Plumb Isolate through ElementsAccessor* Get functions

Currently the Isolate is gotten off of the object that the operation is being performed on. Shared objects return the shared Isolate, which is incorrect as it shouldn't be used to run JS, nor does it have HandleScopes open. Plumb the executing Isolate through. Bug: v8:12547 Change-Id: I2f500cbb707b3ce2e8a78203df9920374c190d28 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3691967 Commit-Queue: Luis Fernando Pardo Sixtos <lpardosixtos@microsoft.com> Reviewed-by: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#80962}

Plumb Isolate through ElementsAccessor* Get functions
Currently the Isolate is gotten off of the object that the operation is being performed on. Shared objects return the shared Isolate, which is incorrect as it shouldn't be used to run JS, nor does it have HandleScopes open. Plumb the executing Isolate through. Bug: v8:12547 Change-Id: I2f500cbb707b3ce2e8a78203df9920374c190d28 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3691967 Commit-Queue: Luis Fernando Pardo Sixtos <lpardosixtos@microsoft.com> Reviewed-by: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#80962}
2b32409c · Luis Fernando Pardo Sixtos · V8 LUCI CQ · 8ae11886 · 2b32409c · 2b32409c
Commit 2b32409c authored Jun 06, 2022 by Luis Fernando Pardo Sixtos Committed by V8 LUCI CQ Jun 06, 2022
5 changed files
--- a/src/builtins/builtins-array.cc
+++ b/src/builtins/builtins-array.cc
@@ -1659,7 +1659,7 @@ inline MaybeHandle<OrderedHashMap> FastArrayGroupBy(
    }
    // 6a. Let Pk be ! ToString(𝔽(k)).
    // 6b. Let kValue be ? Get(O, Pk).
-    Handle<Object> kValue = accessor->Get(array, k);
+    Handle<Object> kValue = accessor->Get(isolate, array, k);
    if (kValue->IsTheHole()) {
      kValue = isolate->factory()->undefined_value();
    }

--- a/src/objects/elements.cc
+++ b/src/objects/elements.cc
@@ -632,13 +632,15 @@ class ElementsAccessorBase : public InternalElementsAccessor {
    return false;
  }

-  Handle<Object> Get(Handle<JSObject> holder, InternalIndex entry) final {
-    return Subclass::GetInternalImpl(holder, entry);
+  Handle<Object> Get(Isolate* isolate, Handle<JSObject> holder,
+                     InternalIndex entry) final {
+    return Subclass::GetInternalImpl(isolate, holder, entry);
  }

-  static Handle<Object> GetInternalImpl(Handle<JSObject> holder,
+  static Handle<Object> GetInternalImpl(Isolate* isolate,
+                                        Handle<JSObject> holder,
                                        InternalIndex entry) {
-    return Subclass::GetImpl(holder->GetIsolate(), holder->elements(), entry);
+    return Subclass::GetImpl(isolate, holder->elements(), entry);
  }

  static Handle<Object> GetImpl(Isolate* isolate, FixedArrayBase backing_store,
@@ -1082,7 +1084,7 @@ class ElementsAccessorBase : public InternalElementsAccessor {

      Handle<Object> value;
      if (details.kind() == PropertyKind::kData) {
-        value = Subclass::GetInternalImpl(object, entry);
+        value = Subclass::GetInternalImpl(isolate, object, entry);
      } else {
        // This might modify the elements and/or change the elements kind.
        LookupIterator it(isolate, object, index, LookupIterator::OWN);
@@ -3139,10 +3141,10 @@ class TypedElementsAccessor
    }
  }

-  static Handle<Object> GetInternalImpl(Handle<JSObject> holder,
+  static Handle<Object> GetInternalImpl(Isolate* isolate,
+                                        Handle<JSObject> holder,
                                        InternalIndex entry) {
    Handle<JSTypedArray> typed_array = Handle<JSTypedArray>::cast(holder);
-    Isolate* isolate = typed_array->GetIsolate();
    DCHECK_LT(entry.raw_value(), typed_array->GetLength());
    DCHECK(!typed_array->IsDetachedOrOutOfBounds());
    auto* element_ptr =
@@ -3269,7 +3271,7 @@ class TypedElementsAccessor
    size_t length = AccessorClass::GetCapacityImpl(*receiver, *elements);
    for (size_t i = 0; i < length; i++) {
      Handle<Object> value =
-          AccessorClass::GetInternalImpl(receiver, InternalIndex(i));
+          AccessorClass::GetInternalImpl(isolate, receiver, InternalIndex(i));
      RETURN_FAILURE_IF_NOT_SUCCESSFUL(accumulator->AddKey(value, convert));
    }
    return ExceptionStatus::kSuccess;
@@ -3284,8 +3286,8 @@ class TypedElementsAccessor
      Handle<FixedArrayBase> elements(object->elements(), isolate);
      size_t length = AccessorClass::GetCapacityImpl(*object, *elements);
      for (size_t index = 0; index < length; ++index) {
-        Handle<Object> value =
-            AccessorClass::GetInternalImpl(object, InternalIndex(index));
+        Handle<Object> value = AccessorClass::GetInternalImpl(
+            isolate, object, InternalIndex(index));
        if (get_entries) {
          value = MakeEntryPair(isolate, index, value);
        }
@@ -3567,8 +3569,8 @@ class TypedElementsAccessor
    Handle<JSTypedArray> typed_array = Handle<JSTypedArray>::cast(object);
    Handle<FixedArray> result = isolate->factory()->NewFixedArray(length);
    for (uint32_t i = 0; i < length; i++) {
-      Handle<Object> value =
-          AccessorClass::GetInternalImpl(typed_array, InternalIndex(i));
+      Handle<Object> value = AccessorClass::GetInternalImpl(
+          isolate, typed_array, InternalIndex(i));
      result->set(i, *value);
    }
    return result;
@@ -4938,7 +4940,8 @@ template <typename Subclass, typename BackingStoreAccessor, typename KindTraits>
 class StringWrapperElementsAccessor
    : public ElementsAccessorBase<Subclass, KindTraits> {
 public:
-  static Handle<Object> GetInternalImpl(Handle<JSObject> holder,
+  static Handle<Object> GetInternalImpl(Isolate* isolate,
+                                        Handle<JSObject> holder,
                                        InternalIndex entry) {
    return GetImpl(holder, entry);
  }

--- a/src/objects/elements.h
+++ b/src/objects/elements.h
@@ -56,7 +56,8 @@ class ElementsAccessor {
  // typed array elements.
  virtual bool HasEntry(JSObject holder, InternalIndex entry) = 0;

-  virtual Handle<Object> Get(Handle<JSObject> holder, InternalIndex entry) = 0;
+  virtual Handle<Object> Get(Isolate* isolate, Handle<JSObject> holder,
+                             InternalIndex entry) = 0;

  virtual bool HasAccessors(JSObject holder) = 0;
  virtual size_t NumberOfElements(JSObject holder) = 0;

--- a/src/objects/keys.cc
+++ b/src/objects/keys.cc
@@ -664,7 +664,7 @@ KeyAccumulator::FilterForEnumerableProperties(
    PropertyCallbackArguments args(isolate_, interceptor->data(), *receiver,
                                   *object, Just(kDontThrow));

-    Handle<Object> element = accessor->Get(result, entry);
+    Handle<Object> element = accessor->Get(isolate_, result, entry);
    Handle<Object> attributes;
    if (type == kIndexed) {
      uint32_t number;

--- a/src/objects/lookup.cc
+++ b/src/objects/lookup.cc
@@ -887,7 +887,7 @@ Handle<Object> LookupIterator::FetchValue(
    DCHECK(holder_->IsJSObject(isolate_));
    Handle<JSObject> holder = GetHolder<JSObject>();
    ElementsAccessor* accessor = holder->GetElementsAccessor(isolate_);
-    return accessor->Get(holder, number_);
+    return accessor->Get(isolate_, holder, number_);
  } else if (holder_->IsJSGlobalObject(isolate_)) {
    Handle<JSGlobalObject> holder = GetHolder<JSGlobalObject>();
    result = holder->global_dictionary(isolate_, kAcquireLoad)