nsresult
castNative(JSContext *cx,
XPCWrappedNative *wrapper,
JSObject *curArg,
XPCWrappedNativeTearOff *tearoff,
const nsIID &iid,
void **ppThis,
nsISupports **pThisRef,
MutableHandleValue vp)
{
RootedObject cur(cx, curArg);
if (wrapper) {
nsresult rv = getNativeFromWrapper(cx,wrapper, iid, ppThis, pThisRef,
vp.address());
if (rv != NS_ERROR_NO_INTERFACE)
return rv;
} else if (cur) {
nsISupports *native;
if (!(native = mozilla::dom::UnwrapDOMObjectToISupports(cur))) {
*pThisRef = nullptr;
return NS_ERROR_ILLEGAL_VALUE;
}
if (NS_SUCCEEDED(getNative(native, cur, iid, ppThis, pThisRef, vp.address()))) {
return NS_OK;
}
}
*pThisRef = nullptr;
return NS_ERROR_XPC_BAD_OP_ON_WN_PROTO;
}
bool
GlobalObject::getSelfHostedFunction(JSContext *cx, HandleAtom selfHostedName, HandleAtom name,
unsigned nargs, MutableHandleValue funVal)
{
RootedId shId(cx, AtomToId(selfHostedName));
RootedObject holder(cx, cx->global()->intrinsicsHolder());
if (HasDataProperty(cx, holder, shId, funVal.address()))
return true;
if (!cx->runtime()->maybeWrappedSelfHostedFunction(cx, shId, funVal))
return false;
if (!funVal.isUndefined())
return true;
JSFunction *fun = NewFunction(cx, NullPtr(), nullptr, nargs, JSFunction::INTERPRETED_LAZY,
holder, name, JSFunction::ExtendedFinalizeKind, SingletonObject);
if (!fun)
return false;
fun->setIsSelfHostedBuiltin();
fun->setExtendedSlot(0, StringValue(selfHostedName));
funVal.setObject(*fun);
return JSObject::defineGeneric(cx, holder, shId, funVal, nullptr, nullptr, 0);
}
bool
ChromeObjectWrapper::get(JSContext *cx, HandleObject wrapper,
HandleObject receiver, HandleId id,
MutableHandleValue vp)
{
assertEnteredPolicy(cx, wrapper, id);
vp.setUndefined();
JSPropertyDescriptor desc;
// Only call through to the get trap on the underlying object if we're
// allowed to see the property, and if what we'll find is not on a standard
// prototype.
if (AllowedByBase(cx, wrapper, id, js::Wrapper::GET) &&
!PropIsFromStandardPrototype(cx, wrapper, id))
{
// Call the get trap.
if (!ChromeObjectWrapperBase::get(cx, wrapper, receiver, id, vp))
return false;
// If we found something, we're done.
if (!vp.isUndefined())
return true;
}
// If we have no proto, we're done.
RootedObject wrapperProto(cx);
if (!JS_GetPrototype(cx, wrapper, wrapperProto.address()))
return false;
if (!wrapperProto)
return true;
// Try the prototype.
MOZ_ASSERT(js::IsObjectInContextCompartment(wrapper, cx));
return js::GetGeneric(cx, wrapperProto, receiver, id, vp.address());
}
bool
WatchpointMap::triggerWatchpoint(JSContext* cx, HandleObject obj, HandleId id, MutableHandleValue vp)
{
Map::Ptr p = map.lookup(WatchKey(obj, id));
if (!p || p->value().held)
return true;
AutoEntryHolder holder(cx, map, p);
/* Copy the entry, since GC would invalidate p. */
JSWatchPointHandler handler = p->value().handler;
RootedObject closure(cx, p->value().closure);
/* Determine the property's old value. */
Value old;
old.setUndefined();
if (obj->isNative()) {
NativeObject* nobj = &obj->as<NativeObject>();
if (Shape* shape = nobj->lookup(cx, id)) {
if (shape->hasSlot())
old = nobj->getSlot(shape->slot());
}
}
// Read barrier to prevent an incorrectly gray closure from escaping the
// watchpoint. See the comment before UnmarkGrayChildren in gc/Marking.cpp
JS::ExposeObjectToActiveJS(closure);
/* Call the handler. */
return handler(cx, obj, id, old, vp.address(), closure);
}
bool
CrossCompartmentWrapper::hasInstance(JSContext *cx, HandleObject wrapper, MutableHandleValue v, bool *bp)
{
AutoCompartment call(cx, wrappedObject(wrapper));
if (!cx->compartment->wrap(cx, v.address()))
return false;
return Wrapper::hasInstance(cx, wrapper, v, bp);
}
bool
WaiveXrayWrapper::get(JSContext *cx, HandleObject wrapper,
HandleObject receiver, HandleId id,
MutableHandleValue vp)
{
return CrossCompartmentWrapper::get(cx, wrapper, receiver, id, vp) &&
WrapperFactory::WaiveXrayAndWrap(cx, vp.address());
}
bool
XPC_WN_Helper_SetProperty(JSContext* cx, HandleObject obj, HandleId id,
MutableHandleValue vp, ObjectOpResult& result)
{
PRE_HELPER_STUB
SetProperty(wrapper, cx, obj, id, vp.address(), &retval);
POST_HELPER_STUB_WITH_OBJECTOPRESULT(failReadOnly)
}
bool
XPC_WN_Helper_GetProperty(JSContext* cx, HandleObject obj, HandleId id,
MutableHandleValue vp)
{
PRE_HELPER_STUB
GetProperty(wrapper, cx, obj, id, vp.address(), &retval);
POST_HELPER_STUB
}
bool
JSRuntime::getUnclonedSelfHostedValue(JSContext *cx, Handle<PropertyName*> name,
MutableHandleValue vp)
{
RootedObject shg(cx, selfHostingGlobal_);
AutoCompartment ac(cx, shg);
return JS_GetPropertyById(cx, shg, NameToId(name), vp.address());
}
/* static */ bool
ModuleObject::evaluate(JSContext* cx, HandleModuleObject self, MutableHandleValue rval)
{
RootedScript script(cx, self->script());
RootedModuleEnvironmentObject scope(cx, self->environment());
if (!scope) {
JS_ReportError(cx, "Module declarations have not yet been instantiated");
return false;
}
return Execute(cx, script, *scope, rval.address());
}
bool
ArrayShiftDense(JSContext *cx, HandleObject obj, MutableHandleValue rval)
{
JS_ASSERT(obj->is<ArrayObject>());
AutoDetectInvalidation adi(cx, rval.address());
Value argv[] = { UndefinedValue(), ObjectValue(*obj) };
AutoValueArray ava(cx, argv, 2);
if (!js::array_shift(cx, 0, argv))
return false;
// If the result is |undefined|, the array was probably empty and we
// have to monitor the return value.
rval.set(argv[0]);
if (rval.isUndefined())
types::TypeScript::Monitor(cx, rval);
return true;
}
bool
ArrayPopDense(JSContext *cx, HandleObject obj, MutableHandleValue rval)
{
JS_ASSERT(obj->is<ArrayObject>());
AutoDetectInvalidation adi(cx, rval.address());
JS::AutoValueArray<2> argv(cx);
argv[0].setUndefined();
argv[1].setObject(*obj);
if (!js::array_pop(cx, 0, argv.begin()))
return false;
// If the result is |undefined|, the array was probably empty and we
// have to monitor the return value.
rval.set(argv[0]);
if (rval.isUndefined())
types::TypeScript::Monitor(cx, rval);
return true;
}
bool
GlobalObject::getSelfHostedFunction(JSContext* cx, HandleAtom selfHostedName, HandleAtom name,
unsigned nargs, MutableHandleValue funVal)
{
RootedId shId(cx, AtomToId(selfHostedName));
RootedObject holder(cx, cx->global()->intrinsicsHolder());
if (cx->global()->maybeGetIntrinsicValue(shId, funVal.address()))
return true;
JSFunction* fun =
NewScriptedFunction(cx, nargs, JSFunction::INTERPRETED_LAZY,
name, JSFunction::ExtendedFinalizeKind, SingletonObject);
if (!fun)
return false;
fun->setIsSelfHostedBuiltin();
fun->setExtendedSlot(0, StringValue(selfHostedName));
funVal.setObject(*fun);
return cx->global()->addIntrinsicValue(cx, shId, funVal);
}
bool
js::DirectEvalStringFromIon(JSContext* cx,
HandleObject scopeObj, HandleScript callerScript,
HandleValue newTargetValue, HandleString str,
jsbytecode* pc, MutableHandleValue vp)
{
AssertInnerizedScopeChain(cx, *scopeObj);
Rooted<GlobalObject*> scopeObjGlobal(cx, &scopeObj->global());
if (!GlobalObject::isRuntimeCodeGenEnabled(cx, scopeObjGlobal)) {
JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_CSP_BLOCKED_EVAL);
return false;
}
// ES5 15.1.2.1 steps 2-8.
RootedLinearString linearStr(cx, str->ensureLinear(cx));
if (!linearStr)
return false;
EvalJSONResult ejr = TryEvalJSON(cx, linearStr, vp);
if (ejr != EvalJSON_NotJSON)
return ejr == EvalJSON_Success;
EvalScriptGuard esg(cx);
esg.lookupInEvalCache(linearStr, callerScript, pc);
if (!esg.foundScript()) {
RootedScript maybeScript(cx);
const char* filename;
unsigned lineno;
bool mutedErrors;
uint32_t pcOffset;
DescribeScriptedCallerForCompilation(cx, &maybeScript, &filename, &lineno, &pcOffset,
&mutedErrors, CALLED_FROM_JSOP_EVAL);
const char* introducerFilename = filename;
if (maybeScript && maybeScript->scriptSource()->introducerFilename())
introducerFilename = maybeScript->scriptSource()->introducerFilename();
RootedObject enclosing(cx, callerScript->innermostStaticScope(pc));
Rooted<StaticEvalScope*> staticScope(cx, StaticEvalScope::create(cx, enclosing));
if (!staticScope)
return false;
CompileOptions options(cx);
options.setIsRunOnce(true)
.setForEval(true)
.setNoScriptRval(false)
.setMutedErrors(mutedErrors)
.maybeMakeStrictMode(IsStrictEvalPC(pc));
if (introducerFilename) {
options.setFileAndLine(filename, 1);
options.setIntroductionInfo(introducerFilename, "eval", lineno, maybeScript, pcOffset);
} else {
options.setFileAndLine("eval", 1);
options.setIntroductionType("eval");
}
AutoStableStringChars linearChars(cx);
if (!linearChars.initTwoByte(cx, linearStr))
return false;
const char16_t* chars = linearChars.twoByteRange().start().get();
SourceBufferHolder::Ownership ownership = linearChars.maybeGiveOwnershipToCaller()
? SourceBufferHolder::GiveOwnership
: SourceBufferHolder::NoOwnership;
SourceBufferHolder srcBuf(chars, linearStr->length(), ownership);
JSScript* compiled = frontend::CompileScript(cx, &cx->tempLifoAlloc(),
scopeObj, staticScope, callerScript,
options, srcBuf, linearStr);
if (!compiled)
return false;
if (compiled->strict())
staticScope->setStrict();
esg.setNewScript(compiled);
}
return ExecuteKernel(cx, esg.script(), *scopeObj, newTargetValue,
NullFramePtr() /* evalInFrame */, vp.address());
}
// Common code implementing direct and indirect eval.
//
// Evaluate call.argv[2], if it is a string, in the context of the given calling
// frame, with the provided scope chain, with the semantics of either a direct
// or indirect eval (see ES5 10.4.2). If this is an indirect eval, scopeobj
// must be a global object.
//
// On success, store the completion value in call.rval and return true.
static bool
EvalKernel(JSContext* cx, HandleValue v, EvalType evalType, AbstractFramePtr caller,
HandleObject scopeobj, jsbytecode* pc, MutableHandleValue vp)
{
MOZ_ASSERT((evalType == INDIRECT_EVAL) == !caller);
MOZ_ASSERT((evalType == INDIRECT_EVAL) == !pc);
MOZ_ASSERT_IF(evalType == INDIRECT_EVAL, IsGlobalLexicalScope(scopeobj));
AssertInnerizedScopeChain(cx, *scopeobj);
Rooted<GlobalObject*> scopeObjGlobal(cx, &scopeobj->global());
if (!GlobalObject::isRuntimeCodeGenEnabled(cx, scopeObjGlobal)) {
JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_CSP_BLOCKED_EVAL);
return false;
}
// ES5 15.1.2.1 step 1.
if (!v.isString()) {
vp.set(v);
return true;
}
RootedString str(cx, v.toString());
// ES5 15.1.2.1 steps 2-8.
// Per ES5, indirect eval runs in the global scope. (eval is specified this
// way so that the compiler can make assumptions about what bindings may or
// may not exist in the current frame if it doesn't see 'eval'.)
MOZ_ASSERT_IF(evalType != DIRECT_EVAL,
cx->global() == &scopeobj->as<ClonedBlockObject>().global());
RootedLinearString linearStr(cx, str->ensureLinear(cx));
if (!linearStr)
return false;
RootedScript callerScript(cx, caller ? caller.script() : nullptr);
EvalJSONResult ejr = TryEvalJSON(cx, linearStr, vp);
if (ejr != EvalJSON_NotJSON)
return ejr == EvalJSON_Success;
EvalScriptGuard esg(cx);
if (evalType == DIRECT_EVAL && caller.isFunctionFrame())
esg.lookupInEvalCache(linearStr, callerScript, pc);
if (!esg.foundScript()) {
RootedScript maybeScript(cx);
unsigned lineno;
const char* filename;
bool mutedErrors;
uint32_t pcOffset;
DescribeScriptedCallerForCompilation(cx, &maybeScript, &filename, &lineno, &pcOffset,
&mutedErrors,
evalType == DIRECT_EVAL
? CALLED_FROM_JSOP_EVAL
: NOT_CALLED_FROM_JSOP_EVAL);
const char* introducerFilename = filename;
if (maybeScript && maybeScript->scriptSource()->introducerFilename())
introducerFilename = maybeScript->scriptSource()->introducerFilename();
RootedObject enclosing(cx);
if (evalType == DIRECT_EVAL)
enclosing = callerScript->innermostStaticScope(pc);
else
enclosing = &cx->global()->lexicalScope().staticBlock();
Rooted<StaticEvalScope*> staticScope(cx, StaticEvalScope::create(cx, enclosing));
if (!staticScope)
return false;
CompileOptions options(cx);
options.setIsRunOnce(true)
.setForEval(true)
.setNoScriptRval(false)
.setMutedErrors(mutedErrors)
.maybeMakeStrictMode(evalType == DIRECT_EVAL && IsStrictEvalPC(pc));
if (introducerFilename) {
options.setFileAndLine(filename, 1);
options.setIntroductionInfo(introducerFilename, "eval", lineno, maybeScript, pcOffset);
} else {
options.setFileAndLine("eval", 1);
options.setIntroductionType("eval");
}
AutoStableStringChars linearChars(cx);
if (!linearChars.initTwoByte(cx, linearStr))
return false;
const char16_t* chars = linearChars.twoByteRange().start().get();
SourceBufferHolder::Ownership ownership = linearChars.maybeGiveOwnershipToCaller()
? SourceBufferHolder::GiveOwnership
: SourceBufferHolder::NoOwnership;
SourceBufferHolder srcBuf(chars, linearStr->length(), ownership);
JSScript* compiled = frontend::CompileScript(cx, &cx->tempLifoAlloc(),
scopeobj, staticScope, callerScript,
options, srcBuf, linearStr);
if (!compiled)
return false;
if (compiled->strict())
staticScope->setStrict();
esg.setNewScript(compiled);
}
// Look up the newTarget from the frame iterator.
Value newTargetVal = NullValue();
return ExecuteKernel(cx, esg.script(), *scopeobj, newTargetVal,
NullFramePtr() /* evalInFrame */, vp.address());
}
static bool
PreprocessValue(JSContext *cx, JSObject *holder, KeyType key, MutableHandleValue vp, StringifyContext *scx)
{
JSString *keyStr = NULL;
/* Step 2. */
if (vp.get().isObject()) {
Value toJSON;
RootedId id(cx, NameToId(cx->runtime->atomState.toJSONAtom));
Rooted<JSObject*> obj(cx, &vp.get().toObject());
if (!GetMethod(cx, obj, id, 0, &toJSON))
return false;
if (js_IsCallable(toJSON)) {
keyStr = KeyStringifier<KeyType>::toString(cx, key);
if (!keyStr)
return false;
InvokeArgsGuard args;
if (!cx->stack.pushInvokeArgs(cx, 1, &args))
return false;
args.calleev() = toJSON;
args.thisv() = vp;
args[0] = StringValue(keyStr);
if (!Invoke(cx, args))
return false;
vp.set(args.rval());
}
}
/* Step 3. */
if (scx->replacer && scx->replacer->isCallable()) {
if (!keyStr) {
keyStr = KeyStringifier<KeyType>::toString(cx, key);
if (!keyStr)
return false;
}
InvokeArgsGuard args;
if (!cx->stack.pushInvokeArgs(cx, 2, &args))
return false;
args.calleev() = ObjectValue(*scx->replacer);
args.thisv() = ObjectValue(*holder);
args[0] = StringValue(keyStr);
args[1] = vp;
if (!Invoke(cx, args))
return false;
vp.set(args.rval());
}
/* Step 4. */
if (vp.get().isObject()) {
JSObject &obj = vp.get().toObject();
if (ObjectClassIs(obj, ESClass_Number, cx)) {
double d;
if (!ToNumber(cx, vp, &d))
return false;
vp.set(NumberValue(d));
} else if (ObjectClassIs(obj, ESClass_String, cx)) {
JSString *str = ToStringSlow(cx, vp);
if (!str)
return false;
vp.set(StringValue(str));
} else if (ObjectClassIs(obj, ESClass_Boolean, cx)) {
if (!BooleanGetPrimitiveValue(cx, obj, vp.address()))
return false;
JS_ASSERT(vp.get().isBoolean());
}
}
return true;
}
bool
js::DirectEvalFromIon(JSContext *cx,
HandleObject scopeobj, HandleScript callerScript,
HandleValue thisValue, HandleString str,
MutableHandleValue vp)
{
AssertInnerizedScopeChain(cx, *scopeobj);
Rooted<GlobalObject*> scopeObjGlobal(cx, &scopeobj->global());
if (!GlobalObject::isRuntimeCodeGenEnabled(cx, scopeObjGlobal)) {
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_CSP_BLOCKED_EVAL);
return false;
}
// ES5 15.1.2.1 steps 2-8.
unsigned staticLevel = callerScript->staticLevel + 1;
Rooted<JSStableString*> stableStr(cx, str->ensureStable(cx));
if (!stableStr)
return false;
StableCharPtr chars = stableStr->chars();
size_t length = stableStr->length();
EvalJSONResult ejr = TryEvalJSON(cx, callerScript, chars, length, vp);
if (ejr != EvalJSON_NotJSON)
return ejr == EvalJSON_Success;
EvalScriptGuard esg(cx);
// Ion will not perform cross compartment direct eval calls.
JSPrincipals *principals = cx->compartment->principals;
esg.lookupInEvalCache(stableStr, callerScript->function(), staticLevel);
if (!esg.foundScript()) {
unsigned lineno;
const char *filename;
JSPrincipals *originPrincipals;
CurrentScriptFileLineOrigin(cx, &filename, &lineno, &originPrincipals,
CALLED_FROM_JSOP_EVAL);
CompileOptions options(cx);
options.setFileAndLine(filename, lineno)
.setCompileAndGo(true)
.setNoScriptRval(false)
.setPrincipals(principals)
.setOriginPrincipals(originPrincipals);
UnrootedScript compiled = frontend::CompileScript(cx, scopeobj, callerScript, options,
chars.get(), length, stableStr, staticLevel);
if (!compiled)
return false;
esg.setNewScript(compiled);
}
// Primitive 'this' values should have been filtered out by Ion. If boxed,
// the calling frame cannot be updated to store the new object.
JS_ASSERT(thisValue.isObject() || thisValue.isUndefined() || thisValue.isNull());
return ExecuteKernel(cx, esg.script(), *scopeobj, thisValue, ExecuteType(DIRECT_EVAL),
NullFramePtr() /* evalInFrame */, vp.address());
}
bool
js::DirectEvalStringFromIon(JSContext* cx,
HandleObject scopeobj, HandleScript callerScript,
HandleValue thisValue, HandleValue newTargetValue,
HandleString str, jsbytecode* pc, MutableHandleValue vp)
{
AssertInnerizedScopeChain(cx, *scopeobj);
Rooted<GlobalObject*> scopeObjGlobal(cx, &scopeobj->global());
if (!GlobalObject::isRuntimeCodeGenEnabled(cx, scopeObjGlobal)) {
JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_CSP_BLOCKED_EVAL);
return false;
}
// ES5 15.1.2.1 steps 2-8.
unsigned staticLevel = callerScript->staticLevel() + 1;
RootedLinearString linearStr(cx, str->ensureLinear(cx));
if (!linearStr)
return false;
EvalJSONResult ejr = TryEvalJSON(cx, linearStr, vp);
if (ejr != EvalJSON_NotJSON)
return ejr == EvalJSON_Success;
EvalScriptGuard esg(cx);
esg.lookupInEvalCache(linearStr, callerScript, pc);
if (!esg.foundScript()) {
RootedScript maybeScript(cx);
const char* filename;
unsigned lineno;
bool mutedErrors;
uint32_t pcOffset;
DescribeScriptedCallerForCompilation(cx, &maybeScript, &filename, &lineno, &pcOffset,
&mutedErrors, CALLED_FROM_JSOP_EVAL);
const char* introducerFilename = filename;
if (maybeScript && maybeScript->scriptSource()->introducerFilename())
introducerFilename = maybeScript->scriptSource()->introducerFilename();
RootedObject enclosing(cx, callerScript->innermostStaticScope(pc));
Rooted<StaticEvalObject*> staticScope(cx, StaticEvalObject::create(cx, enclosing));
if (!staticScope)
return false;
CompileOptions options(cx);
options.setFileAndLine(filename, 1)
.setIsRunOnce(true)
.setForEval(true)
.setNoScriptRval(false)
.setMutedErrors(mutedErrors)
.setIntroductionInfo(introducerFilename, "eval", lineno, maybeScript, pcOffset)
.maybeMakeStrictMode(IsStrictEvalPC(pc));
AutoStableStringChars linearChars(cx);
if (!linearChars.initTwoByte(cx, linearStr))
return false;
const char16_t* chars = linearChars.twoByteRange().start().get();
SourceBufferHolder::Ownership ownership = linearChars.maybeGiveOwnershipToCaller()
? SourceBufferHolder::GiveOwnership
: SourceBufferHolder::NoOwnership;
SourceBufferHolder srcBuf(chars, linearStr->length(), ownership);
JSScript* compiled = frontend::CompileScript(cx, &cx->tempLifoAlloc(),
scopeobj, staticScope, callerScript,
options, srcBuf, linearStr, staticLevel);
if (!compiled)
return false;
if (compiled->strict())
staticScope->setStrict();
esg.setNewScript(compiled);
}
// Primitive 'this' values should have been filtered out by Ion. If boxed,
// the calling frame cannot be updated to store the new object.
MOZ_ASSERT(thisValue.isObject() || thisValue.isUndefined() || thisValue.isNull());
// When eval'ing strict code in a non-strict context, compute the 'this'
// value to use from what the caller passed in. This isn't necessary if
// the callee is not strict, as it will compute the non-strict 'this'
// value as necessary while it executes.
RootedValue nthisValue(cx, thisValue);
if (!callerScript->strict() && esg.script()->strict() && !thisValue.isObject()) {
JSObject* obj = BoxNonStrictThis(cx, thisValue);
if (!obj)
return false;
nthisValue = ObjectValue(*obj);
}
return ExecuteKernel(cx, esg.script(), *scopeobj, nthisValue, newTargetValue,
ExecuteType(DIRECT_EVAL), NullFramePtr() /* evalInFrame */, vp.address());
}
static bool
PreprocessValue(JSContext *cx, HandleObject holder, KeyType key, MutableHandleValue vp, StringifyContext *scx)
{
RootedString keyStr(cx);
/* Step 2. */
if (vp.isObject()) {
RootedValue toJSON(cx);
RootedObject obj(cx, &vp.toObject());
if (!JSObject::getProperty(cx, obj, obj, cx->names().toJSON, &toJSON))
return false;
if (js_IsCallable(toJSON)) {
keyStr = KeyStringifier<KeyType>::toString(cx, key);
if (!keyStr)
return false;
InvokeArgsGuard args;
if (!cx->stack.pushInvokeArgs(cx, 1, &args))
return false;
args.setCallee(toJSON);
args.setThis(vp);
args[0] = StringValue(keyStr);
if (!Invoke(cx, args))
return false;
vp.set(args.rval());
}
}
/* Step 3. */
if (scx->replacer && scx->replacer->isCallable()) {
if (!keyStr) {
keyStr = KeyStringifier<KeyType>::toString(cx, key);
if (!keyStr)
return false;
}
InvokeArgsGuard args;
if (!cx->stack.pushInvokeArgs(cx, 2, &args))
return false;
args.setCallee(ObjectValue(*scx->replacer));
args.setThis(ObjectValue(*holder));
args[0] = StringValue(keyStr);
args[1] = vp;
if (!Invoke(cx, args))
return false;
vp.set(args.rval());
}
/* Step 4. */
if (vp.get().isObject()) {
RootedObject obj(cx, &vp.get().toObject());
if (ObjectClassIs(obj, ESClass_Number, cx)) {
double d;
if (!ToNumber(cx, vp, &d))
return false;
vp.set(NumberValue(d));
} else if (ObjectClassIs(obj, ESClass_String, cx)) {
JSString *str = ToStringSlow<CanGC>(cx, vp);
if (!str)
return false;
vp.set(StringValue(str));
} else if (ObjectClassIs(obj, ESClass_Boolean, cx)) {
if (!BooleanGetPrimitiveValue(cx, obj, vp.address()))
return false;
JS_ASSERT(vp.get().isBoolean());
}
}
return true;
}
bool
js::DirectEvalStringFromIon(JSContext *cx,
HandleObject scopeobj, HandleScript callerScript,
HandleValue thisValue, HandleString str,
jsbytecode *pc, MutableHandleValue vp)
{
AssertInnerizedScopeChain(cx, *scopeobj);
Rooted<GlobalObject*> scopeObjGlobal(cx, &scopeobj->global());
if (!GlobalObject::isRuntimeCodeGenEnabled(cx, scopeObjGlobal)) {
JS_ReportErrorNumber(cx, js_GetErrorMessage, nullptr, JSMSG_CSP_BLOCKED_EVAL);
return false;
}
// ES5 15.1.2.1 steps 2-8.
unsigned staticLevel = callerScript->staticLevel() + 1;
Rooted<JSFlatString*> flatStr(cx, str->ensureFlat(cx));
if (!flatStr)
return false;
size_t length = flatStr->length();
ConstTwoByteChars chars(flatStr->chars(), length);
EvalJSONResult ejr = TryEvalJSON(cx, callerScript, chars, length, vp);
if (ejr != EvalJSON_NotJSON)
return ejr == EvalJSON_Success;
EvalScriptGuard esg(cx);
// Ion will not perform cross compartment direct eval calls.
JSPrincipals *principals = cx->compartment()->principals;
esg.lookupInEvalCache(flatStr, callerScript, pc);
if (!esg.foundScript()) {
JSScript *script;
const char *filename;
unsigned lineno;
JSPrincipals *originPrincipals;
uint32_t pcOffset;
CurrentScriptFileLineOrigin(cx, &script, &filename, &lineno, &pcOffset,
&originPrincipals, CALLED_FROM_JSOP_EVAL);
const char *introducerFilename = filename;
if (script && script->scriptSource()->introducerFilename())
introducerFilename = script->scriptSource()->introducerFilename();
CompileOptions options(cx);
options.setFileAndLine(filename, 1)
.setCompileAndGo(true)
.setForEval(true)
.setNoScriptRval(false)
.setPrincipals(principals)
.setOriginPrincipals(originPrincipals)
.setIntroductionInfo(introducerFilename, "eval", lineno, script, pcOffset);
JSScript *compiled = frontend::CompileScript(cx, &cx->tempLifoAlloc(),
scopeobj, callerScript, options,
chars.get(), length, flatStr, staticLevel);
if (!compiled)
return false;
MarkFunctionsWithinEvalScript(compiled);
esg.setNewScript(compiled);
}
// Primitive 'this' values should have been filtered out by Ion. If boxed,
// the calling frame cannot be updated to store the new object.
JS_ASSERT(thisValue.isObject() || thisValue.isUndefined() || thisValue.isNull());
return ExecuteKernel(cx, esg.script(), *scopeobj, thisValue, ExecuteType(DIRECT_EVAL),
NullFramePtr() /* evalInFrame */, vp.address());
}
bool
js::DirectEvalStringFromIon(JSContext *cx,
HandleObject scopeobj, HandleScript callerScript,
HandleValue thisValue, HandleString str,
jsbytecode *pc, MutableHandleValue vp)
{
AssertInnerizedScopeChain(cx, *scopeobj);
Rooted<GlobalObject*> scopeObjGlobal(cx, &scopeobj->global());
if (!GlobalObject::isRuntimeCodeGenEnabled(cx, scopeObjGlobal)) {
JS_ReportErrorNumber(cx, js_GetErrorMessage, nullptr, JSMSG_CSP_BLOCKED_EVAL);
return false;
}
// ES5 15.1.2.1 steps 2-8.
unsigned staticLevel = callerScript->staticLevel() + 1;
Rooted<JSFlatString*> flatStr(cx, str->ensureFlat(cx));
if (!flatStr)
return false;
EvalJSONResult ejr = TryEvalJSON(cx, callerScript, flatStr, vp);
if (ejr != EvalJSON_NotJSON)
return ejr == EvalJSON_Success;
EvalScriptGuard esg(cx);
esg.lookupInEvalCache(flatStr, callerScript, pc);
if (!esg.foundScript()) {
RootedScript maybeScript(cx);
const char *filename;
unsigned lineno;
JSPrincipals *originPrincipals;
uint32_t pcOffset;
DescribeScriptedCallerForCompilation(cx, &maybeScript, &filename, &lineno, &pcOffset,
&originPrincipals, CALLED_FROM_JSOP_EVAL);
const char *introducerFilename = filename;
if (maybeScript && maybeScript->scriptSource()->introducerFilename())
introducerFilename = maybeScript->scriptSource()->introducerFilename();
CompileOptions options(cx);
options.setFileAndLine(filename, 1)
.setCompileAndGo(true)
.setForEval(true)
.setNoScriptRval(false)
.setOriginPrincipals(originPrincipals)
.setIntroductionInfo(introducerFilename, "eval", lineno, maybeScript, pcOffset);
AutoStableStringChars flatChars(cx);
if (!flatChars.initTwoByte(cx, flatStr))
return false;
const char16_t *chars = flatChars.twoByteRange().start().get();
SourceBufferHolder::Ownership ownership = flatChars.maybeGiveOwnershipToCaller()
? SourceBufferHolder::GiveOwnership
: SourceBufferHolder::NoOwnership;
SourceBufferHolder srcBuf(chars, flatStr->length(), ownership);
JSScript *compiled = frontend::CompileScript(cx, &cx->tempLifoAlloc(),
scopeobj, callerScript, options,
srcBuf, flatStr, staticLevel);
if (!compiled)
return false;
esg.setNewScript(compiled);
}
// Primitive 'this' values should have been filtered out by Ion. If boxed,
// the calling frame cannot be updated to store the new object.
JS_ASSERT(thisValue.isObject() || thisValue.isUndefined() || thisValue.isNull());
return ExecuteKernel(cx, esg.script(), *scopeobj, thisValue, ExecuteType(DIRECT_EVAL),
NullFramePtr() /* evalInFrame */, vp.address());
}
bool
BaseProxyHandler::set(JSContext* cx, HandleObject proxy, HandleObject receiver,
HandleId id, bool strict, MutableHandleValue vp) const
{
assertEnteredPolicy(cx, proxy, id, SET);
// This method is not covered by any spec, but we follow ES6 draft rev 28
// (2014 Oct 14) 9.1.9 fairly closely, adapting it slightly for
// SpiderMonkey's particular foibles.
// Steps 2-3. (Step 1 is a superfluous assertion.)
Rooted<PropertyDescriptor> ownDesc(cx);
if (!getOwnPropertyDescriptor(cx, proxy, id, &ownDesc))
return false;
// Step 4.
if (!ownDesc.object()) {
// The spec calls this variable "parent", but that word has weird
// connotations in SpiderMonkey, so let's go with "proto".
RootedObject proto(cx);
if (!GetPrototype(cx, proxy, &proto))
return false;
if (proto)
return SetProperty(cx, proto, receiver, id, vp, strict);
// Change ownDesc to be a complete descriptor for a configurable,
// writable, enumerable data property. Then fall through to step 5.
ownDesc.clear();
ownDesc.setAttributes(JSPROP_ENUMERATE);
}
// Step 5.
if (ownDesc.isDataDescriptor()) {
// Steps 5.a-b, adapted to our nonstandard implementation of ES6
// [[Set]] return values.
if (!ownDesc.isWritable()) {
if (strict)
return JSObject::reportReadOnly(cx, id, JSREPORT_ERROR);
if (cx->compartment()->options().extraWarnings(cx))
return JSObject::reportReadOnly(cx, id, JSREPORT_STRICT | JSREPORT_WARNING);
return true;
}
// Nonstandard SpiderMonkey special case: setter ops.
StrictPropertyOp setter = ownDesc.setter();
MOZ_ASSERT(setter != JS_StrictPropertyStub);
if (setter && setter != JS_StrictPropertyStub)
return CallSetter(cx, receiver, id, setter, ownDesc.attributes(), strict, vp);
// Steps 5.c-d. Adapt for SpiderMonkey by using HasOwnProperty instead
// of the standard [[GetOwnProperty]].
bool existingDescriptor;
if (!HasOwnProperty(cx, receiver, id, &existingDescriptor))
return false;
// Steps 5.e-f.
unsigned attrs =
existingDescriptor
? JSPROP_IGNORE_ENUMERATE | JSPROP_IGNORE_READONLY | JSPROP_IGNORE_PERMANENT
: JSPROP_ENUMERATE;
// A very old nonstandard SpiderMonkey extension: default to the Class
// getter and setter ops.
const Class* clasp = receiver->getClass();
MOZ_ASSERT(clasp->getProperty != JS_PropertyStub);
MOZ_ASSERT(clasp->setProperty != JS_StrictPropertyStub);
return DefineProperty(cx, receiver, id, vp,
clasp->getProperty, clasp->setProperty, attrs);
}
// Step 6.
MOZ_ASSERT(ownDesc.isAccessorDescriptor());
RootedObject setter(cx);
if (ownDesc.hasSetterObject())
setter = ownDesc.setterObject();
if (!setter)
return js_ReportGetterOnlyAssignment(cx, strict);
RootedValue setterValue(cx, ObjectValue(*setter));
return InvokeGetterOrSetter(cx, receiver, setterValue, 1, vp.address(), vp);
}