[inspector] exposed builtins for injected script source

Methods on Object can be overriden by user, we should be prepared.

BUG=chromium:595206
R=dgozman@chromium.org,luoe@chromium.org,yangguo@chromium.org

Review-Url: https://codereview.chromium.org/2772093002
Cr-Commit-Position: refs/heads/master@{#44128}

src/api.cc

@@ -9568,6 +9568,36 @@ v8::MaybeLocal<v8::Array> debug::EntriesPreview(Isolate* v8_isolate,
   return v8::MaybeLocal<v8::Array>();
 }
 
+Local<Function> debug::GetBuiltin(Isolate* v8_isolate, Builtin builtin) {
+  i::Isolate* isolate = reinterpret_cast<i::Isolate*>(v8_isolate);
+  ENTER_V8(isolate);
+  i::HandleScope handle_scope(isolate);
+  i::Builtins::Name name;
+  switch (builtin) {
+    case kObjectKeys:
+      name = i::Builtins::kObjectKeys;
+      break;
+    case kObjectGetPrototypeOf:
+      name = i::Builtins::kObjectGetPrototypeOf;
+      break;
+    case kObjectGetOwnPropertyDescriptor:
+      name = i::Builtins::kObjectGetOwnPropertyDescriptor;
+      break;
+    case kObjectGetOwnPropertyNames:
+      name = i::Builtins::kObjectGetOwnPropertyNames;
+      break;
+    case kObjectGetOwnPropertySymbols:
+      name = i::Builtins::kObjectGetOwnPropertySymbols;
+      break;
+  }
+  i::Handle<i::Code> call_code(isolate->builtins()->builtin(name));
+  i::Handle<i::JSFunction> fun =
+      isolate->factory()->NewFunctionWithoutPrototype(
+          isolate->factory()->empty_string(), call_code, false);
+  fun->shared()->DontAdaptArguments();
+  return Utils::ToLocal(handle_scope.CloseAndEscape(fun));
+}
+
 MaybeLocal<debug::Script> debug::GeneratorObject::Script() {
   i::Handle<i::JSGeneratorObject> obj = Utils::OpenHandle(this);
   i::Object* maybe_script = obj->function()->shared()->script();

src/debug/debug-interface.h

@@ -197,6 +197,16 @@ v8::MaybeLocal<v8::Array> EntriesPreview(Isolate* isolate,
                                          v8::Local<v8::Value> value,
                                          bool* is_key_value);
 
+enum Builtin {
+  kObjectKeys,
+  kObjectGetPrototypeOf,
+  kObjectGetOwnPropertyDescriptor,
+  kObjectGetOwnPropertyNames,
+  kObjectGetOwnPropertySymbols,
+};
+
+Local<Function> GetBuiltin(Isolate* isolate, Builtin builtin);
+
 /**
  * Native wrapper around v8::internal::JSGeneratorObject object.
  */

src/inspector/injected-script-source.js

@@ -37,12 +37,6 @@
  */
 (function (InjectedScriptHost, inspectedGlobalObject, injectedScriptId) {
 
-/**
- * Protect against Object overwritten by the user code.
- * @suppress {duplicate}
- */
-var Object = /** @type {function(new:Object, *=)} */ ({}.constructor);
-
 /**
  * @param {!Array.<T>} array
  * @param {...} var_args
@@ -187,7 +181,7 @@ var InjectedScript = function()
 InjectedScriptHost.nullifyPrototype(InjectedScript);
 
 /**
- * @type {!Object.<string, boolean>}
+ * @type {!Object<string, boolean>}
  * @const
  */
 InjectedScript.primitiveTypes = {
@@ -373,7 +367,7 @@ InjectedScript.prototype = {
         if (InjectedScriptHost.subtype(object) === "proxy")
             return null;
         try {
-            return Object.getPrototypeOf(object);
+            return InjectedScriptHost.getPrototypeOf(object);
         } catch (e) {
             return null;
         }
@@ -420,7 +414,7 @@ InjectedScript.prototype = {
 
                 var descriptor;
                 try {
-                    descriptor = Object.getOwnPropertyDescriptor(o, property);
+                    descriptor = InjectedScriptHost.getOwnPropertyDescriptor(o, property);
                     InjectedScriptHost.nullifyPrototype(descriptor);
                     var isAccessorProperty = descriptor && ("get" in descriptor || "set" in descriptor);
                     if (accessorPropertiesOnly && !isAccessorProperty)
@@ -496,15 +490,13 @@ InjectedScript.prototype = {
                         return descriptors;
                 } else {
                     // First call Object.keys() to enforce ordering of the property descriptors.
-                    if (!process(o, Object.keys(o)))
+                    if (!process(o, InjectedScriptHost.keys(o)))
                         return descriptors;
-                    if (!process(o, Object.getOwnPropertyNames(o)))
-                        return descriptors;
-                }
-                if (Object.getOwnPropertySymbols) {
-                    if (!process(o, Object.getOwnPropertySymbols(o)))
+                    if (!process(o, InjectedScriptHost.getOwnPropertyNames(o)))
                         return descriptors;
                 }
+                if (!process(o, InjectedScriptHost.getOwnPropertySymbols(o)))
+                    return descriptors;
 
                 if (ownProperties) {
                     var proto = this._objectPrototype(o);

src/inspector/injected_script_externs.js

@@ -70,6 +70,37 @@ InjectedScriptHostClass.prototype.bind = function(value, groupName) {}
  */
 InjectedScriptHostClass.prototype.proxyTargetValue = function(object) {}
 
+/**
+ * @param {!Object} obj
+ * @return {!Array<string>}
+ */
+InjectedScriptHostClass.prototype.keys = function(obj) {}
+
+/**
+ * @param {!Object} obj
+ * @return {Object}
+ */
+InjectedScriptHostClass.prototype.getPrototypeOf = function(obj) {}
+
+/**
+ * @param {!Object} obj
+ * @param {string} prop
+ * @return {Object}
+ */
+InjectedScriptHostClass.prototype.getOwnPropertyDescriptor = function(obj, prop) {}
+
+/**
+ * @param {!Object} obj
+ * @return {!Array<string>}
+ */
+InjectedScriptHostClass.prototype.getOwnPropertyNames = function(obj) {}
+
+/**
+ * @param {!Object} obj
+ * @return {!Array<symbol>}
+ */
+InjectedScriptHostClass.prototype.getOwnPropertySymbols = function(obj) {}
+
 /** @type {!InjectedScriptHostClass} */
 var InjectedScriptHost;
 /** @type {!Window} */

src/inspector/v8-injected-script-host.cc

@@ -80,6 +80,26 @@ v8::Local<v8::Object> V8InjectedScriptHost::create(
   setFunctionProperty(context, injectedScriptHost, "proxyTargetValue",
                       V8InjectedScriptHost::proxyTargetValueCallback,
                       debuggerExternal);
+  createDataProperty(context, injectedScriptHost,
+                     toV8StringInternalized(isolate, "keys"),
+                     v8::debug::GetBuiltin(isolate, v8::debug::kObjectKeys));
+  createDataProperty(
+      context, injectedScriptHost,
+      toV8StringInternalized(isolate, "getPrototypeOf"),
+      v8::debug::GetBuiltin(isolate, v8::debug::kObjectGetPrototypeOf));
+  createDataProperty(
+      context, injectedScriptHost,
+      toV8StringInternalized(isolate, "getOwnPropertyDescriptor"),
+      v8::debug::GetBuiltin(isolate,
+                            v8::debug::kObjectGetOwnPropertyDescriptor));
+  createDataProperty(
+      context, injectedScriptHost,
+      toV8StringInternalized(isolate, "getOwnPropertyNames"),
+      v8::debug::GetBuiltin(isolate, v8::debug::kObjectGetOwnPropertyNames));
+  createDataProperty(
+      context, injectedScriptHost,
+      toV8StringInternalized(isolate, "getOwnPropertySymbols"),
+      v8::debug::GetBuiltin(isolate, v8::debug::kObjectGetOwnPropertySymbols));
   return injectedScriptHost;
 }
 

test/inspector/protocol-test.js

@@ -329,8 +329,6 @@ InspectorTest.setupInjectedScriptEnvironment = function(debug) {
   while (match = getterRegex.exec(injectedScriptSource)) {
     getters.add(match[0].substr(1));
   }
-  // TODO(kozyatinskiy): pass builtins to injected script source.
-  getters.delete('constructor');
   scriptSource += `(function installSettersAndGetters() {
     let defineProperty = Object.defineProperty;
     let ObjectPrototype = Object.prototype;\n`;