Commit f4f06c50 authored by cbruni's avatar cbruni Committed by Commit bot

[keys] Trigger [[getOwnPropertyDescriptor]] trap on proxies for Object.keys

This CL fixes a long-standing bug with Object.keys where the enumerability
check was omitted if the [ownKeys] trap is not present. The only distinction the
KeyAccumulator needs is whether it collects keys for for-in (is_for_in_) or not.
ForInFilter performs a separate step to filter out non-enumerable keys later-on
while in all the other use-cases we have to filter keys.

BUG=v8:1543, v8:5250

Review-Url: https://codereview.chromium.org/2176113009
Cr-Commit-Position: refs/heads/master@{#38199}
parent 5d49286c
...@@ -35,10 +35,9 @@ static bool ContainsOnlyValidKeys(Handle<FixedArray> array) { ...@@ -35,10 +35,9 @@ static bool ContainsOnlyValidKeys(Handle<FixedArray> array) {
// static // static
MaybeHandle<FixedArray> KeyAccumulator::GetKeys( MaybeHandle<FixedArray> KeyAccumulator::GetKeys(
Handle<JSReceiver> object, KeyCollectionMode mode, PropertyFilter filter, Handle<JSReceiver> object, KeyCollectionMode mode, PropertyFilter filter,
GetKeysConversion keys_conversion, bool filter_proxy_keys, bool is_for_in) { GetKeysConversion keys_conversion, bool is_for_in) {
Isolate* isolate = object->GetIsolate(); Isolate* isolate = object->GetIsolate();
FastKeyAccumulator accumulator(isolate, object, mode, filter); FastKeyAccumulator accumulator(isolate, object, mode, filter);
accumulator.set_filter_proxy_keys(filter_proxy_keys);
accumulator.set_is_for_in(is_for_in); accumulator.set_is_for_in(is_for_in);
return accumulator.GetKeys(keys_conversion); return accumulator.GetKeys(keys_conversion);
} }
...@@ -135,17 +134,17 @@ MaybeHandle<FixedArray> FilterProxyKeys(KeyAccumulator* accumulator, ...@@ -135,17 +134,17 @@ MaybeHandle<FixedArray> FilterProxyKeys(KeyAccumulator* accumulator,
// Returns "nothing" in case of exception, "true" on success. // Returns "nothing" in case of exception, "true" on success.
Maybe<bool> KeyAccumulator::AddKeysFromJSProxy(Handle<JSProxy> proxy, Maybe<bool> KeyAccumulator::AddKeysFromJSProxy(Handle<JSProxy> proxy,
Handle<FixedArray> keys) { Handle<FixedArray> keys) {
if (filter_proxy_keys_) { // Postpone the enumerable check for for-in to the ForInFilter step.
DCHECK(!is_for_in_); if (!is_for_in_) {
ASSIGN_RETURN_ON_EXCEPTION_VALUE( ASSIGN_RETURN_ON_EXCEPTION_VALUE(
isolate_, keys, FilterProxyKeys(this, proxy, keys, filter_), isolate_, keys, FilterProxyKeys(this, proxy, keys, filter_),
Nothing<bool>()); Nothing<bool>());
} if (mode_ == KeyCollectionMode::kOwnOnly) {
if (mode_ == KeyCollectionMode::kOwnOnly && !is_for_in_) { // If we collect only the keys from a JSProxy do not sort or deduplicate.
// If we collect only the keys from a JSProxy do not sort or deduplicate it.
keys_ = keys; keys_ = keys;
return Just(true); return Just(true);
} }
}
AddKeys(keys, is_for_in_ ? CONVERT_TO_ARRAY_INDEX : DO_NOT_CONVERT); AddKeys(keys, is_for_in_ ? CONVERT_TO_ARRAY_INDEX : DO_NOT_CONVERT);
return Just(true); return Just(true);
} }
...@@ -444,7 +443,6 @@ MaybeHandle<FixedArray> FastKeyAccumulator::GetKeysFast( ...@@ -444,7 +443,6 @@ MaybeHandle<FixedArray> FastKeyAccumulator::GetKeysFast(
MaybeHandle<FixedArray> FastKeyAccumulator::GetKeysSlow( MaybeHandle<FixedArray> FastKeyAccumulator::GetKeysSlow(
GetKeysConversion keys_conversion) { GetKeysConversion keys_conversion) {
KeyAccumulator accumulator(isolate_, mode_, filter_); KeyAccumulator accumulator(isolate_, mode_, filter_);
accumulator.set_filter_proxy_keys(filter_proxy_keys_);
accumulator.set_is_for_in(is_for_in_); accumulator.set_is_for_in(is_for_in_);
accumulator.set_last_non_empty_prototype(last_non_empty_prototype_); accumulator.set_last_non_empty_prototype(last_non_empty_prototype_);
...@@ -860,13 +858,9 @@ Maybe<bool> KeyAccumulator::CollectOwnJSProxyTargetKeys( ...@@ -860,13 +858,9 @@ Maybe<bool> KeyAccumulator::CollectOwnJSProxyTargetKeys(
ASSIGN_RETURN_ON_EXCEPTION_VALUE( ASSIGN_RETURN_ON_EXCEPTION_VALUE(
isolate_, keys, isolate_, keys,
KeyAccumulator::GetKeys(target, KeyCollectionMode::kOwnOnly, filter_, KeyAccumulator::GetKeys(target, KeyCollectionMode::kOwnOnly, filter_,
GetKeysConversion::kConvertToString, GetKeysConversion::kConvertToString, is_for_in_),
filter_proxy_keys_, is_for_in_),
Nothing<bool>()); Nothing<bool>());
bool prev_filter_proxy_keys_ = filter_proxy_keys_;
filter_proxy_keys_ = false;
Maybe<bool> result = AddKeysFromJSProxy(proxy, keys); Maybe<bool> result = AddKeysFromJSProxy(proxy, keys);
filter_proxy_keys_ = prev_filter_proxy_keys_;
return result; return result;
} }
......
...@@ -39,7 +39,7 @@ class KeyAccumulator final BASE_EMBEDDED { ...@@ -39,7 +39,7 @@ class KeyAccumulator final BASE_EMBEDDED {
static MaybeHandle<FixedArray> GetKeys( static MaybeHandle<FixedArray> GetKeys(
Handle<JSReceiver> object, KeyCollectionMode mode, PropertyFilter filter, Handle<JSReceiver> object, KeyCollectionMode mode, PropertyFilter filter,
GetKeysConversion keys_conversion = GetKeysConversion::kKeepNumbers, GetKeysConversion keys_conversion = GetKeysConversion::kKeepNumbers,
bool filter_proxy_keys = true, bool is_for_in = false); bool is_for_in = false);
Handle<FixedArray> GetKeys( Handle<FixedArray> GetKeys(
GetKeysConversion convert = GetKeysConversion::kKeepNumbers); GetKeysConversion convert = GetKeysConversion::kKeepNumbers);
...@@ -69,7 +69,6 @@ class KeyAccumulator final BASE_EMBEDDED { ...@@ -69,7 +69,6 @@ class KeyAccumulator final BASE_EMBEDDED {
// The collection mode defines whether we collect the keys from the prototype // The collection mode defines whether we collect the keys from the prototype
// chain or only look at the receiver. // chain or only look at the receiver.
KeyCollectionMode mode() { return mode_; } KeyCollectionMode mode() { return mode_; }
void set_filter_proxy_keys(bool filter) { filter_proxy_keys_ = filter; }
// In case of for-in loops we have to treat JSProxy keys differently and // In case of for-in loops we have to treat JSProxy keys differently and
// deduplicate them. Additionally we convert JSProxy keys back to array // deduplicate them. Additionally we convert JSProxy keys back to array
// indices. // indices.
...@@ -108,7 +107,6 @@ class KeyAccumulator final BASE_EMBEDDED { ...@@ -108,7 +107,6 @@ class KeyAccumulator final BASE_EMBEDDED {
Handle<ObjectHashSet> shadowing_keys_; Handle<ObjectHashSet> shadowing_keys_;
KeyCollectionMode mode_; KeyCollectionMode mode_;
PropertyFilter filter_; PropertyFilter filter_;
bool filter_proxy_keys_ = true;
bool is_for_in_ = false; bool is_for_in_ = false;
bool skip_indices_ = false; bool skip_indices_ = false;
// For all the keys on the first receiver adding a shadowing key we can skip // For all the keys on the first receiver adding a shadowing key we can skip
...@@ -132,7 +130,6 @@ class FastKeyAccumulator { ...@@ -132,7 +130,6 @@ class FastKeyAccumulator {
bool is_receiver_simple_enum() { return is_receiver_simple_enum_; } bool is_receiver_simple_enum() { return is_receiver_simple_enum_; }
bool has_empty_prototype() { return has_empty_prototype_; } bool has_empty_prototype() { return has_empty_prototype_; }
void set_filter_proxy_keys(bool filter) { filter_proxy_keys_ = filter; }
void set_is_for_in(bool value) { is_for_in_ = value; } void set_is_for_in(bool value) { is_for_in_ = value; }
MaybeHandle<FixedArray> GetKeys( MaybeHandle<FixedArray> GetKeys(
...@@ -148,7 +145,6 @@ class FastKeyAccumulator { ...@@ -148,7 +145,6 @@ class FastKeyAccumulator {
Handle<JSReceiver> last_non_empty_prototype_; Handle<JSReceiver> last_non_empty_prototype_;
KeyCollectionMode mode_; KeyCollectionMode mode_;
PropertyFilter filter_; PropertyFilter filter_;
bool filter_proxy_keys_ = true;
bool is_for_in_ = false; bool is_for_in_ = false;
bool is_receiver_simple_enum_ = false; bool is_receiver_simple_enum_ = false;
bool has_empty_prototype_ = false; bool has_empty_prototype_ = false;
......
...@@ -26,7 +26,6 @@ MaybeHandle<HeapObject> Enumerate(Handle<JSReceiver> receiver) { ...@@ -26,7 +26,6 @@ MaybeHandle<HeapObject> Enumerate(Handle<JSReceiver> receiver) {
FastKeyAccumulator accumulator(isolate, receiver, FastKeyAccumulator accumulator(isolate, receiver,
KeyCollectionMode::kIncludePrototypes, KeyCollectionMode::kIncludePrototypes,
ENUMERABLE_STRINGS); ENUMERABLE_STRINGS);
accumulator.set_filter_proxy_keys(false);
accumulator.set_is_for_in(true); accumulator.set_is_for_in(true);
// Test if we have an enum cache for {receiver}. // Test if we have an enum cache for {receiver}.
if (!accumulator.is_receiver_simple_enum()) { if (!accumulator.is_receiver_simple_enum()) {
......
...@@ -2,14 +2,15 @@ ...@@ -2,14 +2,15 @@
// Use of this source code is governed by a BSD-style license that can be // Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file. // found in the LICENSE file.
var target = { (function testObjectKeys() {
var target = {
target: 1 target: 1
}; };
target.__proto__ = { target.__proto__ = {
target_proto: 2 target_proto: 2
}; };
var handler = { var handler = {
ownKeys: function(target) { ownKeys: function(target) {
return ["foo", "bar", Symbol("baz"), "non-enum", "not-found"]; return ["foo", "bar", Symbol("baz"), "non-enum", "not-found"];
}, },
...@@ -18,29 +19,33 @@ var handler = { ...@@ -18,29 +19,33 @@ var handler = {
if (name == "not-found") return undefined; if (name == "not-found") return undefined;
return {enumerable: true, configurable: true}; return {enumerable: true, configurable: true};
} }
} }
var proxy = new Proxy(target, handler); var proxy = new Proxy(target, handler);
// Object.keys() ignores symbols and non-enumerable keys. // Object.keys() ignores symbols and non-enumerable keys.
assertEquals(["foo", "bar"], Object.keys(proxy)); assertEquals(["foo", "bar"], Object.keys(proxy));
// Edge case: no properties left after filtering. // Edge case: no properties left after filtering.
handler.getOwnPropertyDescriptor = undefined; handler.getOwnPropertyDescriptor = undefined;
assertEquals([], Object.keys(proxy)); assertEquals([], Object.keys(proxy));
// Throwing shouldn't crash. // Throwing shouldn't crash.
handler.getOwnPropertyDescriptor = function() { throw new Number(1); }; handler.getOwnPropertyDescriptor = function() { throw new Number(1); };
assertThrows("Object.keys(proxy)", Number); assertThrows(() => Object.keys(proxy), Number);
// Fall through to target if there is no trap. // Fall through to getOwnPropertyDescriptor if there is no trap.
handler.ownKeys = undefined; handler.ownKeys = undefined;
assertEquals(["target"], Object.keys(proxy)); assertThrows(() => Object.keys(proxy), Number);
assertEquals(["target"], Object.keys(target));
var proxy2 = new Proxy(proxy, {}); // Fall through to target if there is no trap.
assertEquals(["target"], Object.keys(proxy2)); handler.getOwnPropertyDescriptor = undefined;
assertEquals(["target"], Object.keys(proxy));
assertEquals(["target"], Object.keys(target));
var proxy2 = new Proxy(proxy, {});
assertEquals(["target"], Object.keys(proxy2));
})();
(function testForSymbols() { (function testForSymbols() {
var symbol = Symbol(); var symbol = Symbol();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment