Harden runtime functions (part 6).

Also blacklist LiveEdit-related functions from generated runtime tests. R=jarin@chromium.org Review URL: https://codereview.chromium.org/279593004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21259 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Harden runtime functions (part 6).
Also blacklist LiveEdit-related functions from generated runtime tests. R=jarin@chromium.org Review URL: https://codereview.chromium.org/279593004 git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@21259 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
e7a34f3f · jkummerow@chromium.org · 2bdd088c · e7a34f3f · e7a34f3f · e7a34f3f
Commit e7a34f3f authored May 12, 2014 by jkummerow@chromium.org
15 changed files
--- a/src/array.js
+++ b/src/array.js
@@ -1469,7 +1469,7 @@ function SetUpArray() {
    "isArray", ArrayIsArray
  ));

-  var specialFunctions = %SpecialArrayFunctions({});
+  var specialFunctions = %SpecialArrayFunctions();

  var getFunction = function(name, jsBuiltin, len) {
    var f = jsBuiltin;

--- a/src/runtime.cc
+++ b/src/runtime.cc
@@ -882,6 +882,7 @@ RUNTIME_FUNCTION(Runtime_ArrayBufferSliceImpl) {
  CONVERT_ARG_HANDLE_CHECKED(JSArrayBuffer, source, 0);
  CONVERT_ARG_HANDLE_CHECKED(JSArrayBuffer, target, 1);
  CONVERT_NUMBER_ARG_HANDLE_CHECKED(first, 2);
+  RUNTIME_ASSERT(!source.is_identical_to(target));
  size_t start = 0;
  RUNTIME_ASSERT(TryNumberToSize(isolate, *first, &start));
  size_t target_length = NumberToSize(isolate, target->byte_length());
@@ -2800,24 +2801,24 @@ RUNTIME_FUNCTION(Runtime_FinishArrayPrototypeSetup) {
 }


-static Handle<JSFunction> InstallBuiltin(Isolate* isolate,
-                                         Handle<JSObject> holder,
-                                         const char* name,
-                                         Builtins::Name builtin_name) {
+static void InstallBuiltin(Isolate* isolate,
+                           Handle<JSObject> holder,
+                           const char* name,
+                           Builtins::Name builtin_name) {
  Handle<String> key = isolate->factory()->InternalizeUtf8String(name);
  Handle<Code> code(isolate->builtins()->builtin(builtin_name));
  Handle<JSFunction> optimized =
      isolate->factory()->NewFunctionWithoutPrototype(key, code);
  optimized->shared()->DontAdaptArguments();
  JSReceiver::SetProperty(holder, key, optimized, NONE, STRICT).Assert();
-  return optimized;
 }


 RUNTIME_FUNCTION(Runtime_SpecialArrayFunctions) {
  HandleScope scope(isolate);
-  ASSERT(args.length() == 1);
-  CONVERT_ARG_HANDLE_CHECKED(JSObject, holder, 0);
+  ASSERT(args.length() == 0);
+  Handle<JSObject> holder =
+      isolate->factory()->NewJSObject(isolate->object_function());

  InstallBuiltin(isolate, holder, "pop", Builtins::kArrayPop);
  InstallBuiltin(isolate, holder, "push", Builtins::kArrayPush);

--- a/src/runtime.h
+++ b/src/runtime.h
@@ -40,7 +40,7 @@ namespace internal {
  F(GetArgumentsProperty, 1, 1) \
  F(ToFastProperties, 1, 1) \
  F(FinishArrayPrototypeSetup, 1, 1) \
-  F(SpecialArrayFunctions, 1, 1) \
+  F(SpecialArrayFunctions, 0, 1) \
  F(IsSloppyModeFunction, 1, 1) \
  F(GetDefaultReceiver, 1, 1) \
  \

--- a/test/mjsunit/runtime-gen/debuggetloadedscripts.js
+++ b/test/mjsunit/runtime-gen/debuggetloadedscripts.js
-// Copyright 2014 the V8 project authors. All rights reserved.
-// AUTO-GENERATED BY tools/generate-runtime-tests.py, DO NOT MODIFY
-// Flags: --allow-natives-syntax --harmony
-%DebugGetLoadedScripts();
--- a/test/mjsunit/runtime-gen/debugsetscriptsource.js
+++ b/test/mjsunit/runtime-gen/debugsetscriptsource.js
-// Copyright 2014 the V8 project authors. All rights reserved.
-// AUTO-GENERATED BY tools/generate-runtime-tests.py, DO NOT MODIFY
-// Flags: --allow-natives-syntax --harmony
-var arg0 = %DebugGetLoadedScripts()[1];
-var _source = "foo";
-try {
-%DebugSetScriptSource(arg0, _source);
-} catch(e) {}
--- a/test/mjsunit/runtime-gen/liveeditfindsharedfunctioninfosforscript.js
+++ b/test/mjsunit/runtime-gen/liveeditfindsharedfunctioninfosforscript.js
-// Copyright 2014 the V8 project authors. All rights reserved.
-// AUTO-GENERATED BY tools/generate-runtime-tests.py, DO NOT MODIFY
-// Flags: --allow-natives-syntax --harmony
-var arg0 = %DebugGetLoadedScripts()[1];
-%LiveEditFindSharedFunctionInfosForScript(arg0);
--- a/test/mjsunit/runtime-gen/liveeditfunctionsourceupdated.js
+++ b/test/mjsunit/runtime-gen/liveeditfunctionsourceupdated.js
-// Copyright 2014 the V8 project authors. All rights reserved.
-// AUTO-GENERATED BY tools/generate-runtime-tests.py, DO NOT MODIFY
-// Flags: --allow-natives-syntax --harmony
-var _shared_info = new Array();
-try {
-%LiveEditFunctionSourceUpdated(_shared_info);
-} catch(e) {}
--- a/test/mjsunit/runtime-gen/liveeditgathercompileinfo.js
+++ b/test/mjsunit/runtime-gen/liveeditgathercompileinfo.js
-// Copyright 2014 the V8 project authors. All rights reserved.
-// AUTO-GENERATED BY tools/generate-runtime-tests.py, DO NOT MODIFY
-// Flags: --allow-natives-syntax --harmony
-var arg0 = %DebugGetLoadedScripts()[1];
-var _source = "foo";
-%LiveEditGatherCompileInfo(arg0, _source);
--- a/test/mjsunit/runtime-gen/liveeditpatchfunctionpositions.js
+++ b/test/mjsunit/runtime-gen/liveeditpatchfunctionpositions.js
-// Copyright 2014 the V8 project authors. All rights reserved.
-// AUTO-GENERATED BY tools/generate-runtime-tests.py, DO NOT MODIFY
-// Flags: --allow-natives-syntax --harmony
-var _shared_array = new Array();
-var _position_change_array = new Array();
-try {
-%LiveEditPatchFunctionPositions(_shared_array, _position_change_array);
-} catch(e) {}
--- a/test/mjsunit/runtime-gen/liveeditreplacefunctioncode.js
+++ b/test/mjsunit/runtime-gen/liveeditreplacefunctioncode.js
-// Copyright 2014 the V8 project authors. All rights reserved.
-// AUTO-GENERATED BY tools/generate-runtime-tests.py, DO NOT MODIFY
-// Flags: --allow-natives-syntax --harmony
-var _new_compile_info = new Array();
-var _shared_info = new Array();
-try {
-%LiveEditReplaceFunctionCode(_new_compile_info, _shared_info);
-} catch(e) {}
--- a/test/mjsunit/runtime-gen/liveeditreplacereftonestedfunction.js
+++ b/test/mjsunit/runtime-gen/liveeditreplacereftonestedfunction.js
-// Copyright 2014 the V8 project authors. All rights reserved.
-// AUTO-GENERATED BY tools/generate-runtime-tests.py, DO NOT MODIFY
-// Flags: --allow-natives-syntax --harmony
-var _parent_wrapper = new String('foo');
-var _orig_wrapper = new String('foo');
-var _subst_wrapper = new String('foo');
-try {
-%LiveEditReplaceRefToNestedFunction(_parent_wrapper, _orig_wrapper, _subst_wrapper);
-} catch(e) {}
--- a/test/mjsunit/runtime-gen/liveeditrestartframe.js
+++ b/test/mjsunit/runtime-gen/liveeditrestartframe.js
-// Copyright 2014 the V8 project authors. All rights reserved.
-// AUTO-GENERATED BY tools/generate-runtime-tests.py, DO NOT MODIFY
-// Flags: --allow-natives-syntax --harmony
-var _break_id = 32;
-var _index = 32;
-try {
-%LiveEditRestartFrame(_break_id, _index);
-} catch(e) {}
--- a/test/mjsunit/runtime-gen/setscriptbreakpoint.js
+++ b/test/mjsunit/runtime-gen/setscriptbreakpoint.js
-// Copyright 2014 the V8 project authors. All rights reserved.
-// AUTO-GENERATED BY tools/generate-runtime-tests.py, DO NOT MODIFY
-// Flags: --allow-natives-syntax --harmony
-var arg0 = %DebugGetLoadedScripts()[1];
-var _source_position = 32;
-var arg2 = 0;
-var _break_point_object_arg = new Object();
-%SetScriptBreakPoint(arg0, _source_position, arg2, _break_point_object_arg);
--- a/test/mjsunit/runtime-gen/specialarrayfunctions.js
+++ b/test/mjsunit/runtime-gen/specialarrayfunctions.js
 // Copyright 2014 the V8 project authors. All rights reserved.
 // AUTO-GENERATED BY tools/generate-runtime-tests.py, DO NOT MODIFY
 // Flags: --allow-natives-syntax --harmony
-var _holder = new Object();
-%SpecialArrayFunctions(_holder);
+%SpecialArrayFunctions();
--- a/tools/generate-runtime-tests.py
+++ b/tools/generate-runtime-tests.py
@@ -25,7 +25,7 @@ THIS_SCRIPT = os.path.relpath(sys.argv[0])
 # remove or change runtime functions, but make sure we don't lose our ability
 # to parse them!
 EXPECTED_FUNCTION_COUNT = 338
-EXPECTED_FUZZABLE_COUNT = 315
+EXPECTED_FUZZABLE_COUNT = 305
 EXPECTED_CCTEST_COUNT = 6
 EXPECTED_UNKNOWN_COUNT = 5

@@ -45,8 +45,19 @@ BLACKLISTED = [
  "DisableAccessChecks",
  "EnableAccessChecks",

-  # Seems to be incompatible with --stress-runs.
+  # The current LiveEdit implementation relies on and messes with internals
+  # in ways that makes it fundamentally unfuzzable :-(
+  "DebugGetLoadedScripts",
+  "DebugSetScriptSource",
+  "LiveEditFindSharedFunctionInfosForScript",
+  "LiveEditFunctionSourceUpdated",
+  "LiveEditGatherCompileInfo",
+  "LiveEditPatchFunctionPositions",
+  "LiveEditReplaceFunctionCode",
+  "LiveEditReplaceRefToNestedFunction",
  "LiveEditReplaceScript",
+  "LiveEditRestartFrame",
+  "SetScriptBreakPoint",

  # TODO(jkummerow): Fix these and un-blacklist them!
  "CreateDateTimeFormat",
@@ -74,11 +85,6 @@ THROWS = [
  "GetThreadCount",  # Needs to hit a break point.
  "GetThreadDetails",  # Needs to hit a break point.
  "IsAccessAllowedForObserver",  # Needs access-check-required object.
-  "LiveEditFunctionSourceUpdated",  # Needs a SharedFunctionInfo.
-  "LiveEditPatchFunctionPositions",  # Needs a SharedFunctionInfo.
-  "LiveEditReplaceFunctionCode",  # Needs a SharedFunctionInfo.
-  "LiveEditReplaceRefToNestedFunction",  # Needs a SharedFunctionInfo.
-  "LiveEditRestartFrame",  # Needs to hit a break point.
  "UnblockConcurrentRecompilation"  # Needs --block-concurrent-recompilation.
 ]

@@ -91,7 +97,6 @@ _DATETIME_FORMAT = (
    "%GetImplFromInitializedIntlObject(new Intl.DateTimeFormat('en-US'))")
 _NUMBER_FORMAT = (
    "%GetImplFromInitializedIntlObject(new Intl.NumberFormat('en-US'))")
-_SCRIPT = "%DebugGetLoadedScripts()[1]"


 # Custom definitions for function input that does not throw.
@@ -112,7 +117,6 @@ CUSTOM_KNOWN_GOOD_INPUT = {
  "CreatePrivateSymbol": ["\"foo\"", None],
  "CreateSymbol": ["\"foo\"", None],
  "DateParseString": [None, "new Array(8)", None],
-  "DebugSetScriptSource": [_SCRIPT, None, None],
  "DefineOrRedefineAccessorProperty": [None, None, "function() {}",
                                       "function() {}", 2, None],
  "GetBreakLocations": [None, 0, None],
@@ -124,8 +128,6 @@ CUSTOM_KNOWN_GOOD_INPUT = {
  "InternalNumberFormat": [_NUMBER_FORMAT, None, None],
  "InternalNumberParse": [_NUMBER_FORMAT, None, None],
  "IsSloppyModeFunction": ["function() {}", None],
-  "LiveEditFindSharedFunctionInfosForScript": [_SCRIPT, None],
-  "LiveEditGatherCompileInfo": [_SCRIPT, None, None],
  "LoadMutableDouble": ["{foo: 1.2}", None, None],
  "NewObjectFromBound": ["(function() {}).bind({})", None],
  "NumberToRadixString": [None, "2", None],
@@ -136,7 +138,6 @@ CUSTOM_KNOWN_GOOD_INPUT = {
  "SetCreateIterator": [None, "2", None],
  "SetDebugEventListener": ["undefined", None, None],
  "SetFunctionBreakPoint": [None, 200, None, None],
-  "SetScriptBreakPoint": [_SCRIPT, None, 0, None, None],
  "StringBuilderConcat": ["[1, 2, 3]", 3, None, None],
  "StringBuilderJoin": ["['a', 'b']", 4, None, None],
  "StringMatch": [None, None, "['a', 'b']", None],
@@ -497,6 +498,8 @@ if __name__ == "__main__":
        for f in unexpected_files:
          print("Unexpected testcase: %s" % os.path.join(BASEPATH, f))
          error = True
+        print("Run '%s generate' to automatically clean these up."
+              % THIS_SCRIPT)
    CheckTestcasesExisting(js_fuzzable_functions)

    if error: