summaryrefslogtreecommitdiffstats
path: root/js/src/proxy/ScriptedProxyHandler.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'js/src/proxy/ScriptedProxyHandler.cpp')
-rw-r--r--js/src/proxy/ScriptedProxyHandler.cpp1428
1 files changed, 1428 insertions, 0 deletions
diff --git a/js/src/proxy/ScriptedProxyHandler.cpp b/js/src/proxy/ScriptedProxyHandler.cpp
new file mode 100644
index 000000000..776547337
--- /dev/null
+++ b/js/src/proxy/ScriptedProxyHandler.cpp
@@ -0,0 +1,1428 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ * vim: set ts=8 sts=4 et sw=4 tw=99:
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "proxy/ScriptedProxyHandler.h"
+
+#include "jsapi.h"
+
+#include "vm/Interpreter.h" // For InstanceOfOperator
+
+#include "jsobjinlines.h"
+#include "vm/NativeObject-inl.h"
+
+using namespace js;
+
+using JS::IsArrayAnswer;
+using mozilla::ArrayLength;
+
+// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93
+// 9.1.6.2 IsCompatiblePropertyDescriptor. BUT that method just calls
+// 9.1.6.3 ValidateAndApplyPropertyDescriptor with two additional constant
+// arguments. Therefore step numbering is from the latter method, and
+// resulting dead code has been removed.
+static bool
+IsCompatiblePropertyDescriptor(JSContext* cx, bool extensible, Handle<PropertyDescriptor> desc,
+ Handle<PropertyDescriptor> current, bool* bp)
+{
+ // Step 2.
+ if (!current.object()) {
+ // Step 2a-b,e. As |O| is always undefined, steps 2c-d fall away.
+ *bp = extensible;
+ return true;
+ }
+
+ // Step 3.
+ if (!desc.hasValue() && !desc.hasWritable() &&
+ !desc.hasGetterObject() && !desc.hasSetterObject() &&
+ !desc.hasEnumerable() && !desc.hasConfigurable())
+ {
+ *bp = true;
+ return true;
+ }
+
+ // Step 4.
+ if ((!desc.hasWritable() ||
+ (current.hasWritable() && desc.writable() == current.writable())) &&
+ (!desc.hasGetterObject() || desc.getter() == current.getter()) &&
+ (!desc.hasSetterObject() || desc.setter() == current.setter()) &&
+ (!desc.hasEnumerable() || desc.enumerable() == current.enumerable()) &&
+ (!desc.hasConfigurable() || desc.configurable() == current.configurable()))
+ {
+ if (!desc.hasValue()) {
+ *bp = true;
+ return true;
+ }
+ bool same = false;
+ if (!SameValue(cx, desc.value(), current.value(), &same))
+ return false;
+ if (same) {
+ *bp = true;
+ return true;
+ }
+ }
+
+ // Step 5.
+ if (!current.configurable()) {
+ // Step 5a.
+ if (desc.hasConfigurable() && desc.configurable()) {
+ *bp = false;
+ return true;
+ }
+
+ // Step 5b.
+ if (desc.hasEnumerable() && desc.enumerable() != current.enumerable()) {
+ *bp = false;
+ return true;
+ }
+ }
+
+ // Step 6.
+ if (desc.isGenericDescriptor()) {
+ *bp = true;
+ return true;
+ }
+
+ // Step 7.
+ if (current.isDataDescriptor() != desc.isDataDescriptor()) {
+ // Steps 7a, 11. As |O| is always undefined, steps 2b-c fall away.
+ *bp = current.configurable();
+ return true;
+ }
+
+ // Step 8.
+ if (current.isDataDescriptor()) {
+ MOZ_ASSERT(desc.isDataDescriptor()); // by step 7
+ if (!current.configurable() && !current.writable()) {
+ if (desc.hasWritable() && desc.writable()) {
+ *bp = false;
+ return true;
+ }
+
+ if (desc.hasValue()) {
+ bool same;
+ if (!SameValue(cx, desc.value(), current.value(), &same))
+ return false;
+ if (!same) {
+ *bp = false;
+ return true;
+ }
+ }
+ }
+
+ *bp = true;
+ return true;
+ }
+
+ // Step 9.
+ MOZ_ASSERT(current.isAccessorDescriptor()); // by step 8
+ MOZ_ASSERT(desc.isAccessorDescriptor()); // by step 7
+ *bp = (current.configurable() ||
+ ((!desc.hasSetterObject() || desc.setter() == current.setter()) &&
+ (!desc.hasGetterObject() || desc.getter() == current.getter())));
+ return true;
+}
+
+// Get the [[ProxyHandler]] of a scripted proxy.
+/* static */ JSObject*
+ScriptedProxyHandler::handlerObject(const JSObject* proxy)
+{
+ MOZ_ASSERT(proxy->as<ProxyObject>().handler() == &ScriptedProxyHandler::singleton);
+ return proxy->as<ProxyObject>().extra(ScriptedProxyHandler::HANDLER_EXTRA).toObjectOrNull();
+}
+
+// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 7.3.9 GetMethod,
+// reimplemented for proxy handler trap-getting to produce better error
+// messages.
+static bool
+GetProxyTrap(JSContext* cx, HandleObject handler, HandlePropertyName name, MutableHandleValue func)
+{
+ // Steps 2, 5.
+ if (!GetProperty(cx, handler, handler, name, func))
+ return false;
+
+ // Step 3.
+ if (func.isUndefined())
+ return true;
+
+ if (func.isNull()) {
+ func.setUndefined();
+ return true;
+ }
+
+ // Step 4.
+ if (!IsCallable(func)) {
+ JSAutoByteString bytes(cx, name);
+ if (!bytes)
+ return false;
+
+ JS_ReportErrorNumberLatin1(cx, GetErrorMessage, nullptr, JSMSG_BAD_TRAP, bytes.ptr());
+ return false;
+ }
+
+ return true;
+}
+
+// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.1 Proxy.[[GetPrototypeOf]].
+bool
+ScriptedProxyHandler::getPrototype(JSContext* cx, HandleObject proxy,
+ MutableHandleObject protop) const
+{
+ // Steps 1-3.
+ RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy));
+ if (!handler) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED);
+ return false;
+ }
+
+ // Step 4.
+ RootedObject target(cx, proxy->as<ProxyObject>().target());
+ MOZ_ASSERT(target);
+
+ // Step 5.
+ RootedValue trap(cx);
+ if (!GetProxyTrap(cx, handler, cx->names().getPrototypeOf, &trap))
+ return false;
+
+ // Step 6.
+ if (trap.isUndefined())
+ return GetPrototype(cx, target, protop);
+
+ // Step 7.
+ RootedValue handlerProto(cx);
+ {
+ FixedInvokeArgs<1> args(cx);
+
+ args[0].setObject(*target);
+
+ handlerProto.setObject(*handler);
+
+ if (!js::Call(cx, trap, handlerProto, args, &handlerProto))
+ return false;
+ }
+
+ // Step 8.
+ if (!handlerProto.isObjectOrNull()) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr,
+ JSMSG_BAD_GETPROTOTYPEOF_TRAP_RETURN);
+ return false;
+ }
+
+ // Step 9.
+ bool extensibleTarget;
+ if (!IsExtensible(cx, target, &extensibleTarget))
+ return false;
+
+ // Step 10.
+ if (extensibleTarget) {
+ protop.set(handlerProto.toObjectOrNull());
+ return true;
+ }
+
+ // Step 11.
+ RootedObject targetProto(cx);
+ if (!GetPrototype(cx, target, &targetProto))
+ return false;
+
+ // Step 12.
+ if (handlerProto.toObjectOrNull() != targetProto) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr,
+ JSMSG_INCONSISTENT_GETPROTOTYPEOF_TRAP);
+ return false;
+ }
+
+ // Step 13.
+ protop.set(handlerProto.toObjectOrNull());
+ return true;
+}
+
+// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.2 Proxy.[[SetPrototypeOf]].
+bool
+ScriptedProxyHandler::setPrototype(JSContext* cx, HandleObject proxy, HandleObject proto,
+ ObjectOpResult& result) const
+{
+ // Steps 1-4.
+ RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy));
+ if (!handler) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED);
+ return false;
+ }
+
+ // Step 5.
+ RootedObject target(cx, proxy->as<ProxyObject>().target());
+ MOZ_ASSERT(target);
+
+ // Step 6.
+ RootedValue trap(cx);
+ if (!GetProxyTrap(cx, handler, cx->names().setPrototypeOf, &trap))
+ return false;
+
+ // Step 7.
+ if (trap.isUndefined())
+ return SetPrototype(cx, target, proto, result);
+
+ // Step 8.
+ bool booleanTrapResult;
+ {
+ FixedInvokeArgs<2> args(cx);
+
+ args[0].setObject(*target);
+ args[1].setObjectOrNull(proto);
+
+ RootedValue hval(cx, ObjectValue(*handler));
+ if (!js::Call(cx, trap, hval, args, &hval))
+ return false;
+
+ booleanTrapResult = ToBoolean(hval);
+ }
+
+ // Step 9.
+ if (!booleanTrapResult)
+ return result.fail(JSMSG_PROXY_SETPROTOTYPEOF_RETURNED_FALSE);
+
+ // Step 10.
+ bool extensibleTarget;
+ if (!IsExtensible(cx, target, &extensibleTarget))
+ return false;
+
+ // Step 11.
+ if (extensibleTarget)
+ return result.succeed();
+
+ // Step 12.
+ RootedObject targetProto(cx);
+ if (!GetPrototype(cx, target, &targetProto))
+ return false;
+
+ // Step 13.
+ if (proto != targetProto) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr,
+ JSMSG_INCONSISTENT_SETPROTOTYPEOF_TRAP);
+ return false;
+ }
+
+ // Step 14.
+ return result.succeed();
+}
+
+bool
+ScriptedProxyHandler::getPrototypeIfOrdinary(JSContext* cx, HandleObject proxy, bool* isOrdinary,
+ MutableHandleObject protop) const
+{
+ *isOrdinary = false;
+ return true;
+}
+
+// Not yet part of ES6, but hopefully to be standards-tracked -- and needed to
+// handle revoked proxies in any event.
+bool
+ScriptedProxyHandler::setImmutablePrototype(JSContext* cx, HandleObject proxy,
+ bool* succeeded) const
+{
+ RootedObject target(cx, proxy->as<ProxyObject>().target());
+ if (!target) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED);
+ return false;
+ }
+
+ return SetImmutablePrototype(cx, target, succeeded);
+}
+
+// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.4 Proxy.[[PreventExtensions]]()
+bool
+ScriptedProxyHandler::preventExtensions(JSContext* cx, HandleObject proxy,
+ ObjectOpResult& result) const
+{
+ // Steps 1-3.
+ RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy));
+ if (!handler) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED);
+ return false;
+ }
+
+ // Step 4.
+ RootedObject target(cx, proxy->as<ProxyObject>().target());
+ MOZ_ASSERT(target);
+
+ // Step 5.
+ RootedValue trap(cx);
+ if (!GetProxyTrap(cx, handler, cx->names().preventExtensions, &trap))
+ return false;
+
+ // Step 6.
+ if (trap.isUndefined())
+ return PreventExtensions(cx, target, result);
+
+ // Step 7.
+ bool booleanTrapResult;
+ {
+ RootedValue arg(cx, ObjectValue(*target));
+ RootedValue trapResult(cx);
+ if (!Call(cx, trap, handler, arg, &trapResult))
+ return false;
+
+ booleanTrapResult = ToBoolean(trapResult);
+ }
+
+ // Step 8.
+ if (booleanTrapResult) {
+ // Step 8a.
+ bool targetIsExtensible;
+ if (!IsExtensible(cx, target, &targetIsExtensible))
+ return false;
+
+ if (targetIsExtensible) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr,
+ JSMSG_CANT_REPORT_AS_NON_EXTENSIBLE);
+ return false;
+ }
+
+ // Step 9.
+ return result.succeed();
+ }
+
+ // Also step 9.
+ return result.fail(JSMSG_PROXY_PREVENTEXTENSIONS_RETURNED_FALSE);
+}
+
+// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.3 Proxy.[[IsExtensible]]()
+bool
+ScriptedProxyHandler::isExtensible(JSContext* cx, HandleObject proxy, bool* extensible) const
+{
+ // Steps 1-3.
+ RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy));
+ if (!handler) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED);
+ return false;
+ }
+
+ // Step 4.
+ RootedObject target(cx, proxy->as<ProxyObject>().target());
+ MOZ_ASSERT(target);
+
+ // Step 5.
+ RootedValue trap(cx);
+ if (!GetProxyTrap(cx, handler, cx->names().isExtensible, &trap))
+ return false;
+
+ // Step 6.
+ if (trap.isUndefined())
+ return IsExtensible(cx, target, extensible);
+
+ // Step 7.
+ bool booleanTrapResult;
+ {
+ RootedValue arg(cx, ObjectValue(*target));
+ RootedValue trapResult(cx);
+ if (!Call(cx, trap, handler, arg, &trapResult))
+ return false;
+
+ booleanTrapResult = ToBoolean(trapResult);
+ }
+
+ // Steps 8.
+ bool targetResult;
+ if (!IsExtensible(cx, target, &targetResult))
+ return false;
+
+ // Step 9.
+ if (targetResult != booleanTrapResult) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_EXTENSIBILITY);
+ return false;
+ }
+
+ // Step 10.
+ *extensible = booleanTrapResult;
+ return true;
+}
+
+// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.5 Proxy.[[GetOwnProperty]](P)
+bool
+ScriptedProxyHandler::getOwnPropertyDescriptor(JSContext* cx, HandleObject proxy, HandleId id,
+ MutableHandle<PropertyDescriptor> desc) const
+{
+ // Steps 2-4.
+ RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy));
+ if (!handler) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED);
+ return false;
+ }
+
+ // Step 5.
+ RootedObject target(cx, proxy->as<ProxyObject>().target());
+ MOZ_ASSERT(target);
+
+ // Step 6.
+ RootedValue trap(cx);
+ if (!GetProxyTrap(cx, handler, cx->names().getOwnPropertyDescriptor, &trap))
+ return false;
+
+ // Step 7.
+ if (trap.isUndefined())
+ return GetOwnPropertyDescriptor(cx, target, id, desc);
+
+ // Step 8.
+ RootedValue propKey(cx);
+ if (!IdToStringOrSymbol(cx, id, &propKey))
+ return false;
+
+ RootedValue trapResult(cx);
+ RootedValue targetVal(cx, ObjectValue(*target));
+ if (!Call(cx, trap, handler, targetVal, propKey, &trapResult))
+ return false;
+
+ // Step 9.
+ if (!trapResult.isUndefined() && !trapResult.isObject()) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_GETOWN_OBJORUNDEF);
+ return false;
+ }
+
+ // Step 10.
+ Rooted<PropertyDescriptor> targetDesc(cx);
+ if (!GetOwnPropertyDescriptor(cx, target, id, &targetDesc))
+ return false;
+
+ // Step 11.
+ if (trapResult.isUndefined()) {
+ // Step 11a.
+ if (!targetDesc.object()) {
+ desc.object().set(nullptr);
+ return true;
+ }
+
+ // Step 11b.
+ if (!targetDesc.configurable()) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_REPORT_NC_AS_NE);
+ return false;
+ }
+
+ // Steps 11c-d.
+ bool extensibleTarget;
+ if (!IsExtensible(cx, target, &extensibleTarget))
+ return false;
+
+ // Step 11e.
+ if (!extensibleTarget) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_REPORT_E_AS_NE);
+ return false;
+ }
+
+ // Step 11f.
+ desc.object().set(nullptr);
+ return true;
+ }
+
+ // Step 12.
+ bool extensibleTarget;
+ if (!IsExtensible(cx, target, &extensibleTarget))
+ return false;
+
+ // Step 13.
+ Rooted<PropertyDescriptor> resultDesc(cx);
+ if (!ToPropertyDescriptor(cx, trapResult, true, &resultDesc))
+ return false;
+
+ // Step 14.
+ CompletePropertyDescriptor(&resultDesc);
+
+ // Step 15.
+ bool valid;
+ if (!IsCompatiblePropertyDescriptor(cx, extensibleTarget, resultDesc, targetDesc, &valid))
+ return false;
+
+ // Step 16.
+ if (!valid) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_REPORT_INVALID);
+ return false;
+ }
+
+ // Step 17.
+ if (!resultDesc.configurable()) {
+ if (!targetDesc.object()) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_REPORT_NE_AS_NC);
+ return false;
+ }
+
+ if (targetDesc.configurable()) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_REPORT_C_AS_NC);
+ return false;
+ }
+ }
+
+ // Step 18.
+ desc.set(resultDesc);
+ desc.object().set(proxy);
+ return true;
+}
+
+// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.6 Proxy.[[DefineOwnProperty]](P, Desc)
+bool
+ScriptedProxyHandler::defineProperty(JSContext* cx, HandleObject proxy, HandleId id,
+ Handle<PropertyDescriptor> desc, ObjectOpResult& result) const
+{
+ // Steps 2-4.
+ RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy));
+ if (!handler) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED);
+ return false;
+ }
+
+ // Step 5.
+ RootedObject target(cx, proxy->as<ProxyObject>().target());
+ MOZ_ASSERT(target);
+
+ // Step 6.
+ RootedValue trap(cx);
+ if (!GetProxyTrap(cx, handler, cx->names().defineProperty, &trap))
+ return false;
+
+ // Step 7.
+ if (trap.isUndefined())
+ return DefineProperty(cx, target, id, desc, result);
+
+ // Step 8.
+ RootedValue descObj(cx);
+ if (!FromPropertyDescriptorToObject(cx, desc, &descObj))
+ return false;
+
+ // Step 9.
+ RootedValue propKey(cx);
+ if (!IdToStringOrSymbol(cx, id, &propKey))
+ return false;
+
+ RootedValue trapResult(cx);
+ {
+ FixedInvokeArgs<3> args(cx);
+
+ args[0].setObject(*target);
+ args[1].set(propKey);
+ args[2].set(descObj);
+
+ RootedValue thisv(cx, ObjectValue(*handler));
+ if (!Call(cx, trap, thisv, args, &trapResult))
+ return false;
+ }
+
+ // Step 10.
+ if (!ToBoolean(trapResult))
+ return result.fail(JSMSG_PROXY_DEFINE_RETURNED_FALSE);
+
+ // Step 11.
+ Rooted<PropertyDescriptor> targetDesc(cx);
+ if (!GetOwnPropertyDescriptor(cx, target, id, &targetDesc))
+ return false;
+
+ // Step 12.
+ bool extensibleTarget;
+ if (!IsExtensible(cx, target, &extensibleTarget))
+ return false;
+
+ // Steps 13-14.
+ bool settingConfigFalse = desc.hasConfigurable() && !desc.configurable();
+
+ // Steps 15-16.
+ if (!targetDesc.object()) {
+ // Step 15a.
+ if (!extensibleTarget) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_DEFINE_NEW);
+ return false;
+ }
+
+ // Step 15b.
+ if (settingConfigFalse) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_DEFINE_NE_AS_NC);
+ return false;
+ }
+ } else {
+ // Steps 16a-b.
+ bool valid;
+ if (!IsCompatiblePropertyDescriptor(cx, extensibleTarget, desc, targetDesc, &valid))
+ return false;
+
+ if (!valid || (settingConfigFalse && targetDesc.configurable())) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_DEFINE_INVALID);
+ return false;
+ }
+ }
+
+ // Step 17.
+ return result.succeed();
+}
+
+// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93
+// 7.3.17 CreateListFromArrayLike with elementTypes fixed to symbol/string.
+static bool
+CreateFilteredListFromArrayLike(JSContext* cx, HandleValue v, AutoIdVector& props)
+{
+ // Step 2.
+ RootedObject obj(cx, NonNullObject(cx, v));
+ if (!obj)
+ return false;
+
+ // Step 3.
+ uint32_t len;
+ if (!GetLengthProperty(cx, obj, &len))
+ return false;
+
+ // Steps 4-6.
+ RootedValue next(cx);
+ RootedId id(cx);
+ uint32_t index = 0;
+ while (index < len) {
+ // Steps 6a-b.
+ if (!GetElement(cx, obj, obj, index, &next))
+ return false;
+
+ // Step 6c.
+ if (!next.isString() && !next.isSymbol()) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_ONWKEYS_STR_SYM);
+ return false;
+ }
+
+ if (!ValueToId<CanGC>(cx, next, &id))
+ return false;
+
+ // Step 6d.
+ if (!props.append(id))
+ return false;
+
+ // Step 6e.
+ index++;
+ }
+
+ // Step 7.
+ return true;
+}
+
+
+// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.11 Proxy.[[OwnPropertyKeys]]()
+bool
+ScriptedProxyHandler::ownPropertyKeys(JSContext* cx, HandleObject proxy, AutoIdVector& props) const
+{
+ // Steps 1-3.
+ RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy));
+ if (!handler) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED);
+ return false;
+ }
+
+ // Step 4.
+ RootedObject target(cx, proxy->as<ProxyObject>().target());
+ MOZ_ASSERT(target);
+
+ // Step 5.
+ RootedValue trap(cx);
+ if (!GetProxyTrap(cx, handler, cx->names().ownKeys, &trap))
+ return false;
+
+ // Step 6.
+ if (trap.isUndefined())
+ return GetPropertyKeys(cx, target, JSITER_OWNONLY | JSITER_HIDDEN | JSITER_SYMBOLS, &props);
+
+ // Step 7.
+ RootedValue trapResultArray(cx);
+ RootedValue targetVal(cx, ObjectValue(*target));
+ if (!Call(cx, trap, handler, targetVal, &trapResultArray))
+ return false;
+
+ // Step 8.
+ AutoIdVector trapResult(cx);
+ if (!CreateFilteredListFromArrayLike(cx, trapResultArray, trapResult))
+ return false;
+
+ // Step 9.
+ bool extensibleTarget;
+ if (!IsExtensible(cx, target, &extensibleTarget))
+ return false;
+
+ // Steps 10-11.
+ AutoIdVector targetKeys(cx);
+ if (!GetPropertyKeys(cx, target, JSITER_OWNONLY | JSITER_HIDDEN | JSITER_SYMBOLS, &targetKeys))
+ return false;
+
+ // Steps 12-13.
+ AutoIdVector targetConfigurableKeys(cx);
+ AutoIdVector targetNonconfigurableKeys(cx);
+
+ // Step 14.
+ Rooted<PropertyDescriptor> desc(cx);
+ for (size_t i = 0; i < targetKeys.length(); ++i) {
+ // Step 14a.
+ if (!GetOwnPropertyDescriptor(cx, target, targetKeys[i], &desc))
+ return false;
+
+ // Steps 14b-c.
+ if (desc.object() && !desc.configurable()) {
+ if (!targetNonconfigurableKeys.append(targetKeys[i]))
+ return false;
+ } else {
+ if (!targetConfigurableKeys.append(targetKeys[i]))
+ return false;
+ }
+ }
+
+ // Step 15.
+ if (extensibleTarget && targetNonconfigurableKeys.empty())
+ return props.appendAll(trapResult);
+
+ // Step 16.
+ // The algorithm below always removes all occurences of the same key
+ // at once, so we can use a set here.
+ Rooted<GCHashSet<jsid>> uncheckedResultKeys(cx, GCHashSet<jsid>(cx));
+ if (!uncheckedResultKeys.init(trapResult.length()))
+ return false;
+
+ for (size_t i = 0, len = trapResult.length(); i < len; i++) {
+ MOZ_ASSERT(!JSID_IS_VOID(trapResult[i]));
+
+ if (!uncheckedResultKeys.put(trapResult[i]))
+ return false;
+ }
+
+ // Step 17.
+ for (size_t i = 0; i < targetNonconfigurableKeys.length(); ++i) {
+ MOZ_ASSERT(!JSID_IS_VOID(targetNonconfigurableKeys[i]));
+
+ auto ptr = uncheckedResultKeys.lookup(targetNonconfigurableKeys[i]);
+
+ // Step 17a.
+ if (!ptr) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_SKIP_NC);
+ return false;
+ }
+
+ // Step 17b.
+ uncheckedResultKeys.remove(ptr);
+ }
+
+ // Step 18.
+ if (extensibleTarget)
+ return props.appendAll(trapResult);
+
+ // Step 19.
+ for (size_t i = 0; i < targetConfigurableKeys.length(); ++i) {
+ MOZ_ASSERT(!JSID_IS_VOID(targetConfigurableKeys[i]));
+
+ auto ptr = uncheckedResultKeys.lookup(targetConfigurableKeys[i]);
+
+ // Step 19a.
+ if (!ptr) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_REPORT_E_AS_NE);
+ return false;
+ }
+
+ // Step 19b.
+ uncheckedResultKeys.remove(ptr);
+ }
+
+ // Step 20.
+ if (!uncheckedResultKeys.empty()) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_REPORT_NEW);
+ return false;
+ }
+
+ // Step 21.
+ return props.appendAll(trapResult);
+}
+
+// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.10 Proxy.[[Delete]](P)
+bool
+ScriptedProxyHandler::delete_(JSContext* cx, HandleObject proxy, HandleId id,
+ ObjectOpResult& result) const
+{
+ // Steps 2-4.
+ RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy));
+ if (!handler) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED);
+ return false;
+ }
+
+ // Step 5.
+ RootedObject target(cx, proxy->as<ProxyObject>().target());
+ MOZ_ASSERT(target);
+
+ // Step 6.
+ RootedValue trap(cx);
+ if (!GetProxyTrap(cx, handler, cx->names().deleteProperty, &trap))
+ return false;
+
+ // Step 7.
+ if (trap.isUndefined())
+ return DeleteProperty(cx, target, id, result);
+
+ // Step 8.
+ bool booleanTrapResult;
+ {
+ RootedValue value(cx);
+ if (!IdToStringOrSymbol(cx, id, &value))
+ return false;
+
+ RootedValue targetVal(cx, ObjectValue(*target));
+ RootedValue trapResult(cx);
+ if (!Call(cx, trap, handler, targetVal, value, &trapResult))
+ return false;
+
+ booleanTrapResult = ToBoolean(trapResult);
+ }
+
+ // Step 9.
+ if (!booleanTrapResult)
+ return result.fail(JSMSG_PROXY_DELETE_RETURNED_FALSE);
+
+ // Step 10.
+ Rooted<PropertyDescriptor> desc(cx);
+ if (!GetOwnPropertyDescriptor(cx, target, id, &desc))
+ return false;
+
+ // Step 12.
+ if (desc.object() && !desc.configurable()) {
+ RootedValue v(cx, IdToValue(id));
+ ReportValueError(cx, JSMSG_CANT_DELETE, JSDVG_IGNORE_STACK, v, nullptr);
+ return false;
+ }
+
+ // Steps 11,13.
+ return result.succeed();
+}
+
+// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.7 Proxy.[[HasProperty]](P)
+bool
+ScriptedProxyHandler::has(JSContext* cx, HandleObject proxy, HandleId id, bool* bp) const
+{
+ // Steps 2-4.
+ RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy));
+ if (!handler) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED);
+ return false;
+ }
+
+ // Step 5.
+ RootedObject target(cx, proxy->as<ProxyObject>().target());
+ MOZ_ASSERT(target);
+
+ // Step 6.
+ RootedValue trap(cx);
+ if (!GetProxyTrap(cx, handler, cx->names().has, &trap))
+ return false;
+
+ // Step 7.
+ if (trap.isUndefined())
+ return HasProperty(cx, target, id, bp);
+
+ // Step 8.
+ RootedValue value(cx);
+ if (!IdToStringOrSymbol(cx, id, &value))
+ return false;
+
+ RootedValue trapResult(cx);
+ RootedValue targetVal(cx, ObjectValue(*target));
+ if (!Call(cx, trap, handler, targetVal, value, &trapResult))
+ return false;
+
+ bool booleanTrapResult = ToBoolean(trapResult);
+
+ // Step 9.
+ if (!booleanTrapResult) {
+ // Step 9a.
+ Rooted<PropertyDescriptor> desc(cx);
+ if (!GetOwnPropertyDescriptor(cx, target, id, &desc))
+ return false;
+
+ // Step 9b.
+ if (desc.object()) {
+ // Step 9b(i).
+ if (!desc.configurable()) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_REPORT_NC_AS_NE);
+ return false;
+ }
+
+ // Step 9b(ii).
+ bool extensible;
+ if (!IsExtensible(cx, target, &extensible))
+ return false;
+
+ // Step 9b(iii).
+ if (!extensible) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_REPORT_E_AS_NE);
+ return false;
+ }
+ }
+ }
+
+ // Step 10.
+ *bp = booleanTrapResult;
+ return true;
+}
+
+// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.8 Proxy.[[GetP]](P, Receiver)
+bool
+ScriptedProxyHandler::get(JSContext* cx, HandleObject proxy, HandleValue receiver, HandleId id,
+ MutableHandleValue vp) const
+{
+ // Steps 2-4.
+ RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy));
+ if (!handler) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED);
+ return false;
+ }
+
+ // Step 5.
+ RootedObject target(cx, proxy->as<ProxyObject>().target());
+ MOZ_ASSERT(target);
+
+ // Steps 6.
+ RootedValue trap(cx);
+ if (!GetProxyTrap(cx, handler, cx->names().get, &trap))
+ return false;
+
+ // Step 7.
+ if (trap.isUndefined())
+ return GetProperty(cx, target, receiver, id, vp);
+
+ // Step 8.
+ RootedValue value(cx);
+ if (!IdToStringOrSymbol(cx, id, &value))
+ return false;
+
+ RootedValue trapResult(cx);
+ {
+ FixedInvokeArgs<3> args(cx);
+
+ args[0].setObject(*target);
+ args[1].set(value);
+ args[2].set(receiver);
+
+ RootedValue thisv(cx, ObjectValue(*handler));
+ if (!Call(cx, trap, thisv, args, &trapResult))
+ return false;
+ }
+
+ // Step 9.
+ Rooted<PropertyDescriptor> desc(cx);
+ if (!GetOwnPropertyDescriptor(cx, target, id, &desc))
+ return false;
+
+ // Step 10.
+ if (desc.object()) {
+ // Step 10a.
+ if (desc.isDataDescriptor() && !desc.configurable() && !desc.writable()) {
+ bool same;
+ if (!SameValue(cx, trapResult, desc.value(), &same))
+ return false;
+ if (!same) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_MUST_REPORT_SAME_VALUE);
+ return false;
+ }
+ }
+
+ // Step 10b.
+ if (desc.isAccessorDescriptor() && !desc.configurable() && desc.getterObject() == nullptr) {
+ if (!trapResult.isUndefined()) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_MUST_REPORT_UNDEFINED);
+ return false;
+ }
+ }
+ }
+
+ // Step 11.
+ vp.set(trapResult);
+ return true;
+}
+
+// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.9 Proxy.[[Set]](P, V, Receiver)
+bool
+ScriptedProxyHandler::set(JSContext* cx, HandleObject proxy, HandleId id, HandleValue v,
+ HandleValue receiver, ObjectOpResult& result) const
+{
+ // Steps 2-4.
+ RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy));
+ if (!handler) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED);
+ return false;
+ }
+
+ // Step 5.
+ RootedObject target(cx, proxy->as<ProxyObject>().target());
+ MOZ_ASSERT(target);
+
+ // Step 6.
+ RootedValue trap(cx);
+ if (!GetProxyTrap(cx, handler, cx->names().set, &trap))
+ return false;
+
+ // Step 7.
+ if (trap.isUndefined())
+ return SetProperty(cx, target, id, v, receiver, result);
+
+ // Step 8.
+ RootedValue value(cx);
+ if (!IdToStringOrSymbol(cx, id, &value))
+ return false;
+
+ RootedValue trapResult(cx);
+ {
+ FixedInvokeArgs<4> args(cx);
+
+ args[0].setObject(*target);
+ args[1].set(value);
+ args[2].set(v);
+ args[3].set(receiver);
+
+ RootedValue thisv(cx, ObjectValue(*handler));
+ if (!Call(cx, trap, thisv, args, &trapResult))
+ return false;
+ }
+
+ // Step 9.
+ if (!ToBoolean(trapResult))
+ return result.fail(JSMSG_PROXY_SET_RETURNED_FALSE);
+
+ // Step 10.
+ Rooted<PropertyDescriptor> desc(cx);
+ if (!GetOwnPropertyDescriptor(cx, target, id, &desc))
+ return false;
+
+ // Step 11.
+ if (desc.object()) {
+ // Step 11a.
+ if (desc.isDataDescriptor() && !desc.configurable() && !desc.writable()) {
+ bool same;
+ if (!SameValue(cx, v, desc.value(), &same))
+ return false;
+ if (!same) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_SET_NW_NC);
+ return false;
+ }
+ }
+
+ // Step 11b.
+ if (desc.isAccessorDescriptor() && !desc.configurable() && desc.setterObject() == nullptr) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_SET_WO_SETTER);
+ return false;
+ }
+ }
+
+ // Step 12.
+ return result.succeed();
+}
+
+// ES7 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.13 Proxy.[[Call]]
+bool
+ScriptedProxyHandler::call(JSContext* cx, HandleObject proxy, const CallArgs& args) const
+{
+ // Steps 1-3.
+ RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy));
+ if (!handler) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED);
+ return false;
+ }
+
+ // Step 4.
+ RootedObject target(cx, proxy->as<ProxyObject>().target());
+ MOZ_ASSERT(target);
+ MOZ_ASSERT(target->isCallable());
+
+ // Step 5.
+ RootedValue trap(cx);
+ if (!GetProxyTrap(cx, handler, cx->names().apply, &trap))
+ return false;
+
+ // Step 6.
+ if (trap.isUndefined()) {
+ InvokeArgs iargs(cx);
+ if (!FillArgumentsFromArraylike(cx, iargs, args))
+ return false;
+
+ RootedValue fval(cx, ObjectValue(*target));
+ return js::Call(cx, fval, args.thisv(), iargs, args.rval());
+ }
+
+ // Step 7.
+ RootedObject argArray(cx, NewDenseCopiedArray(cx, args.length(), args.array()));
+ if (!argArray)
+ return false;
+
+ // Step 8.
+ FixedInvokeArgs<3> iargs(cx);
+
+ iargs[0].setObject(*target);
+ iargs[1].set(args.thisv());
+ iargs[2].setObject(*argArray);
+
+ RootedValue thisv(cx, ObjectValue(*handler));
+ return js::Call(cx, trap, thisv, iargs, args.rval());
+}
+
+// ES7 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.14 Proxy.[[Construct]]
+bool
+ScriptedProxyHandler::construct(JSContext* cx, HandleObject proxy, const CallArgs& args) const
+{
+ // Steps 1-3.
+ RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy));
+ if (!handler) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED);
+ return false;
+ }
+
+ // Step 4.
+ RootedObject target(cx, proxy->as<ProxyObject>().target());
+ MOZ_ASSERT(target);
+ MOZ_ASSERT(target->isConstructor());
+
+ // Step 5.
+ RootedValue trap(cx);
+ if (!GetProxyTrap(cx, handler, cx->names().construct, &trap))
+ return false;
+
+ // Step 6.
+ if (trap.isUndefined()) {
+ ConstructArgs cargs(cx);
+ if (!FillArgumentsFromArraylike(cx, cargs, args))
+ return false;
+
+ RootedValue targetv(cx, ObjectValue(*target));
+ RootedObject obj(cx);
+ if (!Construct(cx, targetv, cargs, args.newTarget(), &obj))
+ return false;
+
+ args.rval().setObject(*obj);
+ return true;
+ }
+
+ // Step 7.
+ RootedObject argArray(cx, NewDenseCopiedArray(cx, args.length(), args.array()));
+ if (!argArray)
+ return false;
+
+ // Steps 8, 10.
+ {
+ FixedInvokeArgs<3> iargs(cx);
+
+ iargs[0].setObject(*target);
+ iargs[1].setObject(*argArray);
+ iargs[2].set(args.newTarget());
+
+ RootedValue thisv(cx, ObjectValue(*handler));
+ if (!Call(cx, trap, thisv, iargs, args.rval()))
+ return false;
+ }
+
+ // Step 9.
+ if (!args.rval().isObject()) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_CONSTRUCT_OBJECT);
+ return false;
+ }
+
+ return true;
+}
+
+bool
+ScriptedProxyHandler::nativeCall(JSContext* cx, IsAcceptableThis test, NativeImpl impl,
+ const CallArgs& args) const
+{
+ ReportIncompatible(cx, args);
+ return false;
+}
+
+bool
+ScriptedProxyHandler::hasInstance(JSContext* cx, HandleObject proxy, MutableHandleValue v,
+ bool* bp) const
+{
+ return InstanceOfOperator(cx, proxy, v, bp);
+}
+
+bool
+ScriptedProxyHandler::getBuiltinClass(JSContext* cx, HandleObject proxy,
+ ESClass* cls) const
+{
+ *cls = ESClass::Other;
+ return true;
+}
+
+bool
+ScriptedProxyHandler::isArray(JSContext* cx, HandleObject proxy, IsArrayAnswer* answer) const
+{
+ RootedObject target(cx, proxy->as<ProxyObject>().target());
+ if (target)
+ return JS::IsArray(cx, target, answer);
+
+ *answer = IsArrayAnswer::RevokedProxy;
+ return true;
+}
+
+const char*
+ScriptedProxyHandler::className(JSContext* cx, HandleObject proxy) const
+{
+ // Right now the caller is not prepared to handle failures.
+ return BaseProxyHandler::className(cx, proxy);
+}
+
+JSString*
+ScriptedProxyHandler::fun_toString(JSContext* cx, HandleObject proxy, unsigned indent) const
+{
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_INCOMPATIBLE_PROTO,
+ js_Function_str, js_toString_str, "object");
+ return nullptr;
+}
+
+bool
+ScriptedProxyHandler::regexp_toShared(JSContext* cx, HandleObject proxy, RegExpGuard* g) const
+{
+ MOZ_CRASH("Should not end up in ScriptedProxyHandler::regexp_toShared");
+ return false;
+}
+
+bool
+ScriptedProxyHandler::boxedValue_unbox(JSContext* cx, HandleObject proxy,
+ MutableHandleValue vp) const
+{
+ MOZ_CRASH("Should not end up in ScriptedProxyHandler::boxedValue_unbox");
+ return false;
+}
+
+bool
+ScriptedProxyHandler::isCallable(JSObject* obj) const
+{
+ MOZ_ASSERT(obj->as<ProxyObject>().handler() == &ScriptedProxyHandler::singleton);
+ uint32_t callConstruct = obj->as<ProxyObject>().extra(IS_CALLCONSTRUCT_EXTRA).toPrivateUint32();
+ return !!(callConstruct & IS_CALLABLE);
+}
+
+bool
+ScriptedProxyHandler::isConstructor(JSObject* obj) const
+{
+ MOZ_ASSERT(obj->as<ProxyObject>().handler() == &ScriptedProxyHandler::singleton);
+ uint32_t callConstruct = obj->as<ProxyObject>().extra(IS_CALLCONSTRUCT_EXTRA).toPrivateUint32();
+ return !!(callConstruct & IS_CONSTRUCTOR);
+}
+
+const char ScriptedProxyHandler::family = 0;
+const ScriptedProxyHandler ScriptedProxyHandler::singleton;
+
+bool
+IsRevokedScriptedProxy(JSObject* obj)
+{
+ obj = CheckedUnwrap(obj);
+ return obj && IsScriptedProxy(obj) && !obj->as<ProxyObject>().target();
+}
+
+// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.14 ProxyCreate.
+static bool
+ProxyCreate(JSContext* cx, CallArgs& args, const char* callerName)
+{
+ if (args.length() < 2) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_MORE_ARGS_NEEDED,
+ callerName, "1", "s");
+ return false;
+ }
+
+ // Step 1.
+ RootedObject target(cx, NonNullObject(cx, args[0]));
+ if (!target)
+ return false;
+
+ // Step 2.
+ if (IsRevokedScriptedProxy(target)) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_ARG_REVOKED, "1");
+ return false;
+ }
+
+ // Step 3.
+ RootedObject handler(cx, NonNullObject(cx, args[1]));
+ if (!handler)
+ return false;
+
+ // Step 4.
+ if (IsRevokedScriptedProxy(handler)) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_ARG_REVOKED, "2");
+ return false;
+ }
+
+ // Steps 5-6, 8.
+ RootedValue priv(cx, ObjectValue(*target));
+ JSObject* proxy_ =
+ NewProxyObject(cx, &ScriptedProxyHandler::singleton, priv, TaggedProto::LazyProto);
+ if (!proxy_)
+ return false;
+
+ // Step 9 (reordered).
+ Rooted<ProxyObject*> proxy(cx, &proxy_->as<ProxyObject>());
+ proxy->setExtra(ScriptedProxyHandler::HANDLER_EXTRA, ObjectValue(*handler));
+
+ // Step 7.
+ uint32_t callable = target->isCallable() ? ScriptedProxyHandler::IS_CALLABLE : 0;
+ uint32_t constructor = target->isConstructor() ? ScriptedProxyHandler::IS_CONSTRUCTOR : 0;
+ proxy->setExtra(ScriptedProxyHandler::IS_CALLCONSTRUCT_EXTRA,
+ PrivateUint32Value(callable | constructor));
+
+ // Step 10.
+ args.rval().setObject(*proxy);
+ return true;
+}
+
+bool
+js::proxy(JSContext* cx, unsigned argc, Value* vp)
+{
+ CallArgs args = CallArgsFromVp(argc, vp);
+
+ if (!ThrowIfNotConstructing(cx, args, "Proxy"))
+ return false;
+
+ return ProxyCreate(cx, args, "Proxy");
+}
+
+static bool
+RevokeProxy(JSContext* cx, unsigned argc, Value* vp)
+{
+ CallArgs args = CallArgsFromVp(argc, vp);
+
+ RootedFunction func(cx, &args.callee().as<JSFunction>());
+ RootedObject p(cx, func->getExtendedSlot(ScriptedProxyHandler::REVOKE_SLOT).toObjectOrNull());
+
+ if (p) {
+ func->setExtendedSlot(ScriptedProxyHandler::REVOKE_SLOT, NullValue());
+
+ MOZ_ASSERT(p->is<ProxyObject>());
+
+ p->as<ProxyObject>().setSameCompartmentPrivate(NullValue());
+ p->as<ProxyObject>().setExtra(ScriptedProxyHandler::HANDLER_EXTRA, NullValue());
+ }
+
+ args.rval().setUndefined();
+ return true;
+}
+
+bool
+js::proxy_revocable(JSContext* cx, unsigned argc, Value* vp)
+{
+ CallArgs args = CallArgsFromVp(argc, vp);
+
+ if (!ProxyCreate(cx, args, "Proxy.revocable"))
+ return false;
+
+ RootedValue proxyVal(cx, args.rval());
+ MOZ_ASSERT(proxyVal.toObject().is<ProxyObject>());
+
+ RootedObject revoker(cx, NewFunctionByIdWithReserved(cx, RevokeProxy, 0, 0,
+ AtomToId(cx->names().revoke)));
+ if (!revoker)
+ return false;
+
+ revoker->as<JSFunction>().initExtendedSlot(ScriptedProxyHandler::REVOKE_SLOT, proxyVal);
+
+ RootedPlainObject result(cx, NewBuiltinClassInstance<PlainObject>(cx));
+ if (!result)
+ return false;
+
+ RootedValue revokeVal(cx, ObjectValue(*revoker));
+ if (!DefineProperty(cx, result, cx->names().proxy, proxyVal) ||
+ !DefineProperty(cx, result, cx->names().revoke, revokeVal))
+ {
+ return false;
+ }
+
+ args.rval().setObject(*result);
+ return true;
+}