https://github.com/mozilla/gecko-dev
Tip revision: 1a4d31e18e4d05faf84f5783f8f5700076fcc560 authored by ffxbld on 14 July 2015, 20:18:11 UTC
No bug, Automated blocklist update from host bld-linux64-spot-305 - a=blocklist-update
No bug, Automated blocklist update from host bld-linux64-spot-305 - a=blocklist-update
Tip revision: 1a4d31e
jsproxy.h
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
* vim: set ts=8 sts=4 et sw=4 tw=99:
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef jsproxy_h
#define jsproxy_h
#include "mozilla/Maybe.h"
#include "jsfriendapi.h"
#include "js/CallNonGenericMethod.h"
#include "js/Class.h"
namespace js {
using JS::AutoIdVector;
using JS::CallArgs;
using JS::HandleId;
using JS::HandleObject;
using JS::HandleValue;
using JS::IsAcceptableThis;
using JS::MutableHandle;
using JS::MutableHandleObject;
using JS::MutableHandleValue;
using JS::NativeImpl;
using JS::PrivateValue;
using JS::Value;
class RegExpGuard;
class JS_FRIEND_API(Wrapper);
/*
* A proxy is a JSObject that implements generic behavior by providing custom
* implementations for each object trap. The implementation for each trap is
* provided by a C++ object stored on the proxy, known as its handler.
*
* A major use case for proxies is to forward each trap to another object,
* known as its target. The target can be an arbitrary C++ object. Not every
* proxy has the notion of a target, however.
*
* Proxy traps are grouped into fundamental and derived traps. Every proxy has
* to at least provide implementations for the fundamental traps, but the
* derived traps can be implemented in terms of the fundamental ones
* BaseProxyHandler provides implementations of the derived traps in terms of
* the (pure virtual) fundamental traps.
*
* In addition to the normal traps, there are two models for proxy prototype
* chains. First, proxies may opt to use the standard prototype mechanism used
* throughout the engine. To do so, simply pass a prototype to NewProxyObject()
* at creation time. All prototype accesses will then "just work" to treat the
* proxy as a "normal" object. Alternatively, if instead the proxy wishes to
* implement more complicated prototype semantics (if, for example, it wants to
* delegate the prototype lookup to a wrapped object), it may pass Proxy::LazyProto
* as the prototype at create time and opt in to the trapped prototype system,
* which guarantees that their trap will be called on any and every prototype
* chain access of the object.
*
* This system is implemented with two traps: {get,set}PrototypeOf. The default
* implementation of setPrototypeOf throws a TypeError. Since it is not possible
* to create an object without a sense of prototype chain, handler implementors
* must provide a getPrototypeOf trap if opting in to the dynamic prototype system.
*
* To minimize code duplication, a set of abstract proxy handler classes is
* provided, from which other handlers may inherit. These abstract classes
* are organized in the following hierarchy:
*
* BaseProxyHandler
* |
* DirectProxyHandler
* |
* Wrapper
*/
/*
* BaseProxyHandler is the most generic kind of proxy handler. It does not make
* any assumptions about the target. Consequently, it does not provide any
* default implementation for the fundamental traps. It does, however, implement
* the derived traps in terms of the fundamental ones. This allows consumers of
* this class to define any custom behavior they want.
*
* Important: If you add a trap here, you should probably also add a Proxy::foo
* entry point with an AutoEnterPolicy. If you don't, you need an explicit
* override for the trap in SecurityWrapper. See bug 945826 comment 0.
*/
class JS_FRIEND_API(BaseProxyHandler)
{
const void* mFamily;
/*
* Proxy handlers can use mHasPrototype to request the following special
* treatment from the JS engine:
*
* - When mHasPrototype is true, the engine never calls these methods:
* getPropertyDescriptor, has, set, enumerate, iterate. Instead, for
* these operations, it calls the "own" traps like
* getOwnPropertyDescriptor, hasOwn, defineProperty, keys, etc., and
* consults the prototype chain if needed.
*
* - When mHasPrototype is true, the engine calls handler->get() only if
* handler->hasOwn() says an own property exists on the proxy. If not,
* it consults the prototype chain.
*
* This is useful because it frees the ProxyHandler from having to implement
* any behavior having to do with the prototype chain.
*/
bool mHasPrototype;
/*
* All proxies indicate whether they have any sort of interesting security
* policy that might prevent the caller from doing something it wants to
* the object. In the case of wrappers, this distinction is used to
* determine whether the caller may strip off the wrapper if it so desires.
*/
bool mHasSecurityPolicy;
protected:
// Subclasses may set this in their constructor.
void setHasPrototype(bool aHasPrototype) { mHasPrototype = aHasPrototype; }
void setHasSecurityPolicy(bool aHasPolicy) { mHasSecurityPolicy = aHasPolicy; }
public:
explicit BaseProxyHandler(const void* family);
virtual ~BaseProxyHandler();
bool hasPrototype() {
return mHasPrototype;
}
bool hasSecurityPolicy() {
return mHasSecurityPolicy;
}
inline const void* family() {
return mFamily;
}
static size_t offsetOfFamily() {
return offsetof(BaseProxyHandler, mFamily);
}
virtual bool finalizeInBackground(Value priv) {
/*
* Called on creation of a proxy to determine whether its finalize
* method can be finalized on the background thread.
*/
return true;
}
/* Policy enforcement traps.
*
* enter() allows the policy to specify whether the caller may perform |act|
* on the proxy's |id| property. In the case when |act| is CALL, |id| is
* generally JSID_VOID.
*
* The |act| parameter to enter() specifies the action being performed.
* If |bp| is false, the trap suggests that the caller throw (though it
* may still decide to squelch the error).
*
* We make these OR-able so that assertEnteredPolicy can pass a union of them.
* For example, get{,Own}PropertyDescriptor is invoked by both calls to ::get()
* and ::set() (since we need to look up the accessor), so its
* assertEnteredPolicy would pass GET | SET.
*/
typedef uint32_t Action;
enum {
NONE = 0x00,
GET = 0x01,
SET = 0x02,
CALL = 0x04,
ENUMERATE = 0x08
};
virtual bool enter(JSContext* cx, HandleObject wrapper, HandleId id, Action act,
bool* bp);
/* ES5 Harmony fundamental proxy traps. */
virtual bool preventExtensions(JSContext* cx, HandleObject proxy) = 0;
virtual bool getPropertyDescriptor(JSContext* cx, HandleObject proxy, HandleId id,
MutableHandle<JSPropertyDescriptor> desc) = 0;
virtual bool getOwnPropertyDescriptor(JSContext* cx, HandleObject proxy,
HandleId id, MutableHandle<JSPropertyDescriptor> desc) = 0;
virtual bool defineProperty(JSContext* cx, HandleObject proxy, HandleId id,
MutableHandle<JSPropertyDescriptor> desc) = 0;
virtual bool getOwnPropertyNames(JSContext* cx, HandleObject proxy,
AutoIdVector& props) = 0;
virtual bool delete_(JSContext* cx, HandleObject proxy, HandleId id, bool* bp) = 0;
virtual bool enumerate(JSContext* cx, HandleObject proxy, AutoIdVector& props) = 0;
/* ES5 Harmony derived proxy traps. */
virtual bool has(JSContext* cx, HandleObject proxy, HandleId id, bool* bp);
virtual bool hasOwn(JSContext* cx, HandleObject proxy, HandleId id, bool* bp);
virtual bool get(JSContext* cx, HandleObject proxy, HandleObject receiver,
HandleId id, MutableHandleValue vp);
virtual bool set(JSContext* cx, HandleObject proxy, HandleObject receiver,
HandleId id, bool strict, MutableHandleValue vp);
virtual bool keys(JSContext* cx, HandleObject proxy, AutoIdVector& props);
virtual bool iterate(JSContext* cx, HandleObject proxy, unsigned flags,
MutableHandleValue vp);
/* Spidermonkey extensions. */
virtual bool isExtensible(JSContext* cx, HandleObject proxy, bool* extensible) = 0;
virtual bool call(JSContext* cx, HandleObject proxy, const CallArgs& args);
virtual bool construct(JSContext* cx, HandleObject proxy, const CallArgs& args);
virtual bool nativeCall(JSContext* cx, IsAcceptableThis test, NativeImpl impl, CallArgs args);
virtual bool hasInstance(JSContext* cx, HandleObject proxy, MutableHandleValue v, bool* bp);
virtual bool objectClassIs(HandleObject obj, ESClassValue classValue, JSContext* cx);
virtual const char* className(JSContext* cx, HandleObject proxy);
virtual JSString* fun_toString(JSContext* cx, HandleObject proxy, unsigned indent);
virtual bool regexp_toShared(JSContext* cx, HandleObject proxy, RegExpGuard* g);
virtual bool defaultValue(JSContext* cx, HandleObject obj, JSType hint, MutableHandleValue vp);
virtual void finalize(JSFreeOp* fop, JSObject* proxy);
virtual bool getPrototypeOf(JSContext* cx, HandleObject proxy, MutableHandleObject protop);
virtual bool setPrototypeOf(JSContext* cx, HandleObject proxy, HandleObject proto, bool* bp);
// These two hooks must be overridden, or not overridden, in tandem -- no
// overriding just one!
virtual bool watch(JSContext* cx, JS::HandleObject proxy, JS::HandleId id,
JS::HandleObject callable);
virtual bool unwatch(JSContext* cx, JS::HandleObject proxy, JS::HandleId id);
virtual bool slice(JSContext* cx, HandleObject proxy, uint32_t begin, uint32_t end,
HandleObject result);
/* See comment for weakmapKeyDelegateOp in js/Class.h. */
virtual JSObject* weakmapKeyDelegate(JSObject* proxy);
virtual bool isScripted() { return false; }
};
/*
* DirectProxyHandler includes a notion of a target object. All traps are
* reimplemented such that they forward their behavior to the target. This
* allows consumers of this class to forward to another object as transparently
* and efficiently as possible.
*
* Important: If you add a trap implementation here, you probably also need to
* add an override in CrossCompartmentWrapper. If you don't, you risk
* compartment mismatches. See bug 945826 comment 0.
*/
class JS_PUBLIC_API(DirectProxyHandler) : public BaseProxyHandler
{
public:
explicit DirectProxyHandler(const void* family);
/* ES5 Harmony fundamental proxy traps. */
virtual bool preventExtensions(JSContext* cx, HandleObject proxy) MOZ_OVERRIDE;
virtual bool getPropertyDescriptor(JSContext* cx, HandleObject proxy, HandleId id,
MutableHandle<JSPropertyDescriptor> desc) MOZ_OVERRIDE;
virtual bool getOwnPropertyDescriptor(JSContext* cx, HandleObject proxy, HandleId id,
MutableHandle<JSPropertyDescriptor> desc) MOZ_OVERRIDE;
virtual bool defineProperty(JSContext* cx, HandleObject proxy, HandleId id,
MutableHandle<JSPropertyDescriptor> desc) MOZ_OVERRIDE;
virtual bool getOwnPropertyNames(JSContext* cx, HandleObject proxy,
AutoIdVector& props) MOZ_OVERRIDE;
virtual bool delete_(JSContext* cx, HandleObject proxy, HandleId id,
bool* bp) MOZ_OVERRIDE;
virtual bool enumerate(JSContext* cx, HandleObject proxy,
AutoIdVector& props) MOZ_OVERRIDE;
/* ES5 Harmony derived proxy traps. */
virtual bool has(JSContext* cx, HandleObject proxy, HandleId id,
bool* bp) MOZ_OVERRIDE;
virtual bool hasOwn(JSContext* cx, HandleObject proxy, HandleId id,
bool* bp) MOZ_OVERRIDE;
virtual bool get(JSContext* cx, HandleObject proxy, HandleObject receiver,
HandleId id, MutableHandleValue vp) MOZ_OVERRIDE;
virtual bool set(JSContext* cx, HandleObject proxy, HandleObject receiver,
HandleId id, bool strict, MutableHandleValue vp) MOZ_OVERRIDE;
virtual bool keys(JSContext* cx, HandleObject proxy,
AutoIdVector& props) MOZ_OVERRIDE;
virtual bool iterate(JSContext* cx, HandleObject proxy, unsigned flags,
MutableHandleValue vp) MOZ_OVERRIDE;
/* Spidermonkey extensions. */
virtual bool isExtensible(JSContext* cx, HandleObject proxy, bool* extensible) MOZ_OVERRIDE;
virtual bool call(JSContext* cx, HandleObject proxy, const CallArgs& args) MOZ_OVERRIDE;
virtual bool construct(JSContext* cx, HandleObject proxy, const CallArgs& args) MOZ_OVERRIDE;
virtual bool nativeCall(JSContext* cx, IsAcceptableThis test, NativeImpl impl,
CallArgs args) MOZ_OVERRIDE;
virtual bool hasInstance(JSContext* cx, HandleObject proxy, MutableHandleValue v,
bool* bp) MOZ_OVERRIDE;
virtual bool getPrototypeOf(JSContext* cx, HandleObject proxy, MutableHandleObject protop);
virtual bool setPrototypeOf(JSContext* cx, HandleObject proxy, HandleObject proto, bool* bp);
virtual bool objectClassIs(HandleObject obj, ESClassValue classValue,
JSContext* cx) MOZ_OVERRIDE;
virtual const char* className(JSContext* cx, HandleObject proxy) MOZ_OVERRIDE;
virtual JSString* fun_toString(JSContext* cx, HandleObject proxy,
unsigned indent) MOZ_OVERRIDE;
virtual bool regexp_toShared(JSContext* cx, HandleObject proxy,
RegExpGuard* g) MOZ_OVERRIDE;
virtual JSObject* weakmapKeyDelegate(JSObject* proxy);
};
/*
* Dispatch point for handlers that executes the appropriate C++ or scripted traps.
*
* Important: All proxy traps need either (a) an AutoEnterPolicy in their
* Proxy::foo entry point below or (b) an override in SecurityWrapper. See bug
* 945826 comment 0.
*/
class Proxy
{
public:
/* ES5 Harmony fundamental proxy traps. */
static bool preventExtensions(JSContext* cx, HandleObject proxy);
static bool getPropertyDescriptor(JSContext* cx, HandleObject proxy, HandleId id,
MutableHandle<JSPropertyDescriptor> desc);
static bool getPropertyDescriptor(JSContext* cx, HandleObject proxy, HandleId id,
MutableHandleValue vp);
static bool getOwnPropertyDescriptor(JSContext* cx, HandleObject proxy, HandleId id,
MutableHandle<JSPropertyDescriptor> desc);
static bool getOwnPropertyDescriptor(JSContext* cx, HandleObject proxy, HandleId id,
MutableHandleValue vp);
static bool defineProperty(JSContext* cx, HandleObject proxy, HandleId id,
MutableHandle<JSPropertyDescriptor> desc);
static bool defineProperty(JSContext* cx, HandleObject proxy, HandleId id, HandleValue v);
static bool getOwnPropertyNames(JSContext* cx, HandleObject proxy, AutoIdVector& props);
static bool delete_(JSContext* cx, HandleObject proxy, HandleId id, bool* bp);
static bool enumerate(JSContext* cx, HandleObject proxy, AutoIdVector& props);
/* ES5 Harmony derived proxy traps. */
static bool has(JSContext* cx, HandleObject proxy, HandleId id, bool* bp);
static bool hasOwn(JSContext* cx, HandleObject proxy, HandleId id, bool* bp);
static bool get(JSContext* cx, HandleObject proxy, HandleObject receiver, HandleId id,
MutableHandleValue vp);
static bool set(JSContext* cx, HandleObject proxy, HandleObject receiver, HandleId id,
bool strict, MutableHandleValue vp);
static bool keys(JSContext* cx, HandleObject proxy, AutoIdVector& props);
static bool iterate(JSContext* cx, HandleObject proxy, unsigned flags, MutableHandleValue vp);
/* Spidermonkey extensions. */
static bool isExtensible(JSContext* cx, HandleObject proxy, bool* extensible);
static bool call(JSContext* cx, HandleObject proxy, const CallArgs& args);
static bool construct(JSContext* cx, HandleObject proxy, const CallArgs& args);
static bool nativeCall(JSContext* cx, IsAcceptableThis test, NativeImpl impl, CallArgs args);
static bool hasInstance(JSContext* cx, HandleObject proxy, MutableHandleValue v, bool* bp);
static bool objectClassIs(HandleObject obj, ESClassValue classValue, JSContext* cx);
static const char* className(JSContext* cx, HandleObject proxy);
static JSString* fun_toString(JSContext* cx, HandleObject proxy, unsigned indent);
static bool regexp_toShared(JSContext* cx, HandleObject proxy, RegExpGuard* g);
static bool defaultValue(JSContext* cx, HandleObject obj, JSType hint, MutableHandleValue vp);
static bool getPrototypeOf(JSContext* cx, HandleObject proxy, MutableHandleObject protop);
static bool setPrototypeOf(JSContext* cx, HandleObject proxy, HandleObject proto, bool* bp);
static bool watch(JSContext* cx, HandleObject proxy, HandleId id, HandleObject callable);
static bool unwatch(JSContext* cx, HandleObject proxy, HandleId id);
static bool slice(JSContext* cx, HandleObject obj, uint32_t begin, uint32_t end,
HandleObject result);
/* IC entry path for handling __noSuchMethod__ on access. */
static bool callProp(JSContext* cx, HandleObject proxy, HandleObject reveiver, HandleId id,
MutableHandleValue vp);
};
// Use these in places where you don't want to #include vm/ProxyObject.h.
extern JS_FRIEND_DATA(const js::Class* const) CallableProxyClassPtr;
extern JS_FRIEND_DATA(const js::Class* const) UncallableProxyClassPtr;
inline bool IsProxy(JSObject* obj)
{
return GetObjectClass(obj)->isProxy();
}
/*
* These are part of the API.
*
* NOTE: PROXY_PRIVATE_SLOT is 0 because that way slot 0 is usable by API
* clients for both proxy and non-proxy objects. So an API client that only
* needs to store one slot's worth of data doesn't need to branch on what sort
* of object it has.
*/
const uint32_t PROXY_PRIVATE_SLOT = 0;
const uint32_t PROXY_HANDLER_SLOT = 1;
const uint32_t PROXY_EXTRA_SLOT = 2;
const uint32_t PROXY_MINIMUM_SLOTS = 4;
inline BaseProxyHandler*
GetProxyHandler(JSObject* obj)
{
JS_ASSERT(IsProxy(obj));
return (BaseProxyHandler*) GetReservedSlot(obj, PROXY_HANDLER_SLOT).toPrivate();
}
inline const Value&
GetProxyPrivate(JSObject* obj)
{
JS_ASSERT(IsProxy(obj));
return GetReservedSlot(obj, PROXY_PRIVATE_SLOT);
}
inline JSObject*
GetProxyTargetObject(JSObject* obj)
{
JS_ASSERT(IsProxy(obj));
return GetProxyPrivate(obj).toObjectOrNull();
}
inline const Value&
GetProxyExtra(JSObject* obj, size_t n)
{
JS_ASSERT(IsProxy(obj));
return GetReservedSlot(obj, PROXY_EXTRA_SLOT + n);
}
inline void
SetProxyHandler(JSObject* obj, BaseProxyHandler* handler)
{
JS_ASSERT(IsProxy(obj));
SetReservedSlot(obj, PROXY_HANDLER_SLOT, PrivateValue(handler));
}
inline void
SetProxyExtra(JSObject* obj, size_t n, const Value& extra)
{
JS_ASSERT(IsProxy(obj));
JS_ASSERT(n <= 1);
SetReservedSlot(obj, PROXY_EXTRA_SLOT + n, extra);
}
inline bool
IsScriptedProxy(JSObject* obj)
{
return IsProxy(obj) && GetProxyHandler(obj)->isScripted();
}
class MOZ_STACK_CLASS ProxyOptions {
protected:
/* protected constructor for subclass */
ProxyOptions(bool singletonArg, const Class* claspArg)
: singleton_(singletonArg),
clasp_(claspArg)
{}
public:
ProxyOptions() : singleton_(false),
clasp_(UncallableProxyClassPtr)
{}
bool singleton() const { return singleton_; }
ProxyOptions& setSingleton(bool flag) {
singleton_ = flag;
return *this;
}
const Class* clasp() const {
return clasp_;
}
ProxyOptions& setClass(const Class* claspArg) {
clasp_ = claspArg;
return *this;
}
ProxyOptions& selectDefaultClass(bool callable) {
const Class* classp = callable? CallableProxyClassPtr :
UncallableProxyClassPtr;
return setClass(classp);
}
private:
bool singleton_;
const Class* clasp_;
};
JS_FRIEND_API(JSObject*)
NewProxyObject(JSContext* cx, BaseProxyHandler* handler, HandleValue priv,
JSObject* proto, JSObject* parent, const ProxyOptions& options = ProxyOptions());
JSObject*
RenewProxyObject(JSContext* cx, JSObject* obj, BaseProxyHandler* handler, Value priv);
class JS_FRIEND_API(AutoEnterPolicy)
{
public:
typedef BaseProxyHandler::Action Action;
AutoEnterPolicy(JSContext* cx, BaseProxyHandler* handler,
HandleObject wrapper, HandleId id, Action act, bool mayThrow)
#ifdef JS_DEBUG
: context(nullptr)
#endif
{
allow = handler->hasSecurityPolicy() ? handler->enter(cx, wrapper, id, act, &rv)
: true;
recordEnter(cx, wrapper, id, act);
// We want to throw an exception if all of the following are true:
// * The policy disallowed access.
// * The policy set rv to false, indicating that we should throw.
// * The caller did not instruct us to ignore exceptions.
// * The policy did not throw itself.
if (!allow && !rv && mayThrow)
reportErrorIfExceptionIsNotPending(cx, id);
}
virtual ~AutoEnterPolicy() { recordLeave(); }
inline bool allowed() { return allow; }
inline bool returnValue() { JS_ASSERT(!allowed()); return rv; }
protected:
// no-op constructor for subclass
AutoEnterPolicy()
#ifdef JS_DEBUG
: context(nullptr)
, enteredAction(BaseProxyHandler::NONE)
#endif
{};
void reportErrorIfExceptionIsNotPending(JSContext* cx, jsid id);
bool allow;
bool rv;
#ifdef JS_DEBUG
JSContext* context;
mozilla::Maybe<HandleObject> enteredProxy;
mozilla::Maybe<HandleId> enteredId;
Action enteredAction;
// NB: We explicitly don't track the entered action here, because sometimes
// SET traps do an implicit GET during their implementation, leading to
// spurious assertions.
AutoEnterPolicy* prev;
void recordEnter(JSContext* cx, HandleObject proxy, HandleId id, Action act);
void recordLeave();
friend JS_FRIEND_API(void) assertEnteredPolicy(JSContext* cx, JSObject* proxy, jsid id, Action act);
#else
inline void recordEnter(JSContext* cx, JSObject* proxy, jsid id, Action act) {}
inline void recordLeave() {}
#endif
};
#ifdef JS_DEBUG
class JS_FRIEND_API(AutoWaivePolicy) : public AutoEnterPolicy {
public:
AutoWaivePolicy(JSContext* cx, HandleObject proxy, HandleId id,
BaseProxyHandler::Action act)
{
allow = true;
recordEnter(cx, proxy, id, act);
}
};
#else
class JS_FRIEND_API(AutoWaivePolicy) {
public:
AutoWaivePolicy(JSContext* cx, HandleObject proxy, HandleId id,
BaseProxyHandler::Action act)
{}
};
#endif
#ifdef JS_DEBUG
extern JS_FRIEND_API(void)
assertEnteredPolicy(JSContext* cx, JSObject* obj, jsid id,
BaseProxyHandler::Action act);
#else
inline void assertEnteredPolicy(JSContext* cx, JSObject* obj, jsid id,
BaseProxyHandler::Action act)
{};
#endif
} /* namespace js */
extern JS_FRIEND_API(JSObject*)
js_InitProxyClass(JSContext* cx, JS::HandleObject obj);
#endif /* jsproxy_h */