710 } else {
711 // 14c. Else,
712 // 14c i. Append key as an element of targetConfigurableKeys.
713 // (No-op, just keep it in |target_keys|.)
714 }
715 }
716 // 15. If extensibleTarget is true and targetNonconfigurableKeys is empty,
717 // then:
718 if (extensible_target && nonconfigurable_keys_length == 0) {
719 // 15a. Return trapResult.
720 return AddKeysFromJSProxy(proxy, trap_result);
721 }
722 // 16. Let uncheckedResultKeys be a new List which is a copy of trapResult.
723 Zone set_zone(isolate_->allocator());
724 const int kPresent = 1;
725 const int kGone = 0;
726 IdentityMap<int> unchecked_result_keys(isolate_->heap(), &set_zone);
727 int unchecked_result_keys_size = 0;
728 for (int i = 0; i < trap_result->length(); ++i) {
729 DCHECK(trap_result->get(i)->IsUniqueName());
730 Object* key = trap_result->get(i);
731 int* entry = unchecked_result_keys.Get(key);
732 if (*entry != kPresent) {
733 *entry = kPresent;
734 unchecked_result_keys_size++;
735 }
736 }
737 // 17. Repeat, for each key that is an element of targetNonconfigurableKeys:
738 for (int i = 0; i < nonconfigurable_keys_length; ++i) {
739 Object* key = target_nonconfigurable_keys->get(i);
740 // 17a. If key is not an element of uncheckedResultKeys, throw a
741 // TypeError exception.
742 int* found = unchecked_result_keys.Find(key);
743 if (found == nullptr || *found == kGone) {
744 isolate_->Throw(*isolate_->factory()->NewTypeError(
745 MessageTemplate::kProxyOwnKeysMissing, handle(key, isolate_)));
746 return Nothing<bool>();
747 }
748 // 17b. Remove key from uncheckedResultKeys.
749 *found = kGone;
750 unchecked_result_keys_size--;
751 }
752 // 18. If extensibleTarget is true, return trapResult.
753 if (extensible_target) {
754 return AddKeysFromJSProxy(proxy, trap_result);
755 }
756 // 19. Repeat, for each key that is an element of targetConfigurableKeys:
757 for (int i = 0; i < target_configurable_keys->length(); ++i) {
758 Object* key = target_configurable_keys->get(i);
759 if (key->IsSmi()) continue; // Zapped entry, was nonconfigurable.
760 // 19a. If key is not an element of uncheckedResultKeys, throw a
761 // TypeError exception.
762 int* found = unchecked_result_keys.Find(key);
763 if (found == nullptr || *found == kGone) {
764 isolate_->Throw(*isolate_->factory()->NewTypeError(
765 MessageTemplate::kProxyOwnKeysMissing, handle(key, isolate_)));
766 return Nothing<bool>();
767 }
768 // 19b. Remove key from uncheckedResultKeys.
769 *found = kGone;
770 unchecked_result_keys_size--;
771 }
772 // 20. If uncheckedResultKeys is not empty, throw a TypeError exception.
773 if (unchecked_result_keys_size != 0) {
774 DCHECK_GT(unchecked_result_keys_size, 0);
775 isolate_->Throw(*isolate_->factory()->NewTypeError(
776 MessageTemplate::kProxyOwnKeysNonExtensible));
777 return Nothing<bool>();
778 }
779 // 21. Return trapResult.
780 return AddKeysFromJSProxy(proxy, trap_result);
781 }
782
CollectOwnJSProxyTargetKeys(Handle<JSProxy> proxy,Handle<JSReceiver> target)783 Maybe<bool> KeyAccumulator::CollectOwnJSProxyTargetKeys(
784 Handle<JSProxy> proxy, Handle<JSReceiver> target) {
785 // TODO(cbruni): avoid creating another KeyAccumulator
786 Handle<FixedArray> keys;
787 ASSIGN_RETURN_ON_EXCEPTION_VALUE(
788 isolate_, keys,
789 KeyAccumulator::GetKeys(target, KeyCollectionMode::kOwnOnly, filter_,
790 GetKeysConversion::kConvertToString,
791 filter_proxy_keys_, is_for_in_),
792 Nothing<bool>());
793 bool prev_filter_proxy_keys_ = filter_proxy_keys_;
794 filter_proxy_keys_ = false;
795 Maybe<bool> result = AddKeysFromJSProxy(proxy, keys);
796 filter_proxy_keys_ = prev_filter_proxy_keys_;
797 return result;
798 }
799
800 } // namespace internal
801 } // namespace v8
802