[V8] Add a "fallback" mode for named property interceptors

By default interceptors are called before the normal property
resolution on objects.  When an interceptor is installed as a
"fallback" interceptor, it is only called if the object doesn't
already have the property.

In the case of a global object having an fallback interceptor,
the interceptor is not invoked at all for var or function
declarations.

Change-Id: Icf2b84aeca37358df22d6e2229dddd6ff6e1876e
Reviewed-by: Kent Hansen <kent.hansen@nokia.com>

7 files changed, 102 insertions, 20 deletions

diff --git a/src/3rdparty/v8/include/v8.h b/src/3rdparty/v8/include/v8.h
index 1456146..8c9ee35 100644
--- a/src/3rdparty/v8/include/v8.h
+++ b/src/3rdparty/v8/include/v8.h
@@ -2342,6 +2342,7 @@ class V8EXPORT FunctionTemplate : public Template {
                                        NamedPropertyQuery query,
                                        NamedPropertyDeleter remover,
                                        NamedPropertyEnumerator enumerator,
+                                       bool is_fallback,
                                        Handle<Value> data);
   void SetIndexedInstancePropertyHandler(IndexedPropertyGetter getter,
                                          IndexedPropertySetter setter,
@@ -2425,6 +2426,12 @@ class V8EXPORT ObjectTemplate : public Template {
                                NamedPropertyDeleter deleter = 0,
                                NamedPropertyEnumerator enumerator = 0,
                                Handle<Value> data = Handle<Value>());
+  void SetFallbackPropertyHandler(NamedPropertyGetter getter,
+                                  NamedPropertySetter setter = 0,
+                                  NamedPropertyQuery query = 0,
+                                  NamedPropertyDeleter deleter = 0,
+                                  NamedPropertyEnumerator enumerator = 0,
+                                  Handle<Value> data = Handle<Value>());
 
   /**
    * Sets an indexed property handler on the object template.
diff --git a/src/3rdparty/v8/src/api.cc b/src/3rdparty/v8/src/api.cc
index eb23093..d31269c 100644
--- a/src/3rdparty/v8/src/api.cc
+++ b/src/3rdparty/v8/src/api.cc
@@ -1152,6 +1152,7 @@ void FunctionTemplate::SetNamedInstancePropertyHandler(
       NamedPropertyQuery query,
       NamedPropertyDeleter remover,
       NamedPropertyEnumerator enumerator,
+      bool is_fallback,
       Handle<Value> data) {
   i::Isolate* isolate = Utils::OpenHandle(this)->GetIsolate();
   if (IsDeadCheck(isolate,
@@ -1170,6 +1171,7 @@ void FunctionTemplate::SetNamedInstancePropertyHandler(
   if (query != 0) SET_FIELD_WRAPPED(obj, set_query, query);
   if (remover != 0) SET_FIELD_WRAPPED(obj, set_deleter, remover);
   if (enumerator != 0) SET_FIELD_WRAPPED(obj, set_enumerator, enumerator);
+  obj->set_is_fallback(i::Smi::FromInt(is_fallback));
 
   if (data.IsEmpty()) data = v8::Undefined();
   obj->set_data(*Utils::OpenHandle(*data));
@@ -1314,6 +1316,33 @@ void ObjectTemplate::SetNamedPropertyHandler(NamedPropertyGetter getter,
                                                         query,
                                                         remover,
                                                         enumerator,
+                                                        false,
+                                                        data);
+}
+
+
+void ObjectTemplate::SetFallbackPropertyHandler(NamedPropertyGetter getter,
+                                                NamedPropertySetter setter,
+                                                NamedPropertyQuery query,
+                                                NamedPropertyDeleter remover,
+                                                NamedPropertyEnumerator enumerator,
+                                                Handle<Value> data) {
+  i::Isolate* isolate = Utils::OpenHandle(this)->GetIsolate();
+  if (IsDeadCheck(isolate, "v8::ObjectTemplate::SetNamedPropertyHandler()")) {
+    return;
+  }
+  ENTER_V8(isolate);
+  i::HandleScope scope(isolate);
+  EnsureConstructor(this);
+  i::FunctionTemplateInfo* constructor =
+      i::FunctionTemplateInfo::cast(Utils::OpenHandle(this)->constructor());
+  i::Handle<i::FunctionTemplateInfo> cons(constructor);
+  Utils::ToLocal(cons)->SetNamedInstancePropertyHandler(getter,
+                                                        setter,
+                                                        query,
+                                                        remover,
+                                                        enumerator,
+                                                        true,
                                                         data);
 }
 
diff --git a/src/3rdparty/v8/src/factory.cc b/src/3rdparty/v8/src/factory.cc
index 6bb7893..2d1535f 100644
--- a/src/3rdparty/v8/src/factory.cc
+++ b/src/3rdparty/v8/src/factory.cc
@@ -1295,6 +1295,10 @@ Handle<JSFunction> Factory::CreateApiFunction(
   // Set interceptor information in the map.
   if (!obj->named_property_handler()->IsUndefined()) {
     map->set_has_named_interceptor();
+    InterceptorInfo *nph = InterceptorInfo::cast(obj->named_property_handler());
+    bool is_fallback =
+        nph->is_fallback()->IsUndefined()?false:nph->is_fallback()->value();
+    map->set_named_interceptor_is_fallback(is_fallback);
   }
   if (!obj->indexed_property_handler()->IsUndefined()) {
     map->set_has_indexed_interceptor();
diff --git a/src/3rdparty/v8/src/objects-inl.h b/src/3rdparty/v8/src/objects-inl.h
index 1a5ef9e..b026288 100644
--- a/src/3rdparty/v8/src/objects-inl.h
+++ b/src/3rdparty/v8/src/objects-inl.h
@@ -2922,6 +2922,18 @@ bool Map::is_shared() {
   return ((1 << kIsShared) & bit_field3()) != 0;
 }
 
+void Map::set_named_interceptor_is_fallback(bool value) {
+  if (value) {
+    set_bit_field3(bit_field3() | (1 << kNamedInterceptorIsFallback));
+  } else {
+    set_bit_field3(bit_field3() & ~(1 << kNamedInterceptorIsFallback));
+  }
+}
+
+bool Map::named_interceptor_is_fallback() {
+  return ((1 << kNamedInterceptorIsFallback) & bit_field3()) != 0;
+}
+
 
 JSFunction* Map::unchecked_constructor() {
   return reinterpret_cast<JSFunction*>(READ_FIELD(this, kConstructorOffset));
@@ -3515,6 +3527,7 @@ ACCESSORS(InterceptorInfo, query, Object, kQueryOffset)
 ACCESSORS(InterceptorInfo, deleter, Object, kDeleterOffset)
 ACCESSORS(InterceptorInfo, enumerator, Object, kEnumeratorOffset)
 ACCESSORS(InterceptorInfo, data, Object, kDataOffset)
+ACCESSORS(InterceptorInfo, is_fallback, Smi, kFallbackOffset)
 
 ACCESSORS(CallHandlerInfo, callback, Object, kCallbackOffset)
 ACCESSORS(CallHandlerInfo, data, Object, kDataOffset)
diff --git a/src/3rdparty/v8/src/objects.cc b/src/3rdparty/v8/src/objects.cc
index 4e640bb..802cb7e 100644
--- a/src/3rdparty/v8/src/objects.cc
+++ b/src/3rdparty/v8/src/objects.cc
@@ -1940,9 +1940,11 @@ Handle<Object> JSReceiver::SetProperty(Handle<JSReceiver> object,
                                        Handle<String> key,
                                        Handle<Object> value,
                                        PropertyAttributes attributes,
-                                       StrictModeFlag strict_mode) {
+                                       StrictModeFlag strict_mode,
+                                       bool skip_fallback_interceptor) {
   CALL_HEAP_FUNCTION(object->GetIsolate(),
-                     object->SetProperty(*key, *value, attributes, strict_mode),
+                     object->SetProperty(*key, *value, attributes, strict_mode,
+                                         skip_fallback_interceptor),
                      Object);
 }
 
@@ -1950,9 +1952,10 @@ Handle<Object> JSReceiver::SetProperty(Handle<JSReceiver> object,
 MaybeObject* JSReceiver::SetProperty(String* name,
                                      Object* value,
                                      PropertyAttributes attributes,
-                                     StrictModeFlag strict_mode) {
+                                     StrictModeFlag strict_mode,
+                                     bool skip_fallback_interceptor) {
   LookupResult result(GetIsolate());
-  LocalLookup(name, &result);
+  LocalLookup(name, &result, skip_fallback_interceptor);
   return SetProperty(&result, name, value, attributes, strict_mode);
 }
 
@@ -4254,7 +4257,8 @@ AccessorDescriptor* Map::FindAccessor(String* name) {
 }
 
 
-void JSReceiver::LocalLookup(String* name, LookupResult* result) {
+void JSReceiver::LocalLookup(String* name, LookupResult* result,
+                             bool skip_fallback_interceptor) {
   ASSERT(name->IsString());
 
   Heap* heap = GetHeap();
@@ -4286,23 +4290,33 @@ void JSReceiver::LocalLookup(String* name, LookupResult* result) {
   }
 
   // Check for lookup interceptor except when bootstrapping.
-  if (js_object->HasNamedInterceptor() &&
-      !heap->isolate()->bootstrapper()->IsActive()) {
+  bool wouldIntercept = js_object->HasNamedInterceptor() &&
+                        !heap->isolate()->bootstrapper()->IsActive();
+  if (wouldIntercept && !map()->named_interceptor_is_fallback()) {
     result->InterceptorResult(js_object);
     return;
   }
 
   js_object->LocalLookupRealNamedProperty(name, result);
+
+  if (wouldIntercept && !skip_fallback_interceptor && !result->IsProperty() &&
+      map()->named_interceptor_is_fallback()) {
+    result->InterceptorResult(js_object);
+    return;
+  }
 }
 
 
-void JSReceiver::Lookup(String* name, LookupResult* result) {
+void JSReceiver::Lookup(String* name, LookupResult* result,
+                        bool skip_fallback_interceptor) {
   // Ecma-262 3rd 8.6.2.4
   Heap* heap = GetHeap();
   for (Object* current = this;
        current != heap->null_value();
        current = JSObject::cast(current)->GetPrototype()) {
-    JSReceiver::cast(current)->LocalLookup(name, result);
+    JSReceiver::cast(current)->LocalLookup(name,
+                                           result,
+                                           skip_fallback_interceptor);
     if (result->IsProperty()) return;
   }
   result->NotFound();
diff --git a/src/3rdparty/v8/src/objects.h b/src/3rdparty/v8/src/objects.h
index 6c15aed..d938c3f 100644
--- a/src/3rdparty/v8/src/objects.h
+++ b/src/3rdparty/v8/src/objects.h
@@ -1399,12 +1399,14 @@ class JSReceiver: public HeapObject {
                                     Handle<String> key,
                                     Handle<Object> value,
                                     PropertyAttributes attributes,
-                                    StrictModeFlag strict_mode);
+                                    StrictModeFlag strict_mode,
+                                    bool skip_fallback_interceptor = false);
   // Can cause GC.
   MUST_USE_RESULT MaybeObject* SetProperty(String* key,
                                            Object* value,
                                            PropertyAttributes attributes,
-                                           StrictModeFlag strict_mode);
+                                           StrictModeFlag strict_mode,
+                                           bool skip_fallback_interceptor = false);
   MUST_USE_RESULT MaybeObject* SetProperty(LookupResult* result,
                                            String* key,
                                            Object* value,
@@ -1457,8 +1459,12 @@ class JSReceiver: public HeapObject {
 
   // Lookup a property.  If found, the result is valid and has
   // detailed information.
-  void LocalLookup(String* name, LookupResult* result);
-  void Lookup(String* name, LookupResult* result);
+  void LocalLookup(String* name,
+                   LookupResult* result,
+                   bool skip_fallback_interceptor = false);
+  void Lookup(String* name,
+              LookupResult* result,
+              bool skip_fallback_interceptor = false);
 
  protected:
   Smi* GenerateIdentityHash();
@@ -4691,6 +4697,10 @@ class Map: public HeapObject {
   inline void set_is_access_check_needed(bool access_check_needed);
   inline bool is_access_check_needed();
 
+  // Whether the named interceptor is a fallback interceptor or not
+  inline void set_named_interceptor_is_fallback(bool value);
+  inline bool named_interceptor_is_fallback();
+
   // [prototype]: implicit prototype object.
   DECL_ACCESSORS(prototype, Object)
 
@@ -4963,6 +4973,7 @@ class Map: public HeapObject {
 
   // Bit positions for bit field 3
   static const int kIsShared = 0;
+  static const int kNamedInterceptorIsFallback = 1;
 
   // Layout of the default cache. It holds alternating name and code objects.
   static const int kCodeCacheEntrySize = 2;
@@ -8201,6 +8212,7 @@ class InterceptorInfo: public Struct {
   DECL_ACCESSORS(deleter, Object)
   DECL_ACCESSORS(enumerator, Object)
   DECL_ACCESSORS(data, Object)
+  DECL_ACCESSORS(is_fallback, Smi)
 
   static inline InterceptorInfo* cast(Object* obj);
 
@@ -8220,7 +8232,8 @@ class InterceptorInfo: public Struct {
   static const int kDeleterOffset = kQueryOffset + kPointerSize;
   static const int kEnumeratorOffset = kDeleterOffset + kPointerSize;
   static const int kDataOffset = kEnumeratorOffset + kPointerSize;
-  static const int kSize = kDataOffset + kPointerSize;
+  static const int kFallbackOffset = kDataOffset + kPointerSize;
+  static const int kSize = kFallbackOffset + kPointerSize;
 
  private:
   DISALLOW_IMPLICIT_CONSTRUCTORS(InterceptorInfo);
diff --git a/src/3rdparty/v8/src/runtime.cc b/src/3rdparty/v8/src/runtime.cc
index a42f90c..5adea6e 100644
--- a/src/3rdparty/v8/src/runtime.cc
+++ b/src/3rdparty/v8/src/runtime.cc
@@ -1301,9 +1301,9 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_DeclareGlobals) {
       // Do the lookup locally only, see ES5 errata.
       LookupResult lookup(isolate);
       if (FLAG_es52_globals)
-        global->LocalLookup(*name, &lookup);
+        global->LocalLookup(*name, &lookup, true);
       else
-        global->Lookup(*name, &lookup);
+        global->Lookup(*name, &lookup, true);
       if (lookup.IsProperty()) {
         // We found an existing property. Unless it was an interceptor
         // that claims the property is absent, skip this declaration.
@@ -1324,7 +1324,7 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_DeclareGlobals) {
     }
 
     LookupResult lookup(isolate);
-    global->LocalLookup(*name, &lookup);
+    global->LocalLookup(*name, &lookup, true);
 
     // Compute the property attributes. According to ECMA-262,
     // the property must be non-configurable except in eval.
@@ -1361,7 +1361,8 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_DeclareGlobals) {
       RETURN_IF_EMPTY_HANDLE(isolate,
           JSObject::SetProperty(
               global, name, value, static_cast<PropertyAttributes>(attr),
-              language_mode == CLASSIC_MODE ? kNonStrictMode : kStrictMode));
+              language_mode == CLASSIC_MODE ? kNonStrictMode : kStrictMode,
+              true));
     }
   }
 
@@ -1506,7 +1507,7 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_InitializeVarGlobal) {
   while (object->IsJSObject() &&
          JSObject::cast(object)->map()->is_hidden_prototype()) {
     JSObject* raw_holder = JSObject::cast(object);
-    raw_holder->LocalLookup(*name, &lookup);
+    raw_holder->LocalLookup(*name, &lookup, true);
     if (lookup.IsFound() && lookup.type() == INTERCEPTOR) {
       HandleScope handle_scope(isolate);
       Handle<JSObject> holder(raw_holder);
@@ -1529,7 +1530,8 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_InitializeVarGlobal) {
   // Reload global in case the loop above performed a GC.
   global = isolate->context()->global();
   if (assign) {
-    return global->SetProperty(*name, args[2], attributes, strict_mode_flag);
+    return global->SetProperty(
+        *name, args[2], attributes, strict_mode_flag, true);
   }
   return isolate->heap()->undefined_value();
 }