Reland "[runtime] Pass global proxy as receiver to native accessors in case of contextual access"

Based on past discussions I'm going to try to reland this change. This makes window.document and document behave the same after navigation, which is a change from what the spec says. If this works out though, it would greatly simplify the spec; and fix the fact that currently it's leaking the underlying global object, which we don't want for security and object-identity reasons. Bug: chromium:713732 Change-Id: I5ce89afb46349ff92b7f5a884a7c388fcff887bf Reviewed-on: https://chromium-review.googlesource.com/522605Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#45678}

Reland "[runtime] Pass global proxy as receiver to native accessors in case of contextual access"
Based on past discussions I'm going to try to reland this change. This makes window.document and document behave the same after navigation, which is a change from what the spec says. If this works out though, it would greatly simplify the spec; and fix the fact that currently it's leaking the underlying global object, which we don't want for security and object-identity reasons. Bug: chromium:713732 Change-Id: I5ce89afb46349ff92b7f5a884a7c388fcff887bf Reviewed-on: https://chromium-review.googlesource.com/522605Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#45678}
1e813e53 · Toon Verwaest · Commit Bot · c30f0930 · 1e813e53 · 1e813e53
Commit 1e813e53 authored Jun 02, 2017 by Toon Verwaest Committed by Commit Bot Jun 02, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 28 additions and 0 deletions

objects.cc src/objects.cc +10 -0

test-api.cc test/cctest/test-api.cc +18 -0

No files found.
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -1371,6 +1371,11 @@ MaybeHandle<Object> Object::GetPropertyWithAccessor(LookupIterator* it) {
  Isolate* isolate = it->isolate();
  Handle<Object> structure = it->GetAccessors();
  Handle<Object> receiver = it->GetReceiver();
+  // In case of global IC, the receiver is the global object. Replace by the
+  // global proxy.
+  if (receiver->IsJSGlobalObject()) {
+    receiver = handle(JSGlobalObject::cast(*receiver)->global_proxy(), isolate);
+  }

  // We should never get here to initialize a const with the hole value since a
  // const declaration would conflict with the getter.
@@ -1463,6 +1468,11 @@ Maybe<bool> Object::SetPropertyWithAccessor(LookupIterator* it,
  Isolate* isolate = it->isolate();
  Handle<Object> structure = it->GetAccessors();
  Handle<Object> receiver = it->GetReceiver();
+  // In case of global IC, the receiver is the global object. Replace by the
+  // global proxy.
+  if (receiver->IsJSGlobalObject()) {
+    receiver = handle(JSGlobalObject::cast(*receiver)->global_proxy(), isolate);
+  }

  // We should never get here to initialize a const with the hole value since a
  // const declaration would conflict with the setter.

--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -26588,6 +26588,24 @@ TEST(SetPrototypeTemplate) {
  ExpectTrue("Image.prototype === HTMLImageElement.prototype");
 }

+void ensure_receiver_is_global_proxy(
+    v8::Local<v8::Name>, const v8::PropertyCallbackInfo<v8::Value>& info) {
+  CHECK(v8::Utils::OpenHandle(*info.This())->IsJSGlobalProxy());
+}
+
+THREADED_TEST(GlobalAccessorInfo) {
+  v8::Isolate* isolate = CcTest::isolate();
+  v8::HandleScope scope(isolate);
+  Local<v8::ObjectTemplate> global_template = v8::ObjectTemplate::New(isolate);
+  global_template->SetAccessor(
+      v8::String::NewFromUtf8(isolate, "prop", v8::NewStringType::kInternalized)
+          .ToLocalChecked(),
+      &ensure_receiver_is_global_proxy);
+  LocalContext env(NULL, global_template);
+  CompileRun("for (var i = 0; i < 10; i++) this.prop");
+  CompileRun("for (var i = 0; i < 10; i++) prop");
+}
+
 UNINITIALIZED_TEST(IncreaseHeapLimitForDebugging) {
  using namespace i;
  v8::Isolate::CreateParams create_params;