Commit 6dd1251e authored by Michael Starzinger's avatar Michael Starzinger Committed by Commit Bot

Handlify FrameFunctionIterator to allow for GCs.

R=tebbi@chromium.org
TEST=mjsunit/regress/regress-crbug-755044
BUG=chromium:755044

Change-Id: I909eeeccaf4e4e9757a2f952c00f557ee6c495ee
Reviewed-on: https://chromium-review.googlesource.com/625878Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47510}
parent 749b9c06
...@@ -928,20 +928,21 @@ static inline bool AllowAccessToFunction(Context* current_context, ...@@ -928,20 +928,21 @@ static inline bool AllowAccessToFunction(Context* current_context,
class FrameFunctionIterator { class FrameFunctionIterator {
public: public:
FrameFunctionIterator(Isolate* isolate, const DisallowHeapAllocation& promise) explicit FrameFunctionIterator(Isolate* isolate)
: isolate_(isolate), frame_iterator_(isolate), frames_(2), index_(0) { : isolate_(isolate), frame_iterator_(isolate), frames_(2), index_(0) {
GetFrames(); GetFrames();
} }
JSFunction* next() { MaybeHandle<JSFunction> next() {
while (true) { while (true) {
if (frames_.length() == 0) return NULL; if (frames_.length() == 0) return MaybeHandle<JSFunction>();
JSFunction* next_function = *frames_[index_].AsJavaScript().function(); Handle<JSFunction> next_function =
frames_[index_].AsJavaScript().function();
index_--; index_--;
if (index_ < 0) { if (index_ < 0) {
GetFrames(); GetFrames();
} }
// Skip functions from other origins. // Skip functions from other origins.
if (!AllowAccessToFunction(isolate_->context(), next_function)) continue; if (!AllowAccessToFunction(isolate_->context(), *next_function)) continue;
return next_function; return next_function;
} }
} }
...@@ -949,13 +950,12 @@ class FrameFunctionIterator { ...@@ -949,13 +950,12 @@ class FrameFunctionIterator {
// Iterate through functions until the first occurrence of 'function'. // Iterate through functions until the first occurrence of 'function'.
// Returns true if 'function' is found, and false if the iterator ends // Returns true if 'function' is found, and false if the iterator ends
// without finding it. // without finding it.
bool Find(JSFunction* function) { bool Find(Handle<JSFunction> function) {
JSFunction* next_function; Handle<JSFunction> next_function;
do { do {
next_function = next(); if (!next().ToHandle(&next_function)) return false;
if (next_function == function) return true; } while (!next_function.is_identical_to(function));
} while (next_function != NULL); return true;
return false;
} }
private: private:
...@@ -977,33 +977,31 @@ class FrameFunctionIterator { ...@@ -977,33 +977,31 @@ class FrameFunctionIterator {
MaybeHandle<JSFunction> FindCaller(Isolate* isolate, MaybeHandle<JSFunction> FindCaller(Isolate* isolate,
Handle<JSFunction> function) { Handle<JSFunction> function) {
DisallowHeapAllocation no_allocation; FrameFunctionIterator it(isolate);
FrameFunctionIterator it(isolate, no_allocation);
if (function->shared()->native()) { if (function->shared()->native()) {
return MaybeHandle<JSFunction>(); return MaybeHandle<JSFunction>();
} }
// Find the function from the frames. // Find the function from the frames.
if (!it.Find(*function)) { if (!it.Find(function)) {
// No frame corresponding to the given function found. Return null. // No frame corresponding to the given function found. Return null.
return MaybeHandle<JSFunction>(); return MaybeHandle<JSFunction>();
} }
// Find previously called non-toplevel function. // Find previously called non-toplevel function.
JSFunction* caller; Handle<JSFunction> caller;
do { do {
caller = it.next(); if (!it.next().ToHandle(&caller)) return MaybeHandle<JSFunction>();
if (caller == NULL) return MaybeHandle<JSFunction>();
} while (caller->shared()->is_toplevel()); } while (caller->shared()->is_toplevel());
// If caller is not user code and caller's caller is also not user code, // If caller is not user code and caller's caller is also not user code,
// use that instead. // use that instead.
JSFunction* potential_caller = caller; MaybeHandle<JSFunction> potential_caller = caller;
while (potential_caller != NULL && while (!potential_caller.is_null() &&
!potential_caller->shared()->IsUserJavaScript()) { !potential_caller.ToHandleChecked()->shared()->IsUserJavaScript()) {
caller = potential_caller; caller = potential_caller.ToHandleChecked();
potential_caller = it.next(); potential_caller = it.next();
} }
if (!caller->shared()->native() && potential_caller != NULL) { if (!caller->shared()->native() && !potential_caller.is_null()) {
caller = potential_caller; caller = potential_caller.ToHandleChecked();
} }
// Censor if the caller is not a sloppy mode function. // Censor if the caller is not a sloppy mode function.
// Change from ES5, which used to throw, see: // Change from ES5, which used to throw, see:
...@@ -1012,10 +1010,10 @@ MaybeHandle<JSFunction> FindCaller(Isolate* isolate, ...@@ -1012,10 +1010,10 @@ MaybeHandle<JSFunction> FindCaller(Isolate* isolate,
return MaybeHandle<JSFunction>(); return MaybeHandle<JSFunction>();
} }
// Don't return caller from another security context. // Don't return caller from another security context.
if (!AllowAccessToFunction(isolate->context(), caller)) { if (!AllowAccessToFunction(isolate->context(), *caller)) {
return MaybeHandle<JSFunction>(); return MaybeHandle<JSFunction>();
} }
return Handle<JSFunction>(caller); return caller;
} }
......
// Copyright 2017 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --allow-natives-syntax
function foo(f){
f.caller;
}
function bar(f) {
new foo(f);
}
bar(function() {});
%OptimizeFunctionOnNextCall(bar);
bar(function() {});
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment