Context Navigation

← Previous Changeset
Next Changeset →

Changeset 109461 in webkit

Timestamp:

Mar 1, 2012 4:12:58 PM (12 years ago)

Author:

barraclough@apple.com

Message:

ES5.1-15.3.5.4. prohibits Function.caller from Get?ting a strict caller
https://bugs.webkit.org/show_bug.cgi?id=80011

Reviewed by Oliver Hunt.

Also, fix getting the caller from within a bound function, for within a getter,
or setter (make our implementation match other browsers).

Source/JavaScriptCore:

interpreter/Interpreter.cpp:

(JSC::getCallerInfo):

Allow this to get the caller of host functions.

(JSC::Interpreter::retrieveCallerFromVMCode):

This should use getCallerInfo, and should skip over function bindings.

runtime/JSFunction.cpp:

(JSC::JSFunction::callerGetter):

This should never return a strict-mode function.

LayoutTests:

fast/js/caller-property-expected.txt:
fast/js/script-tests/caller-property.js:
- Add test cases covering permutations of caller/callee being strict/non-strict, And for callee being a getter/setter/bound.
fast/js/stack-trace-expected.txt:
- Allow stack tracing over host functions.

Location:

trunk

Files:

: 7 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/fast/js/caller-property-expected.txt (modified) (1 diff)
LayoutTests/fast/js/script-tests/caller-property.js (modified) (1 diff)
LayoutTests/fast/js/stack-trace-expected.txt (modified) (8 diffs)
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
Source/JavaScriptCore/interpreter/Interpreter.cpp (modified) (3 diffs)
Source/JavaScriptCore/runtime/JSFunction.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-                      r109458
+                      r109461
+-03-01  Gavin Barraclough  <barraclough@apple.com>
+        ES5.1-15.3.5.4. prohibits Function.caller from [[Get]]ting a strict caller
+        https://bugs.webkit.org/show_bug.cgi?id=80011
+        Reviewed by Oliver Hunt.
+        Also, fix getting the caller from within a bound function, for within a getter,
+        or setter (make our implementation match other browsers).
+        * fast/js/caller-property-expected.txt:
+        * fast/js/script-tests/caller-property.js:
+            - Add test cases covering permutations of caller/callee being strict/non-strict,
+              And for callee being a getter/setter/bound.
+        * fast/js/stack-trace-expected.txt:
+            - Allow stack tracing over host functions.
 -03-01  Xingnan Wang  <xingnan.wang@intel.com>

trunk/LayoutTests/fast/js/caller-property-expected.txt

-                      r17483
+                      r109461
 PASS childHasCallerWhenCalledWithoutParent is false
 PASS childHasCallerWhenCalledFromWithinParent is true
+PASS nonStrictCaller(nonStrictCallee) is nonStrictCaller
+PASS nonStrictCaller(strictCallee) threw exception TypeError: Type error.
+PASS strictCaller(nonStrictCallee) threw exception TypeError: Function.caller used to retrieve strict caller.
+PASS strictCaller(strictCallee) threw exception TypeError: Type error.
+PASS nonStrictCaller(boundNonStrictCallee) is nonStrictCaller
+PASS nonStrictCaller(boundStrictCallee) threw exception TypeError: Type error.
+PASS strictCaller(boundNonStrictCallee) threw exception TypeError: Function.caller used to retrieve strict caller.
+PASS strictCaller(boundStrictCallee) threw exception TypeError: Type error.
+PASS nonStrictGetter(nonStrictAccessor) is nonStrictGetter
+PASS nonStrictSetter(nonStrictAccessor) is true
+PASS nonStrictGetter(strictAccessor) threw exception TypeError: Type error.
+PASS nonStrictSetter(strictAccessor) threw exception TypeError: Type error.
+PASS strictGetter(nonStrictAccessor) threw exception TypeError: Function.caller used to retrieve strict caller.
+PASS strictSetter(nonStrictAccessor) threw exception TypeError: Function.caller used to retrieve strict caller.
+PASS strictGetter(strictAccessor) threw exception TypeError: Type error.
+PASS strictSetter(strictAccessor) threw exception TypeError: Type error.
 PASS successfullyParsed is true

trunk/LayoutTests/fast/js/script-tests/caller-property.js

-                      r98407
+                      r109461
 shouldBe('childHasCallerWhenCalledWithoutParent', 'false');
 shouldBe('childHasCallerWhenCalledFromWithinParent', 'true')
+// The caller property should throw in strict mode, and a non-strict function cannot use caller to reach a strict caller (see ES5.1 15.3.5.4).
+function nonStrictCallee() { return nonStrictCallee.caller; }
+function strictCallee() { "use strict"; return strictCallee.caller; }
+function nonStrictCaller(x) { return x(); }
+function strictCaller(x) { "use strict"; return x(); }
+shouldBe("nonStrictCaller(nonStrictCallee)", "nonStrictCaller");
+shouldThrow("nonStrictCaller(strictCallee)", '"TypeError: Type error"');
+shouldThrow("strictCaller(nonStrictCallee)", '"TypeError: Function.caller used to retrieve strict caller"');
+shouldThrow("strictCaller(strictCallee)", '"TypeError: Type error"');
+// .caller within a bound function reaches the caller, ignoring the binding.
+var boundNonStrictCallee = nonStrictCallee.bind();
+var boundStrictCallee = strictCallee.bind();
+shouldBe("nonStrictCaller(boundNonStrictCallee)", "nonStrictCaller");
+shouldThrow("nonStrictCaller(boundStrictCallee)", '"TypeError: Type error"');
+shouldThrow("strictCaller(boundNonStrictCallee)", '"TypeError: Function.caller used to retrieve strict caller"');
+shouldThrow("strictCaller(boundStrictCallee)", '"TypeError: Type error"');
+// Check that .caller works (or throws) as expected, over an accessor call.
+function getFooGetter(x) { return Object.getOwnPropertyDescriptor(x, 'foo').get; }
+function getFooSetter(x) { return Object.getOwnPropertyDescriptor(x, 'foo').set; }
+var nonStrictAccessor = {
+    get foo() { return getFooGetter(nonStrictAccessor).caller; },
+    set foo(x) { if (getFooSetter(nonStrictAccessor).caller !==x) throw false; }
+};
+var strictAccessor = {
+    get foo() { "use strict"; return getFooGetter(strictAccessor).caller; },
+    set foo(x) { "use strict"; if (getFooSetter(strictAccessor).caller !==x) throw false; }
+};
+function nonStrictGetter(x) { return x.foo; }
+function nonStrictSetter(x) { x.foo = nonStrictSetter; return true; }
+function strictGetter(x) { "use strict"; return x.foo; }
+function strictSetter(x) { "use strict"; x.foo = nonStrictSetter; return true; }
+shouldBe("nonStrictGetter(nonStrictAccessor)", "nonStrictGetter");
+shouldBeTrue("nonStrictSetter(nonStrictAccessor)");
+shouldThrow("nonStrictGetter(strictAccessor)", '"TypeError: Type error"');
+shouldThrow("nonStrictSetter(strictAccessor)", '"TypeError: Type error"');
+shouldThrow("strictGetter(nonStrictAccessor)", '"TypeError: Function.caller used to retrieve strict caller"');
+shouldThrow("strictSetter(nonStrictAccessor)", '"TypeError: Function.caller used to retrieve strict caller"');
+shouldThrow("strictGetter(strictAccessor)", '"TypeError: Type error"');
+shouldThrow("strictSetter(strictAccessor)", '"TypeError: Type error"');

trunk/LayoutTests/fast/js/stack-trace-expected.txt

-                      r108112
+                      r109461
     at eval code
    eval at [native code]
+   evaler at stack-trace.js:29
+   global code at stack-trace.js:39
 --> Stack Trace:
 …
     at eval code
    eval at [native code]
+   evaler at stack-trace.js:29
+   global code at stack-trace.js:40
 --> Stack Trace:
 …
     at eval code
    eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
+    at eval code
+   eval at [native code]
+   selfRecursive3 at stack-trace.js:69
 --> Stack Trace:
 …
    g at stack-trace.js:140
    map at [native code]
+   global code at stack-trace.js:143
 --> Stack Trace:
 …
    g at stack-trace.js:140
    map at [native code]
+   global code at stack-trace.js:143
 --> Stack Trace:
 …
    g at stack-trace.js:140
    map at [native code]
+   global code at stack-trace.js:143
 --> Stack Trace:
 …
    g at stack-trace.js:140
    map at [native code]
+   global code at stack-trace.js:143
 --> Stack Trace:
    h at stack-trace.js:151
    map at [native code]
+   mapTest at stack-trace.js:158
+   mapTestDriver at stack-trace.js:164
+   global code at stack-trace.js:169
 --> Stack Trace:
    h at stack-trace.js:153
    map at [native code]
+   mapTest at stack-trace.js:158
+   mapTestDriver at stack-trace.js:164
+   global code at stack-trace.js:175
 --> Stack Trace:
 …
    dfgFunction at stack-trace.js:184
    map at [native code]
+   global code at stack-trace.js:193
 --> Stack Trace:

trunk/Source/JavaScriptCore/ChangeLog

-                      r109325
+                      r109461
+-03-01  Gavin Barraclough  <barraclough@apple.com>
+        ES5.1-15.3.5.4. prohibits Function.caller from [[Get]]ting a strict caller
+        https://bugs.webkit.org/show_bug.cgi?id=80011
+        Reviewed by Oliver Hunt.
+        Also, fix getting the caller from within a bound function, for within a getter,
+        or setter (make our implementation match other browsers).
+        * interpreter/Interpreter.cpp:
+        (JSC::getCallerInfo):
+            - Allow this to get the caller of host functions.
+        (JSC::Interpreter::retrieveCallerFromVMCode):
+            - This should use getCallerInfo, and should skip over function bindings.
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::callerGetter):
+            - This should never return a strict-mode function.
 -03-01  Yuqiang Xian  <yuqiang.xian@intel.com>

trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

-                      r109007
+                      r109461
 #include "JSActivation.h"
 #include "JSArray.h"
+#include "JSBoundFunction.h"
 #include "JSByteArray.h"
 #include "JSNotAnObject.h"
 …
     lineNumber = -1;
     ASSERT(!callFrame->hasHostCallFrameFlag());
     CallFrame* callerFrame = callFrame->codeBlock() ? callFrame->trueCallerFrame() : 0;
+    CallFrame* callerFrame = callFrame->codeBlock() ? callFrame->trueCallerFrame() : callFrame->callerFrame()->removeHostCallFrameFlag();
     bool callframeIsHost = callerFrame->addHostCallFrameFlag() == callFrame->callerFrame();
     ASSERT(!callerFrame->hasHostCallFrameFlag());
 …
+{
     CallFrame* functionCallFrame = findFunctionCallFrameFromVMCode(callFrame, function);
     if (!functionCallFrame)
         return jsNull();
+    if (functionCallFrame->callerFrame()->hasHostCallFrameFlag())
+    int lineNumber;
+    CallFrame* callerFrame = getCallerInfo(&callFrame->globalData(), functionCallFrame, lineNumber);
+    if (!callerFrame)
         return jsNull();
-    CallFrame* callerFrame = functionCallFrame->trueCallerFrame();
     JSValue caller = callerFrame->callee();
     if (!caller)
         return jsNull();
+    // Skip over function bindings.
+    ASSERT(caller.isObject());
+    while (asObject(caller)->inherits(&JSBoundFunction::s_info)) {
+        callerFrame = getCallerInfo(&callFrame->globalData(), callerFrame, lineNumber);
+        if (!callerFrame)
+            return jsNull();
+        caller = callerFrame->callee();
+        if (!caller)
+            return jsNull();
+    }
     return caller;

trunk/Source/JavaScriptCore/runtime/JSFunction.cpp

-                      r107445
+                      r109461
     JSFunction* thisObj = asFunction(slotBase);
     ASSERT(!thisObj->isHostFunction());
+    return exec->interpreter()->retrieveCallerFromVMCode(exec, thisObj);
+    JSValue caller = exec->interpreter()->retrieveCallerFromVMCode(exec, thisObj);
+    // See ES5.1 15.3.5.4 - Function.caller may not be used to retrieve a strict caller.
+    if (!caller.isObject() || !asObject(caller)->inherits(&JSFunction::s_info))
+        return caller;
+    JSFunction* function = asFunction(caller);
+    if (function->isHostFunction() || !function->jsExecutable()->isStrictMode())
+        return caller;
+    return throwTypeError(exec, "Function.caller used to retrieve strict caller");
+}

Note: See TracChangeset for help on using the changeset viewer.