qt/qtdeclarative.git/src/qml/jsruntime/qv4booleanobject.cpp, branch dev Qt Declarative (Quick 2) CRA review qml/jsruntime 2025-09-16T13:17:44+00:00 Fabian Kosmale fabian.kosmale@qt.io 2025-08-26T15:35:24+00:00 22df353c14800d2e9b6d57a9a0cb9c6baa337999 This relies heavily on the documented fact that we only support trusted QML/JS content, meaning most files are only significant, not critical. This also extends to the handling of qmlc files (as in compilationunitmapper), as we store them in a user owned, non-shared cache directory – so any vulnerability there would already mean that an attacker has write-priviledges on user data. An exception is ArrayBuffer, which can be used with arbitrary user data, and should create a valid QBA. Fixes: QTBUG-136970 Pick-to: 6.10 6.9 6.8 QUIP: 23 Change-Id: I22033fe6ab4acf8362a8183e25b92331d45cb32c Reviewed-by: Ulf Hermann <ulf.hermann@qt.io> 
This relies heavily on the documented fact that we only support trusted
QML/JS content, meaning most files are only significant, not critical.
This also extends to the handling of qmlc files (as in
compilationunitmapper), as we store them in a user owned, non-shared
cache directory – so any vulnerability there would already mean that an
attacker has write-priviledges on user data.

An exception is ArrayBuffer, which can be used with arbitrary user data,
and should create a valid QBA.

Fixes: QTBUG-136970
Pick-to: 6.10 6.9 6.8
QUIP: 23
Change-Id: I22033fe6ab4acf8362a8183e25b92331d45cb32c
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
V4: Slim down FunctionObject 2024-05-14T12:16:57+00:00 Ulf Hermann ulf.hermann@qt.io 2024-04-30T09:55:01+00:00 8b6a9403bf2e04d34b9b07d2780186029fab99d0 Most FunctionObjects do not actually need their custom jsCall members. They will only call the functions from the vtable anyway. FunctionObject can therefore be split into a static and a dynamic variant. Only the dyanmic variant needs to carry (and invoke) the extra pointer. The jsCallWithMetaTypes pointer is completely pointless because none of the dynamic functions actually implement it. Furthermore, the QV4::Function and QV4::ExecutionContext pointers in FunctionObject are only needed by actual JavaScript functions. The builtins that like to be dynamic functions never need them. Therefore, split out another class for this. In the generic FunctionObject, we need the capability to decide at run time whether the function shall be a constructor or not. Add a flag to replace the check for jsCallAsConstructor. Also, where we can, avoid the pessimization of checking whether a function is a constructor before trying to call it as constructor. Rather have the default implementation throw the exception. As a side effect, for most functions we don't need an ExecutionContext anymore. The engine is enough. Task-number: QTBUG-124662 Change-Id: Iac657fa71288dd6ec230a33de2986ba3bcf4628c Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io> 
Most FunctionObjects do not actually need their custom jsCall members.
They will only call the functions from the vtable anyway. FunctionObject
can therefore be split into a static and a dynamic variant. Only the
dyanmic variant needs to carry (and invoke) the extra pointer. The
jsCallWithMetaTypes pointer is completely pointless because none of the
dynamic functions actually implement it.

Furthermore, the QV4::Function and QV4::ExecutionContext pointers in
FunctionObject are only needed by actual JavaScript functions. The
builtins that like to be dynamic functions never need them. Therefore,
split out another class for this.

In the generic FunctionObject, we need the capability to decide at run
time whether the function shall be a constructor or not. Add a flag to
replace the check for jsCallAsConstructor.

Also, where we can, avoid the pessimization of checking whether a
function is a constructor before trying to call it as constructor.
Rather have the default implementation throw the exception.

As a side effect, for most functions we don't need an ExecutionContext
anymore. The engine is enough.

Task-number: QTBUG-124662
Change-Id: Iac657fa71288dd6ec230a33de2986ba3bcf4628c
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
QtQml: Remove unused includes in qml, first part 2022-09-14T19:43:52+00:00 Semih Yavuz semih.yavuz@qt.io 2022-09-12T21:11:29+00:00 4ad35430dcb0db6571a2ac94bf2640686c9fedf8 Drop unnecessary includes detected by clangd-iwyu. Add new includes due to the transitive includes. Also, some of the includes were detected as unused even if they were actually in use. In those cases, use angular brackets instead of "" which deceives the tool not to complain. Affected subfolders: Debugger, Compiler, JsApi, JsRuntime, Memory, Parser Task-number: QTBUG-106473 Change-Id: I01d996a2a2ba31cbbc5f60f5454c8f850298f528 Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io> 
Drop unnecessary includes detected by clangd-iwyu.
Add new includes due to the transitive includes. Also, some of the
includes were detected as unused even if they were actually in use.
In those cases, use angular brackets instead of "" which deceives
the tool not to complain.

Affected subfolders: Debugger, Compiler, JsApi, JsRuntime, Memory,
Parser

Task-number: QTBUG-106473
Change-Id: I01d996a2a2ba31cbbc5f60f5454c8f850298f528
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
Use SPDX license identifiers 2022-06-11T06:05:15+00:00 Lucie Gérard lucie.gerard@qt.io 2022-05-13T13:12:05+00:00 0dc4fd240a2897c5c443a0ef6d84c416843e4938 Replace the current license disclaimer in files by a SPDX-License-Identifier. Files that have to be modified by hand are modified. License files are organized under LICENSES directory. Pick-to: 6.4 Task-number: QTBUG-67283 Change-Id: I63563bbeb6f60f89d2c99660400dca7fab78a294 Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io> 
Replace the current license disclaimer in files by
a SPDX-License-Identifier.
Files that have to be modified by hand are modified.
License files are organized under LICENSES directory.

Pick-to: 6.4
Task-number: QTBUG-67283
Change-Id: I63563bbeb6f60f89d2c99660400dca7fab78a294
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
Split QV4::Value into a static and a dynamic part 2019-05-31T13:03:33+00:00 Ulf Hermann ulf.hermann@qt.io 2019-05-20T13:24:51+00:00 c8c2db3f5b157131542025ce556d248c7a916a00 The static part can be used for compilation and won't resolve managed objects. This allows us to remove all the remaining V4_BOOTSTRAP. Change-Id: Id2f6feb64c48beb2a407697881aea8c0d791a532 Reviewed-by: Simon Hausmann <simon.hausmann@qt.io> 
The static part can be used for compilation and won't resolve managed
objects. This allows us to remove all the remaining V4_BOOTSTRAP.

Change-Id: Id2f6feb64c48beb2a407697881aea8c0d791a532
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Ensure our builtin constructors are subclassable 2018-11-22T08:47:08+00:00 Lars Knoll lars.knoll@qt.io 2018-11-05T09:18:53+00:00 33c13efd91954fb50019e82f3ab8e8e1d8458332 Respect the newTarget passed into those constructors and make sure we set up the proto chain correctly. Change-Id: I3d12c7dbef4b33660a6715d73e9fb0f89105167a Fixes: QTBUG-71138 Reviewed-by: Erik Verbruggen <erik.verbruggen@qt.io> 
Respect the newTarget passed into those constructors and make
sure we set up the proto chain correctly.

Change-Id: I3d12c7dbef4b33660a6715d73e9fb0f89105167a
Fixes: QTBUG-71138
Reviewed-by: Erik Verbruggen <erik.verbruggen@qt.io>
Cleanups in Value/Primitive 2018-09-17T07:47:09+00:00 Lars Knoll lars.knoll@qt.io 2018-09-11T09:07:32+00:00 1dac47c1418b44cf4a56b42bfca2b277795fd213 Get rid of Primitive and move the corresponding methods directly into Value. Mark many methods in Value as constexpr and turn Value into a POD type again. Keep Primitive as a pure alias to Value for source compatibility of other modules that might be using it. Change-Id: Icb47458947dd3482c8852e95782123ea4346f5ec Reviewed-by: Simon Hausmann <simon.hausmann@qt.io> 
Get rid of Primitive and move the corresponding methods
directly into Value. Mark many methods in Value as
constexpr and turn Value into a POD type again.

Keep Primitive as a pure alias to Value for source
compatibility of other modules that might be using it.

Change-Id: Icb47458947dd3482c8852e95782123ea4346f5ec
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Implement support for new.target 2018-07-03T08:08:39+00:00 Lars Knoll lars.knoll@qt.io 2018-06-26T12:18:16+00:00 65e799a9dec58b4bde3a085149f8cbcf0f5f3fba Support the new.target meta property in the codegen, and add support for passing the newtarget into the constructor vtable methods and the execution context. Change-Id: I62ea58e5e92d894035a76e35776203e9837c383b Reviewed-by: Simon Hausmann <simon.hausmann@qt.io> 
Support the new.target meta property in the codegen, and
add support for passing the newtarget into the constructor
vtable methods and the execution context.

Change-Id: I62ea58e5e92d894035a76e35776203e9837c383b
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Prefix vtable methods with virtual 2018-07-03T08:08:35+00:00 Lars Knoll lars.knoll@qt.io 2018-06-25T21:18:33+00:00 61440411a979c7c317bafccfbf5201d969819a06 Turns out that the overloading of vtable methods and regular ones is problematic in some cases. So let's rather make it explicit which methods are part of the vtable, and which aren't. Change-Id: Ifee32a26104d30f3c82bca8b5a9cdea2d4f4f526 Reviewed-by: Simon Hausmann <simon.hausmann@qt.io> 
Turns out that the overloading of vtable methods and regular
ones is problematic in some cases. So let's rather make it explicit
which methods are part of the vtable, and which aren't.

Change-Id: Ifee32a26104d30f3c82bca8b5a9cdea2d4f4f526
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Fix length properties of global constructors 2018-06-25T07:36:38+00:00 Lars Knoll lars.knoll@qt.io 2018-06-18T07:44:59+00:00 4f5d83acf78c7e3e3f4b89190d6109a4c8fa574d Change-Id: I4e9e1635f404082b0e8b333dc13a33d27e4f4b50 Reviewed-by: Simon Hausmann <simon.hausmann@qt.io> 
Change-Id: I4e9e1635f404082b0e8b333dc13a33d27e4f4b50
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>