1// Copyright 2016 the V8 project authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "src/api/api-inl.h"
6#include "src/builtins/builtins-utils-inl.h"
7#include "src/builtins/builtins.h"
8#include "src/codegen/code-factory.h"
9#include "src/codegen/compiler.h"
10#include "src/logging/counters.h"
11#include "src/numbers/conversions.h"
12#include "src/objects/api-callbacks.h"
13#include "src/objects/lookup.h"
14#include "src/objects/objects-inl.h"
15#include "src/strings/string-builder-inl.h"
16
17namespace v8 {
18namespace internal {
19
20namespace {
21
22// ES6 section 19.2.1.1.1 CreateDynamicFunction
23MaybeHandle<Object> CreateDynamicFunction(Isolate* isolate,
24                                          BuiltinArguments args,
25                                          const char* token) {
26  // Compute number of arguments, ignoring the receiver.
27  DCHECK_LE(1, args.length());
28  int const argc = args.length() - 1;
29
30  Handle<JSFunction> target = args.target();
31  Handle<JSObject> target_global_proxy(target->global_proxy(), isolate);
32
33  if (!Builtins::AllowDynamicFunction(isolate, target, target_global_proxy)) {
34    isolate->CountUsage(v8::Isolate::kFunctionConstructorReturnedUndefined);
35    // TODO(verwaest): We would like to throw using the calling context instead
36    // of the entered context but we don't currently have access to that.
37    HandleScopeImplementer* impl = isolate->handle_scope_implementer();
38    SaveAndSwitchContext save(
39        isolate, impl->LastEnteredOrMicrotaskContext()->native_context());
40    THROW_NEW_ERROR(isolate, NewTypeError(MessageTemplate::kNoAccess), Object);
41  }
42
43  // Build the source string.
44  Handle<String> source;
45  int parameters_end_pos = kNoSourcePosition;
46  {
47    IncrementalStringBuilder builder(isolate);
48    builder.AppendCharacter('(');
49    builder.AppendCString(token);
50    builder.AppendCStringLiteral(" anonymous(");
51    if (argc > 1) {
52      for (int i = 1; i < argc; ++i) {
53        if (i > 1) builder.AppendCharacter(',');
54        Handle<String> param;
55        ASSIGN_RETURN_ON_EXCEPTION(
56            isolate, param, Object::ToString(isolate, args.at(i)), Object);
57        param = String::Flatten(isolate, param);
58        builder.AppendString(param);
59      }
60    }
61    builder.AppendCharacter('\n');
62    parameters_end_pos = builder.Length();
63    builder.AppendCStringLiteral(") {\n");
64    if (argc > 0) {
65      Handle<String> body;
66      ASSIGN_RETURN_ON_EXCEPTION(
67          isolate, body, Object::ToString(isolate, args.at(argc)), Object);
68      builder.AppendString(body);
69    }
70    builder.AppendCStringLiteral("\n})");
71    ASSIGN_RETURN_ON_EXCEPTION(isolate, source, builder.Finish(), Object);
72  }
73
74  bool is_code_like = true;
75  for (int i = 0; i < argc; ++i) {
76    if (!args.at(i + 1)->IsCodeLike(isolate)) {
77      is_code_like = false;
78      break;
79    }
80  }
81
82  // Compile the string in the constructor and not a helper so that errors to
83  // come from here.
84  Handle<JSFunction> function;
85  {
86    ASSIGN_RETURN_ON_EXCEPTION(
87        isolate, function,
88        Compiler::GetFunctionFromString(
89            handle(target->native_context(), isolate), source,
90            ONLY_SINGLE_FUNCTION_LITERAL, parameters_end_pos, is_code_like),
91        Object);
92    Handle<Object> result;
93    ASSIGN_RETURN_ON_EXCEPTION(
94        isolate, result,
95        Execution::Call(isolate, function, target_global_proxy, 0, nullptr),
96        Object);
97    function = Handle<JSFunction>::cast(result);
98    function->shared().set_name_should_print_as_anonymous(true);
99  }
100
101  // If new.target is equal to target then the function created
102  // is already correctly setup and nothing else should be done
103  // here. But if new.target is not equal to target then we are
104  // have a Function builtin subclassing case and therefore the
105  // function has wrong initial map. To fix that we create a new
106  // function object with correct initial map.
107  Handle<Object> unchecked_new_target = args.new_target();
108  if (!unchecked_new_target->IsUndefined(isolate) &&
109      !unchecked_new_target.is_identical_to(target)) {
110    Handle<JSReceiver> new_target =
111        Handle<JSReceiver>::cast(unchecked_new_target);
112    Handle<Map> initial_map;
113    ASSIGN_RETURN_ON_EXCEPTION(
114        isolate, initial_map,
115        JSFunction::GetDerivedMap(isolate, target, new_target), Object);
116
117    Handle<SharedFunctionInfo> shared_info(function->shared(), isolate);
118    Handle<Map> map = Map::AsLanguageMode(isolate, initial_map, shared_info);
119
120    Handle<Context> context(function->context(), isolate);
121    function = Factory::JSFunctionBuilder{isolate, shared_info, context}
122                   .set_map(map)
123                   .set_allocation_type(AllocationType::kYoung)
124                   .Build();
125  }
126  return function;
127}
128
129}  // namespace
130
131// ES6 section 19.2.1.1 Function ( p1, p2, ... , pn, body )
132BUILTIN(FunctionConstructor) {
133  HandleScope scope(isolate);
134  Handle<Object> result;
135  ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
136      isolate, result, CreateDynamicFunction(isolate, args, "function"));
137  return *result;
138}
139
140// ES6 section 25.2.1.1 GeneratorFunction (p1, p2, ... , pn, body)
141BUILTIN(GeneratorFunctionConstructor) {
142  HandleScope scope(isolate);
143  RETURN_RESULT_OR_FAILURE(isolate,
144                           CreateDynamicFunction(isolate, args, "function*"));
145}
146
147BUILTIN(AsyncFunctionConstructor) {
148  HandleScope scope(isolate);
149  Handle<Object> maybe_func;
150  ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
151      isolate, maybe_func,
152      CreateDynamicFunction(isolate, args, "async function"));
153  if (!maybe_func->IsJSFunction()) return *maybe_func;
154
155  // Do not lazily compute eval position for AsyncFunction, as they may not be
156  // determined after the function is resumed.
157  Handle<JSFunction> func = Handle<JSFunction>::cast(maybe_func);
158  Handle<Script> script =
159      handle(Script::cast(func->shared().script()), isolate);
160  int position = Script::GetEvalPosition(isolate, script);
161  USE(position);
162
163  return *func;
164}
165
166BUILTIN(AsyncGeneratorFunctionConstructor) {
167  HandleScope scope(isolate);
168  Handle<Object> maybe_func;
169  ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
170      isolate, maybe_func,
171      CreateDynamicFunction(isolate, args, "async function*"));
172  if (!maybe_func->IsJSFunction()) return *maybe_func;
173
174  // Do not lazily compute eval position for AsyncFunction, as they may not be
175  // determined after the function is resumed.
176  Handle<JSFunction> func = Handle<JSFunction>::cast(maybe_func);
177  Handle<Script> script =
178      handle(Script::cast(func->shared().script()), isolate);
179  int position = Script::GetEvalPosition(isolate, script);
180  USE(position);
181
182  return *func;
183}
184
185namespace {
186
187Object DoFunctionBind(Isolate* isolate, BuiltinArguments args) {
188  HandleScope scope(isolate);
189  DCHECK_LE(1, args.length());
190  if (!args.receiver()->IsCallable()) {
191    THROW_NEW_ERROR_RETURN_FAILURE(
192        isolate, NewTypeError(MessageTemplate::kFunctionBind));
193  }
194
195  // Allocate the bound function with the given {this_arg} and {args}.
196  Handle<JSReceiver> target = args.at<JSReceiver>(0);
197  Handle<Object> this_arg = isolate->factory()->undefined_value();
198  base::ScopedVector<Handle<Object>> argv(std::max(0, args.length() - 2));
199  if (args.length() > 1) {
200    this_arg = args.at(1);
201    for (int i = 2; i < args.length(); ++i) {
202      argv[i - 2] = args.at(i);
203    }
204  }
205  Handle<JSBoundFunction> function;
206  ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
207      isolate, function,
208      isolate->factory()->NewJSBoundFunction(target, this_arg, argv));
209  Maybe<bool> result =
210      JSFunctionOrBoundFunctionOrWrappedFunction::CopyNameAndLength(
211          isolate, function, target, isolate->factory()->bound__string(),
212          argv.length());
213  if (result.IsNothing()) {
214    DCHECK(isolate->has_pending_exception());
215    return ReadOnlyRoots(isolate).exception();
216  }
217  return *function;
218}
219
220}  // namespace
221
222// ES6 section 19.2.3.2 Function.prototype.bind ( thisArg, ...args )
223BUILTIN(FunctionPrototypeBind) { return DoFunctionBind(isolate, args); }
224
225// ES6 section 19.2.3.5 Function.prototype.toString ( )
226BUILTIN(FunctionPrototypeToString) {
227  HandleScope scope(isolate);
228  Handle<Object> receiver = args.receiver();
229  if (receiver->IsJSBoundFunction()) {
230    return *JSBoundFunction::ToString(Handle<JSBoundFunction>::cast(receiver));
231  }
232  if (receiver->IsJSFunction()) {
233    return *JSFunction::ToString(Handle<JSFunction>::cast(receiver));
234  }
235  // With the revised toString behavior, all callable objects are valid
236  // receivers for this method.
237  if (receiver->IsJSReceiver() &&
238      JSReceiver::cast(*receiver).map().is_callable()) {
239    return ReadOnlyRoots(isolate).function_native_code_string();
240  }
241  THROW_NEW_ERROR_RETURN_FAILURE(
242      isolate, NewTypeError(MessageTemplate::kNotGeneric,
243                            isolate->factory()->NewStringFromAsciiChecked(
244                                "Function.prototype.toString"),
245                            isolate->factory()->Function_string()));
246}
247
248}  // namespace internal
249}  // namespace v8
250