1 // Copyright 2016 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "src/builtins/builtins-utils.h"
6 #include "src/builtins/builtins.h"
7 #include "src/code-factory.h"
8 #include "src/compiler.h"
9 #include "src/conversions.h"
10 #include "src/counters.h"
11 #include "src/lookup.h"
12 #include "src/objects-inl.h"
13 #include "src/objects/api-callbacks.h"
14 #include "src/string-builder.h"
15
16 namespace v8 {
17 namespace internal {
18
19 namespace {
20
21 // ES6 section 19.2.1.1.1 CreateDynamicFunction
CreateDynamicFunction(Isolate * isolate,BuiltinArguments args,const char * token)22 MaybeHandle<Object> CreateDynamicFunction(Isolate* isolate,
23 BuiltinArguments args,
24 const char* token) {
25 // Compute number of arguments, ignoring the receiver.
26 DCHECK_LE(1, args.length());
27 int const argc = args.length() - 1;
28
29 Handle<JSFunction> target = args.target();
30 Handle<JSObject> target_global_proxy(target->global_proxy(), isolate);
31
32 if (!Builtins::AllowDynamicFunction(isolate, target, target_global_proxy)) {
33 isolate->CountUsage(v8::Isolate::kFunctionConstructorReturnedUndefined);
34 return isolate->factory()->undefined_value();
35 }
36
37 // Build the source string.
38 Handle<String> source;
39 int parameters_end_pos = kNoSourcePosition;
40 {
41 IncrementalStringBuilder builder(isolate);
42 builder.AppendCharacter('(');
43 builder.AppendCString(token);
44 if (FLAG_harmony_function_tostring) {
45 builder.AppendCString(" anonymous(");
46 } else {
47 builder.AppendCharacter('(');
48 }
49 bool parenthesis_in_arg_string = false;
50 if (argc > 1) {
51 for (int i = 1; i < argc; ++i) {
52 if (i > 1) builder.AppendCharacter(',');
53 Handle<String> param;
54 ASSIGN_RETURN_ON_EXCEPTION(
55 isolate, param, Object::ToString(isolate, args.at(i)), Object);
56 param = String::Flatten(param);
57 builder.AppendString(param);
58 if (!FLAG_harmony_function_tostring) {
59 // If the formal parameters string include ) - an illegal
60 // character - it may make the combined function expression
61 // compile. We avoid this problem by checking for this early on.
62 DisallowHeapAllocation no_gc; // Ensure vectors stay valid.
63 String::FlatContent param_content = param->GetFlatContent();
64 for (int i = 0, length = param->length(); i < length; ++i) {
65 if (param_content.Get(i) == ')') {
66 parenthesis_in_arg_string = true;
67 break;
68 }
69 }
70 }
71 }
72 if (!FLAG_harmony_function_tostring) {
73 // If the formal parameters include an unbalanced block comment, the
74 // function must be rejected. Since JavaScript does not allow nested
75 // comments we can include a trailing block comment to catch this.
76 builder.AppendCString("\n/*``*/");
77 }
78 }
79 if (FLAG_harmony_function_tostring) {
80 builder.AppendCharacter('\n');
81 parameters_end_pos = builder.Length();
82 }
83 builder.AppendCString(") {\n");
84 if (argc > 0) {
85 Handle<String> body;
86 ASSIGN_RETURN_ON_EXCEPTION(
87 isolate, body, Object::ToString(isolate, args.at(argc)), Object);
88 builder.AppendString(body);
89 }
90 builder.AppendCString("\n})");
91 ASSIGN_RETURN_ON_EXCEPTION(isolate, source, builder.Finish(), Object);
92
93 // The SyntaxError must be thrown after all the (observable) ToString
94 // conversions are done.
95 if (parenthesis_in_arg_string) {
96 THROW_NEW_ERROR(isolate,
97 NewSyntaxError(MessageTemplate::kParenthesisInArgString),
98 Object);
99 }
100 }
101
102 // Compile the string in the constructor and not a helper so that errors to
103 // come from here.
104 Handle<JSFunction> function;
105 {
106 ASSIGN_RETURN_ON_EXCEPTION(
107 isolate, function,
108 Compiler::GetFunctionFromString(
109 handle(target->native_context(), isolate), source,
110 ONLY_SINGLE_FUNCTION_LITERAL, parameters_end_pos),
111 Object);
112 Handle<Object> result;
113 ASSIGN_RETURN_ON_EXCEPTION(
114 isolate, result,
115 Execution::Call(isolate, function, target_global_proxy, 0, nullptr),
116 Object);
117 function = Handle<JSFunction>::cast(result);
118 function->shared()->set_name_should_print_as_anonymous(true);
119 }
120
121 // If new.target is equal to target then the function created
122 // is already correctly setup and nothing else should be done
123 // here. But if new.target is not equal to target then we are
124 // have a Function builtin subclassing case and therefore the
125 // function has wrong initial map. To fix that we create a new
126 // function object with correct initial map.
127 Handle<Object> unchecked_new_target = args.new_target();
128 if (!unchecked_new_target->IsUndefined(isolate) &&
129 !unchecked_new_target.is_identical_to(target)) {
130 Handle<JSReceiver> new_target =
131 Handle<JSReceiver>::cast(unchecked_new_target);
132 Handle<Map> initial_map;
133 ASSIGN_RETURN_ON_EXCEPTION(
134 isolate, initial_map,
135 JSFunction::GetDerivedMap(isolate, target, new_target), Object);
136
137 Handle<SharedFunctionInfo> shared_info(function->shared(), isolate);
138 Handle<Map> map = Map::AsLanguageMode(initial_map, shared_info);
139
140 Handle<Context> context(function->context(), isolate);
141 function = isolate->factory()->NewFunctionFromSharedFunctionInfo(
142 map, shared_info, context, NOT_TENURED);
143 }
144 return function;
145 }
146
147 } // namespace
148
149 // ES6 section 19.2.1.1 Function ( p1, p2, ... , pn, body )
BUILTIN(FunctionConstructor)150 BUILTIN(FunctionConstructor) {
151 HandleScope scope(isolate);
152 Handle<Object> result;
153 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
154 isolate, result, CreateDynamicFunction(isolate, args, "function"));
155 return *result;
156 }
157
158 // ES6 section 25.2.1.1 GeneratorFunction (p1, p2, ... , pn, body)
BUILTIN(GeneratorFunctionConstructor)159 BUILTIN(GeneratorFunctionConstructor) {
160 HandleScope scope(isolate);
161 RETURN_RESULT_OR_FAILURE(isolate,
162 CreateDynamicFunction(isolate, args, "function*"));
163 }
164
BUILTIN(AsyncFunctionConstructor)165 BUILTIN(AsyncFunctionConstructor) {
166 HandleScope scope(isolate);
167 Handle<Object> maybe_func;
168 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
169 isolate, maybe_func,
170 CreateDynamicFunction(isolate, args, "async function"));
171 if (!maybe_func->IsJSFunction()) return *maybe_func;
172
173 // Do not lazily compute eval position for AsyncFunction, as they may not be
174 // determined after the function is resumed.
175 Handle<JSFunction> func = Handle<JSFunction>::cast(maybe_func);
176 Handle<Script> script = handle(Script::cast(func->shared()->script()));
177 int position = script->GetEvalPosition();
178 USE(position);
179
180 return *func;
181 }
182
BUILTIN(AsyncGeneratorFunctionConstructor)183 BUILTIN(AsyncGeneratorFunctionConstructor) {
184 HandleScope scope(isolate);
185 Handle<Object> maybe_func;
186 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
187 isolate, maybe_func,
188 CreateDynamicFunction(isolate, args, "async function*"));
189 if (!maybe_func->IsJSFunction()) return *maybe_func;
190
191 // Do not lazily compute eval position for AsyncFunction, as they may not be
192 // determined after the function is resumed.
193 Handle<JSFunction> func = Handle<JSFunction>::cast(maybe_func);
194 Handle<Script> script = handle(Script::cast(func->shared()->script()));
195 int position = script->GetEvalPosition();
196 USE(position);
197
198 return *func;
199 }
200
201 namespace {
202
DoFunctionBind(Isolate * isolate,BuiltinArguments args)203 Object* DoFunctionBind(Isolate* isolate, BuiltinArguments args) {
204 HandleScope scope(isolate);
205 DCHECK_LE(1, args.length());
206 if (!args.receiver()->IsCallable()) {
207 THROW_NEW_ERROR_RETURN_FAILURE(
208 isolate, NewTypeError(MessageTemplate::kFunctionBind));
209 }
210
211 // Allocate the bound function with the given {this_arg} and {args}.
212 Handle<JSReceiver> target = args.at<JSReceiver>(0);
213 Handle<Object> this_arg = isolate->factory()->undefined_value();
214 ScopedVector<Handle<Object>> argv(std::max(0, args.length() - 2));
215 if (args.length() > 1) {
216 this_arg = args.at(1);
217 for (int i = 2; i < args.length(); ++i) {
218 argv[i - 2] = args.at(i);
219 }
220 }
221 Handle<JSBoundFunction> function;
222 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
223 isolate, function,
224 isolate->factory()->NewJSBoundFunction(target, this_arg, argv));
225
226 LookupIterator length_lookup(target, isolate->factory()->length_string(),
227 target, LookupIterator::OWN);
228 // Setup the "length" property based on the "length" of the {target}.
229 // If the targets length is the default JSFunction accessor, we can keep the
230 // accessor that's installed by default on the JSBoundFunction. It lazily
231 // computes the value from the underlying internal length.
232 if (!target->IsJSFunction() ||
233 length_lookup.state() != LookupIterator::ACCESSOR ||
234 !length_lookup.GetAccessors()->IsAccessorInfo()) {
235 Handle<Object> length(Smi::kZero, isolate);
236 Maybe<PropertyAttributes> attributes =
237 JSReceiver::GetPropertyAttributes(&length_lookup);
238 if (attributes.IsNothing()) return isolate->heap()->exception();
239 if (attributes.FromJust() != ABSENT) {
240 Handle<Object> target_length;
241 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, target_length,
242 Object::GetProperty(&length_lookup));
243 if (target_length->IsNumber()) {
244 length = isolate->factory()->NewNumber(std::max(
245 0.0, DoubleToInteger(target_length->Number()) - argv.length()));
246 }
247 }
248 LookupIterator it(function, isolate->factory()->length_string(), function);
249 DCHECK_EQ(LookupIterator::ACCESSOR, it.state());
250 RETURN_FAILURE_ON_EXCEPTION(isolate,
251 JSObject::DefineOwnPropertyIgnoreAttributes(
252 &it, length, it.property_attributes()));
253 }
254
255 // Setup the "name" property based on the "name" of the {target}.
256 // If the target's name is the default JSFunction accessor, we can keep the
257 // accessor that's installed by default on the JSBoundFunction. It lazily
258 // computes the value from the underlying internal name.
259 LookupIterator name_lookup(target, isolate->factory()->name_string(), target);
260 if (!target->IsJSFunction() ||
261 name_lookup.state() != LookupIterator::ACCESSOR ||
262 !name_lookup.GetAccessors()->IsAccessorInfo() ||
263 (name_lookup.IsFound() && !name_lookup.HolderIsReceiver())) {
264 Handle<Object> target_name;
265 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(isolate, target_name,
266 Object::GetProperty(&name_lookup));
267 Handle<String> name;
268 if (target_name->IsString()) {
269 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
270 isolate, name,
271 Name::ToFunctionName(Handle<String>::cast(target_name)));
272 ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
273 isolate, name, isolate->factory()->NewConsString(
274 isolate->factory()->bound__string(), name));
275 } else {
276 name = isolate->factory()->bound__string();
277 }
278 LookupIterator it(function, isolate->factory()->name_string());
279 DCHECK_EQ(LookupIterator::ACCESSOR, it.state());
280 RETURN_FAILURE_ON_EXCEPTION(isolate,
281 JSObject::DefineOwnPropertyIgnoreAttributes(
282 &it, name, it.property_attributes()));
283 }
284 return *function;
285 }
286
287 } // namespace
288
289 // ES6 section 19.2.3.2 Function.prototype.bind ( thisArg, ...args )
BUILTIN(FunctionPrototypeBind)290 BUILTIN(FunctionPrototypeBind) { return DoFunctionBind(isolate, args); }
291
292 // ES6 section 19.2.3.5 Function.prototype.toString ( )
BUILTIN(FunctionPrototypeToString)293 BUILTIN(FunctionPrototypeToString) {
294 HandleScope scope(isolate);
295 Handle<Object> receiver = args.receiver();
296 if (receiver->IsJSBoundFunction()) {
297 return *JSBoundFunction::ToString(Handle<JSBoundFunction>::cast(receiver));
298 }
299 if (receiver->IsJSFunction()) {
300 return *JSFunction::ToString(Handle<JSFunction>::cast(receiver));
301 }
302 // With the revised toString behavior, all callable objects are valid
303 // receivers for this method.
304 if (FLAG_harmony_function_tostring && receiver->IsJSReceiver() &&
305 JSReceiver::cast(*receiver)->map()->is_callable()) {
306 return isolate->heap()->function_native_code_string();
307 }
308 THROW_NEW_ERROR_RETURN_FAILURE(
309 isolate, NewTypeError(MessageTemplate::kNotGeneric,
310 isolate->factory()->NewStringFromAsciiChecked(
311 "Function.prototype.toString"),
312 isolate->factory()->Function_string()));
313 }
314
315 } // namespace internal
316 } // namespace v8
317