Line data Source code
1 : // Copyright 2016 the V8 project authors. All rights reserved.
2 : // Use of this source code is governed by a BSD-style license that can be
3 : // found in the LICENSE file.
4 :
5 : #include "src/builtins/builtins-utils.h"
6 : #include "src/builtins/builtins.h"
7 : #include "src/code-factory.h"
8 : #include "src/compiler.h"
9 : #include "src/conversions.h"
10 : #include "src/counters.h"
11 : #include "src/lookup.h"
12 : #include "src/objects-inl.h"
13 : #include "src/string-builder.h"
14 :
15 : namespace v8 {
16 : namespace internal {
17 :
18 : namespace {
19 :
20 : // ES6 section 19.2.1.1.1 CreateDynamicFunction
21 1797736 : MaybeHandle<Object> CreateDynamicFunction(Isolate* isolate,
22 : BuiltinArguments args,
23 : const char* token) {
24 : // Compute number of arguments, ignoring the receiver.
25 : DCHECK_LE(1, args.length());
26 1797736 : int const argc = args.length() - 1;
27 :
28 : Handle<JSFunction> target = args.target();
29 : Handle<JSObject> target_global_proxy(target->global_proxy(), isolate);
30 :
31 1797736 : if (!Builtins::AllowDynamicFunction(isolate, target, target_global_proxy)) {
32 300 : isolate->CountUsage(v8::Isolate::kFunctionConstructorReturnedUndefined);
33 : return isolate->factory()->undefined_value();
34 : }
35 :
36 : // Build the source string.
37 : Handle<String> source;
38 : int parameters_end_pos = kNoSourcePosition;
39 : {
40 1797436 : IncrementalStringBuilder builder(isolate);
41 : builder.AppendCharacter('(');
42 : builder.AppendCString(token);
43 1797436 : if (FLAG_harmony_function_tostring) {
44 : builder.AppendCString(" anonymous(");
45 : } else {
46 : builder.AppendCharacter('(');
47 : }
48 : bool parenthesis_in_arg_string = false;
49 1797436 : if (argc > 1) {
50 1695854 : for (int i = 1; i < argc; ++i) {
51 1695854 : if (i > 1) builder.AppendCharacter(',');
52 : Handle<String> param;
53 3391708 : ASSIGN_RETURN_ON_EXCEPTION(
54 : isolate, param, Object::ToString(isolate, args.at(i)), Object);
55 1695854 : param = String::Flatten(param);
56 1695854 : builder.AppendString(param);
57 1695854 : if (!FLAG_harmony_function_tostring) {
58 : // If the formal parameters string include ) - an illegal
59 : // character - it may make the combined function expression
60 : // compile. We avoid this problem by checking for this early on.
61 : DisallowHeapAllocation no_gc; // Ensure vectors stay valid.
62 1695545 : String::FlatContent param_content = param->GetFlatContent();
63 8295041 : for (int i = 0, length = param->length(); i < length; ++i) {
64 13199052 : if (param_content.Get(i) == ')') {
65 : parenthesis_in_arg_string = true;
66 : break;
67 : }
68 : }
69 : }
70 : }
71 1692832 : if (!FLAG_harmony_function_tostring) {
72 : // If the formal parameters include an unbalanced block comment, the
73 : // function must be rejected. Since JavaScript does not allow nested
74 : // comments we can include a trailing block comment to catch this.
75 : builder.AppendCString("\n/*``*/");
76 : }
77 : }
78 1797436 : if (FLAG_harmony_function_tostring) {
79 : builder.AppendCharacter('\n');
80 : parameters_end_pos = builder.Length();
81 : }
82 : builder.AppendCString(") {\n");
83 1797436 : if (argc > 0) {
84 : Handle<String> body;
85 3586482 : ASSIGN_RETURN_ON_EXCEPTION(
86 : isolate, body, Object::ToString(isolate, args.at(argc)), Object);
87 1793241 : builder.AppendString(body);
88 : }
89 : builder.AppendCString("\n})");
90 3594872 : ASSIGN_RETURN_ON_EXCEPTION(isolate, source, builder.Finish(), Object);
91 :
92 : // The SyntaxError must be thrown after all the (observable) ToString
93 : // conversions are done.
94 1797436 : if (parenthesis_in_arg_string) {
95 60 : THROW_NEW_ERROR(isolate,
96 : NewSyntaxError(MessageTemplate::kParenthesisInArgString),
97 : Object);
98 : }
99 : }
100 :
101 : // Compile the string in the constructor and not a helper so that errors to
102 : // come from here.
103 : Handle<JSFunction> function;
104 : {
105 3594812 : ASSIGN_RETURN_ON_EXCEPTION(
106 : isolate, function,
107 : Compiler::GetFunctionFromString(
108 : handle(target->native_context(), isolate), source,
109 : ONLY_SINGLE_FUNCTION_LITERAL, parameters_end_pos),
110 : Object);
111 : Handle<Object> result;
112 3587062 : ASSIGN_RETURN_ON_EXCEPTION(
113 : isolate, result,
114 : Execution::Call(isolate, function, target_global_proxy, 0, nullptr),
115 : Object);
116 : function = Handle<JSFunction>::cast(result);
117 1793531 : function->shared()->set_name_should_print_as_anonymous(true);
118 : }
119 :
120 : // If new.target is equal to target then the function created
121 : // is already correctly setup and nothing else should be done
122 : // here. But if new.target is not equal to target then we are
123 : // have a Function builtin subclassing case and therefore the
124 : // function has wrong initial map. To fix that we create a new
125 : // function object with correct initial map.
126 : Handle<Object> unchecked_new_target = args.new_target();
127 1986742 : if (!unchecked_new_target->IsUndefined(isolate) &&
128 : !unchecked_new_target.is_identical_to(target)) {
129 : Handle<JSReceiver> new_target =
130 731 : Handle<JSReceiver>::cast(unchecked_new_target);
131 : Handle<Map> initial_map;
132 1462 : ASSIGN_RETURN_ON_EXCEPTION(
133 : isolate, initial_map,
134 : JSFunction::GetDerivedMap(isolate, target, new_target), Object);
135 :
136 : Handle<SharedFunctionInfo> shared_info(function->shared(), isolate);
137 : Handle<Map> map = Map::AsLanguageMode(
138 1462 : initial_map, shared_info->language_mode(), shared_info->kind());
139 :
140 : Handle<Context> context(function->context(), isolate);
141 : function = isolate->factory()->NewFunctionFromSharedFunctionInfo(
142 731 : map, shared_info, context, NOT_TENURED);
143 : }
144 : return function;
145 : }
146 :
147 : } // namespace
148 :
149 : // ES6 section 19.2.1.1 Function ( p1, p2, ... , pn, body )
150 5378271 : BUILTIN(FunctionConstructor) {
151 : HandleScope scope(isolate);
152 : Handle<Object> result;
153 3585514 : ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
154 : isolate, result, CreateDynamicFunction(isolate, args, "function"));
155 1791225 : return *result;
156 : }
157 :
158 : // ES6 section 25.2.1.1 GeneratorFunction (p1, p2, ... , pn, body)
159 5859 : BUILTIN(GeneratorFunctionConstructor) {
160 : HandleScope scope(isolate);
161 4733 : RETURN_RESULT_OR_FAILURE(isolate,
162 : CreateDynamicFunction(isolate, args, "function*"));
163 : }
164 :
165 5634 : BUILTIN(AsyncFunctionConstructor) {
166 : HandleScope scope(isolate);
167 : Handle<Object> maybe_func;
168 3756 : ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
169 : isolate, maybe_func,
170 : CreateDynamicFunction(isolate, args, "async function"));
171 631 : if (!maybe_func->IsJSFunction()) return *maybe_func;
172 :
173 : // Do not lazily compute eval position for AsyncFunction, as they may not be
174 : // determined after the function is resumed.
175 : Handle<JSFunction> func = Handle<JSFunction>::cast(maybe_func);
176 : Handle<Script> script = handle(Script::cast(func->shared()->script()));
177 631 : int position = script->GetEvalPosition();
178 : USE(position);
179 :
180 631 : return *func;
181 : }
182 :
183 3444 : BUILTIN(AsyncGeneratorFunctionConstructor) {
184 : HandleScope scope(isolate);
185 : Handle<Object> maybe_func;
186 2296 : ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
187 : isolate, maybe_func,
188 : CreateDynamicFunction(isolate, args, "async function*"));
189 1148 : if (!maybe_func->IsJSFunction()) return *maybe_func;
190 :
191 : // Do not lazily compute eval position for AsyncFunction, as they may not be
192 : // determined after the function is resumed.
193 : Handle<JSFunction> func = Handle<JSFunction>::cast(maybe_func);
194 : Handle<Script> script = handle(Script::cast(func->shared()->script()));
195 1148 : int position = script->GetEvalPosition();
196 : USE(position);
197 :
198 1148 : return *func;
199 : }
200 :
201 : namespace {
202 :
203 1128 : Object* DoFunctionBind(Isolate* isolate, BuiltinArguments args) {
204 : HandleScope scope(isolate);
205 : DCHECK_LE(1, args.length());
206 1128 : if (!args.receiver()->IsCallable()) {
207 86 : THROW_NEW_ERROR_RETURN_FAILURE(
208 : isolate, NewTypeError(MessageTemplate::kFunctionBind));
209 : }
210 :
211 : // Allocate the bound function with the given {this_arg} and {args}.
212 : Handle<JSReceiver> target = args.at<JSReceiver>(0);
213 : Handle<Object> this_arg = isolate->factory()->undefined_value();
214 3255 : ScopedVector<Handle<Object>> argv(std::max(0, args.length() - 2));
215 1085 : if (args.length() > 1) {
216 1085 : this_arg = args.at(1);
217 1693 : for (int i = 2; i < args.length(); ++i) {
218 1216 : argv[i - 2] = args.at(i);
219 : }
220 : }
221 : Handle<JSBoundFunction> function;
222 2170 : ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
223 : isolate, function,
224 : isolate->factory()->NewJSBoundFunction(target, this_arg, argv));
225 :
226 : LookupIterator length_lookup(target, isolate->factory()->length_string(),
227 1085 : target, LookupIterator::OWN);
228 : // Setup the "length" property based on the "length" of the {target}.
229 : // If the targets length is the default JSFunction accessor, we can keep the
230 : // accessor that's installed by default on the JSBoundFunction. It lazily
231 : // computes the value from the underlying internal length.
232 2170 : if (!target->IsJSFunction() ||
233 1208 : length_lookup.state() != LookupIterator::ACCESSOR ||
234 1331 : !length_lookup.GetAccessors()->IsAccessorInfo()) {
235 : Handle<Object> length(Smi::kZero, isolate);
236 : Maybe<PropertyAttributes> attributes =
237 962 : JSReceiver::GetPropertyAttributes(&length_lookup);
238 962 : if (!attributes.IsJust()) return isolate->heap()->exception();
239 962 : if (attributes.FromJust() != ABSENT) {
240 : Handle<Object> target_length;
241 1924 : ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, target_length,
242 : Object::GetProperty(&length_lookup));
243 962 : if (target_length->IsNumber()) {
244 : length = isolate->factory()->NewNumber(std::max(
245 1896 : 0.0, DoubleToInteger(target_length->Number()) - argv.length()));
246 : }
247 : }
248 962 : LookupIterator it(function, isolate->factory()->length_string(), function);
249 : DCHECK_EQ(LookupIterator::ACCESSOR, it.state());
250 1924 : RETURN_FAILURE_ON_EXCEPTION(isolate,
251 : JSObject::DefineOwnPropertyIgnoreAttributes(
252 : &it, length, it.property_attributes()));
253 : }
254 :
255 : // Setup the "name" property based on the "name" of the {target}.
256 : // If the targets name is the default JSFunction accessor, we can keep the
257 : // accessor that's installed by default on the JSBoundFunction. It lazily
258 : // computes the value from the underlying internal name.
259 : LookupIterator name_lookup(target, isolate->factory()->name_string(), target,
260 1085 : LookupIterator::OWN);
261 2185 : if (!target->IsJSFunction() ||
262 1193 : name_lookup.state() != LookupIterator::ACCESSOR ||
263 1301 : !name_lookup.GetAccessors()->IsAccessorInfo()) {
264 : Handle<Object> target_name;
265 1954 : ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, target_name,
266 : Object::GetProperty(&name_lookup));
267 : Handle<String> name;
268 977 : if (target_name->IsString()) {
269 1784 : ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
270 : isolate, name,
271 : Name::ToFunctionName(Handle<String>::cast(target_name)));
272 1784 : ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
273 : isolate, name, isolate->factory()->NewConsString(
274 : isolate->factory()->bound__string(), name));
275 : } else {
276 : name = isolate->factory()->bound__string();
277 : }
278 977 : LookupIterator it(function, isolate->factory()->name_string());
279 : DCHECK_EQ(LookupIterator::ACCESSOR, it.state());
280 1954 : RETURN_FAILURE_ON_EXCEPTION(isolate,
281 : JSObject::DefineOwnPropertyIgnoreAttributes(
282 : &it, name, it.property_attributes()));
283 : }
284 1085 : return *function;
285 : }
286 :
287 : } // namespace
288 :
289 : // ES6 section 19.2.3.2 Function.prototype.bind ( thisArg, ...args )
290 2256 : BUILTIN(FunctionPrototypeBind) { return DoFunctionBind(isolate, args); }
291 :
292 : // TODO(verwaest): This is a temporary helper until the FastFunctionBind stub
293 : // can tailcall to the builtin directly.
294 0 : RUNTIME_FUNCTION(Runtime_FunctionBind) {
295 : DCHECK_EQ(2, args.length());
296 0 : Arguments* incoming = reinterpret_cast<Arguments*>(args[0]);
297 : // Rewrap the arguments as builtins arguments.
298 0 : int argc = incoming->length() + BuiltinArguments::kNumExtraArgsWithReceiver;
299 0 : BuiltinArguments caller_args(argc, incoming->arguments() + 1);
300 0 : return DoFunctionBind(isolate, caller_args);
301 : }
302 :
303 : // ES6 section 19.2.3.5 Function.prototype.toString ( )
304 7909332 : BUILTIN(FunctionPrototypeToString) {
305 : HandleScope scope(isolate);
306 : Handle<Object> receiver = args.receiver();
307 2636444 : if (receiver->IsJSBoundFunction()) {
308 162 : return *JSBoundFunction::ToString(Handle<JSBoundFunction>::cast(receiver));
309 2636363 : } else if (receiver->IsJSFunction()) {
310 5272072 : return *JSFunction::ToString(Handle<JSFunction>::cast(receiver));
311 : }
312 981 : THROW_NEW_ERROR_RETURN_FAILURE(
313 : isolate, NewTypeError(MessageTemplate::kNotGeneric,
314 : isolate->factory()->NewStringFromAsciiChecked(
315 : "Function.prototype.toString"),
316 : isolate->factory()->Function_string()));
317 : }
318 :
319 : } // namespace internal
320 : } // namespace v8
|
