Line data Source code
1 : // Copyright 2016 the V8 project authors. All rights reserved.
2 : // Use of this source code is governed by a BSD-style license that can be
3 : // found in the LICENSE file.
4 :
5 : #include "src/api-arguments-inl.h"
6 : #include "src/api-natives.h"
7 : #include "src/builtins/builtins-utils-inl.h"
8 : #include "src/builtins/builtins.h"
9 : #include "src/counters.h"
10 : #include "src/log.h"
11 : #include "src/objects-inl.h"
12 : #include "src/objects/templates.h"
13 : #include "src/prototype.h"
14 : #include "src/visitors.h"
15 :
16 : namespace v8 {
17 : namespace internal {
18 :
19 : namespace {
20 :
21 : // Returns the holder JSObject if the function can legally be called with this
22 : // receiver. Returns nullptr if the call is illegal.
23 : // TODO(dcarney): CallOptimization duplicates this logic, merge.
24 2206523 : JSReceiver GetCompatibleReceiver(Isolate* isolate, FunctionTemplateInfo info,
25 : JSReceiver receiver) {
26 : Object recv_type = info->signature();
27 : // No signature, return holder.
28 2206523 : if (!recv_type->IsFunctionTemplateInfo()) return receiver;
29 : // A Proxy cannot have been created from the signature template.
30 3822 : if (!receiver->IsJSObject()) return JSReceiver();
31 :
32 : JSObject js_obj_receiver = JSObject::cast(receiver);
33 3822 : FunctionTemplateInfo signature = FunctionTemplateInfo::cast(recv_type);
34 :
35 : // Check the receiver. Fast path for receivers with no hidden prototypes.
36 3822 : if (signature->IsTemplateFor(js_obj_receiver)) return receiver;
37 621 : if (!js_obj_receiver->map()->has_hidden_prototype()) return JSReceiver();
38 109 : for (PrototypeIterator iter(isolate, js_obj_receiver, kStartAtPrototype,
39 : PrototypeIterator::END_AT_NON_HIDDEN);
40 10 : !iter.IsAtEnd(); iter.Advance()) {
41 : JSObject current = iter.GetCurrent<JSObject>();
42 89 : if (signature->IsTemplateFor(current)) return current;
43 : }
44 10 : return JSReceiver();
45 : }
46 :
47 : template <bool is_construct>
48 2505082 : V8_WARN_UNUSED_RESULT MaybeHandle<Object> HandleApiCallHelper(
49 : Isolate* isolate, Handle<HeapObject> function,
50 : Handle<HeapObject> new_target, Handle<FunctionTemplateInfo> fun_data,
51 : Handle<Object> receiver, BuiltinArguments args) {
52 : Handle<JSReceiver> js_receiver;
53 : JSReceiver raw_holder;
54 : if (is_construct) {
55 : DCHECK(args.receiver()->IsTheHole(isolate));
56 298554 : if (fun_data->GetInstanceTemplate()->IsUndefined(isolate)) {
57 : v8::Local<ObjectTemplate> templ =
58 : ObjectTemplate::New(reinterpret_cast<v8::Isolate*>(isolate),
59 356 : ToApiHandle<v8::FunctionTemplate>(fun_data));
60 356 : FunctionTemplateInfo::SetInstanceTemplate(isolate, fun_data,
61 : Utils::OpenHandle(*templ));
62 : }
63 : Handle<ObjectTemplateInfo> instance_template(
64 : ObjectTemplateInfo::cast(fun_data->GetInstanceTemplate()), isolate);
65 597107 : ASSIGN_RETURN_ON_EXCEPTION(
66 : isolate, js_receiver,
67 : ApiNatives::InstantiateObject(isolate, instance_template,
68 : Handle<JSReceiver>::cast(new_target)),
69 : Object);
70 : args.set_at(0, *js_receiver);
71 : DCHECK_EQ(*js_receiver, *args.receiver());
72 :
73 298553 : raw_holder = *js_receiver;
74 : } else {
75 : DCHECK(receiver->IsJSReceiver());
76 : js_receiver = Handle<JSReceiver>::cast(receiver);
77 :
78 2206590 : if (!fun_data->accept_any_receiver() &&
79 : js_receiver->IsAccessCheckNeeded()) {
80 : // Proxies never need access checks.
81 : DCHECK(js_receiver->IsJSObject());
82 57 : Handle<JSObject> js_obj_receiver = Handle<JSObject>::cast(js_receiver);
83 57 : if (!isolate->MayAccess(handle(isolate->context(), isolate),
84 : js_obj_receiver)) {
85 7 : isolate->ReportFailedAccessCheck(js_obj_receiver);
86 7 : RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
87 2 : return isolate->factory()->undefined_value();
88 : }
89 : }
90 :
91 2206521 : raw_holder = GetCompatibleReceiver(isolate, *fun_data, *js_receiver);
92 :
93 2206522 : if (raw_holder.is_null()) {
94 : // This function cannot be called with the given receiver. Abort!
95 1084 : THROW_NEW_ERROR(
96 : isolate, NewTypeError(MessageTemplate::kIllegalInvocation), Object);
97 : }
98 : }
99 :
100 : Object raw_call_data = fun_data->call_code();
101 2504533 : if (!raw_call_data->IsUndefined(isolate)) {
102 : DCHECK(raw_call_data->IsCallHandlerInfo());
103 : CallHandlerInfo call_data = CallHandlerInfo::cast(raw_call_data);
104 2499984 : Object data_obj = call_data->data();
105 :
106 : FunctionCallbackArguments custom(isolate, data_obj, *function, raw_holder,
107 : *new_target, args.address_of_arg_at(1),
108 4999968 : args.length() - 1);
109 2499983 : Handle<Object> result = custom.Call(call_data);
110 :
111 2499984 : RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
112 2471027 : if (result.is_null()) {
113 721 : if (is_construct) return js_receiver;
114 1229827 : return isolate->factory()->undefined_value();
115 : }
116 : // Rebox the result.
117 : result->VerifyApiCallResultType();
118 273578 : if (!is_construct || result->IsJSReceiver())
119 1240196 : return handle(*result, isolate);
120 : }
121 :
122 4832 : return js_receiver;
123 : }
124 :
125 : } // anonymous namespace
126 :
127 11974100 : BUILTIN(HandleApiCall) {
128 : HandleScope scope(isolate);
129 : Handle<JSFunction> function = args.target();
130 2390811 : Handle<Object> receiver = args.receiver();
131 : Handle<HeapObject> new_target = args.new_target();
132 : Handle<FunctionTemplateInfo> fun_data(function->shared()->get_api_func_data(),
133 : isolate);
134 2390813 : if (new_target->IsJSReceiver()) {
135 615421 : RETURN_RESULT_OR_FAILURE(
136 : isolate, HandleApiCallHelper<true>(isolate, function, new_target,
137 : fun_data, receiver, args));
138 : } else {
139 4195269 : RETURN_RESULT_OR_FAILURE(
140 : isolate, HandleApiCallHelper<false>(isolate, function, new_target,
141 : fun_data, receiver, args));
142 : }
143 : }
144 :
145 : namespace {
146 :
147 228544 : class RelocatableArguments : public BuiltinArguments, public Relocatable {
148 : public:
149 : RelocatableArguments(Isolate* isolate, int length, Address* arguments)
150 114270 : : BuiltinArguments(length, arguments), Relocatable(isolate) {}
151 :
152 78 : inline void IterateInstance(RootVisitor* v) override {
153 78 : if (length() == 0) return;
154 : v->VisitRootPointers(Root::kRelocatable, nullptr, first_slot(),
155 156 : last_slot() + 1);
156 : }
157 :
158 : private:
159 : DISALLOW_COPY_AND_ASSIGN(RelocatableArguments);
160 : };
161 :
162 : } // namespace
163 :
164 114270 : MaybeHandle<Object> Builtins::InvokeApiFunction(Isolate* isolate,
165 : bool is_construct,
166 : Handle<HeapObject> function,
167 : Handle<Object> receiver,
168 : int argc, Handle<Object> args[],
169 : Handle<HeapObject> new_target) {
170 : RuntimeCallTimerScope timer(isolate,
171 114270 : RuntimeCallCounterId::kInvokeApiFunction);
172 : DCHECK(function->IsFunctionTemplateInfo() ||
173 : (function->IsJSFunction() &&
174 : JSFunction::cast(*function)->shared()->IsApiFunction()));
175 :
176 : // Do proper receiver conversion for non-strict mode api functions.
177 227771 : if (!is_construct && !receiver->IsJSReceiver()) {
178 228 : if (function->IsFunctionTemplateInfo() ||
179 : is_sloppy(JSFunction::cast(*function)->shared()->language_mode())) {
180 264 : ASSIGN_RETURN_ON_EXCEPTION(isolate, receiver,
181 : Object::ConvertReceiver(isolate, receiver),
182 : Object);
183 : }
184 : }
185 :
186 : // We assume that all lazy accessor pairs have been instantiated when setting
187 : // a break point on any API function.
188 : DCHECK_IMPLIES(function->IsFunctionTemplateInfo(),
189 : !Handle<FunctionTemplateInfo>::cast(function)->BreakAtEntry());
190 :
191 : Handle<FunctionTemplateInfo> fun_data =
192 : function->IsFunctionTemplateInfo()
193 : ? Handle<FunctionTemplateInfo>::cast(function)
194 : : handle(JSFunction::cast(*function)->shared()->get_api_func_data(),
195 127081 : isolate);
196 : // Construct BuiltinArguments object:
197 : // new target, function, arguments reversed, receiver.
198 : const int kBufferSize = 32;
199 : Address small_argv[kBufferSize];
200 : Address* argv;
201 114269 : const int frame_argc = argc + BuiltinArguments::kNumExtraArgsWithReceiver;
202 114269 : if (frame_argc <= kBufferSize) {
203 : argv = small_argv;
204 : } else {
205 0 : argv = new Address[frame_argc];
206 : }
207 114270 : int cursor = frame_argc - 1;
208 228540 : argv[cursor--] = receiver->ptr();
209 116608 : for (int i = 0; i < argc; ++i) {
210 2338 : argv[cursor--] = args[i]->ptr();
211 : }
212 : DCHECK_EQ(cursor, BuiltinArguments::kPaddingOffset);
213 : argv[BuiltinArguments::kPaddingOffset] =
214 114270 : ReadOnlyRoots(isolate).the_hole_value()->ptr();
215 114270 : argv[BuiltinArguments::kArgcOffset] = Smi::FromInt(frame_argc)->ptr();
216 114270 : argv[BuiltinArguments::kTargetOffset] = function->ptr();
217 114270 : argv[BuiltinArguments::kNewTargetOffset] = new_target->ptr();
218 : MaybeHandle<Object> result;
219 : {
220 114270 : RelocatableArguments arguments(isolate, frame_argc, &argv[frame_argc - 1]);
221 114270 : if (is_construct) {
222 : result = HandleApiCallHelper<true>(isolate, function, new_target,
223 768 : fun_data, receiver, arguments);
224 : } else {
225 : result = HandleApiCallHelper<false>(isolate, function, new_target,
226 113502 : fun_data, receiver, arguments);
227 : }
228 : }
229 114272 : if (argv != small_argv) delete[] argv;
230 114272 : return result;
231 : }
232 :
233 : // Helper function to handle calls to non-function objects created through the
234 : // API. The object can be called as either a constructor (using new) or just as
235 : // a function (without new).
236 232 : V8_WARN_UNUSED_RESULT static Object HandleApiCallAsFunctionOrConstructor(
237 : Isolate* isolate, bool is_construct_call, BuiltinArguments args) {
238 : Handle<Object> receiver = args.receiver();
239 :
240 : // Get the object called.
241 : JSObject obj = JSObject::cast(*receiver);
242 :
243 : // Set the new target.
244 : HeapObject new_target;
245 232 : if (is_construct_call) {
246 : // TODO(adamk): This should be passed through in args instead of
247 : // being patched in here. We need to set a non-undefined value
248 : // for v8::FunctionCallbackInfo::IsConstructCall() to get the
249 : // right answer.
250 18 : new_target = obj;
251 : } else {
252 214 : new_target = ReadOnlyRoots(isolate).undefined_value();
253 : }
254 :
255 : // Get the invocation callback from the function descriptor that was
256 : // used to create the called object.
257 : DCHECK(obj->map()->is_callable());
258 232 : JSFunction constructor = JSFunction::cast(obj->map()->GetConstructor());
259 : DCHECK(constructor->shared()->IsApiFunction());
260 : Object handler =
261 : constructor->shared()->get_api_func_data()->GetInstanceCallHandler();
262 : DCHECK(!handler->IsUndefined(isolate));
263 : CallHandlerInfo call_data = CallHandlerInfo::cast(handler);
264 :
265 : // Get the data for the call and perform the callback.
266 : Object result;
267 : {
268 : HandleScope scope(isolate);
269 232 : LOG(isolate, ApiObjectAccess("call non-function", obj));
270 : FunctionCallbackArguments custom(isolate, call_data->data(), constructor,
271 : obj, new_target, args.address_of_arg_at(1),
272 464 : args.length() - 1);
273 232 : Handle<Object> result_handle = custom.Call(call_data);
274 232 : if (result_handle.is_null()) {
275 : result = ReadOnlyRoots(isolate).undefined_value();
276 : } else {
277 : result = *result_handle;
278 : }
279 : }
280 : // Check for exceptions and return result.
281 232 : RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
282 220 : return result;
283 : }
284 :
285 : // Handle calls to non-function objects created through the API. This delegate
286 : // function is used when the call is a normal function call.
287 428 : BUILTIN(HandleApiCallAsFunction) {
288 214 : return HandleApiCallAsFunctionOrConstructor(isolate, false, args);
289 : }
290 :
291 : // Handle calls to non-function objects created through the API. This delegate
292 : // function is used when the call is a construct call.
293 36 : BUILTIN(HandleApiCallAsConstructor) {
294 18 : return HandleApiCallAsFunctionOrConstructor(isolate, true, args);
295 : }
296 :
297 : } // namespace internal
298 121996 : } // namespace v8
|