Replace ES5/3 ___.markFuncFreeze which left .prototype undefended

ES5/3 internally used markFuncFreeze in a fashion which suggests that it
is intended that the resulting function is (trivially) transitively
immutable (ignoring prototypes). However, it left the .prototype
property untouched, so any such function, if not otherwise defended, has
an accessible non-frozen .prototype object.

* Replace markFuncFreeze with a function markConstFunc (named to fit
  with constFunc) which sets .prototype to null.
* Replace all uses of markFuncFreeze on function literals with
  markConstFunc.
* Replaced uses of markFuncFreeze on existing functions with markFunc().

Supporting changes:
* Use ES5/3 interface instead of deprecated Cajita interface to grant
  assert functions in ES53RewriterTest.

Fixes <https://code.google.com/p/google-caja/issues/detail?id=1695>.

@r5396

[MarkM, 2013-04-10 18:19:49]

Why did you decide on an empty record rather than setting .prototype to null?
Setting it to null would make snowFunc more similar to constFunc
https://code.google.com/p/google-caja/source/browse/trunk/src/com/google/caja...

[kpreid2, 2013-04-10 18:54:59]

On 2013/04/10 18:19:49, MarkM wrote:
> Why did you decide on an empty record rather than setting .prototype to null?

ES53RewriterTest.testFunctionInstance specifically tests that .prototype exists
on a snowFunc'd function; at the time that made me decide that deleting
prototypes everywhere was too much of a semantic change.

> Setting it to null would make snowFunc more similar to constFunc
>
https://code.google.com/p/google-caja/source/browse/trunk/src/com/google/caja...

I was not aware of constFunc. Given that it exists, we should make it exist on
ES5/3's cajaVM as well, because it is relevant to the plan to get performance
improvements by using constFunc (but I didn't recall it already existed then)
instead of def() where possible.

However, snowFunc is still not the same as constFunc since it also marks. But
perhaps it should be named markConstFunc.

[felix8a, 2013-04-10 19:47:05]

https://codereview.appspot.com/8629044/diff/1/src/com/google/caja/es53.js
File src/com/google/caja/es53.js (right):

https://codereview.appspot.com/8629044/diff/1/src/com/google/caja/es53.js#new...
src/com/google/caja/es53.js:4094: var lengthGetter = freeze(markFunc(function ()
{
why isn't this just snowFunc?

[kpreid2, 2013-04-10 22:42:03]

ES5/3 internally used markFuncFreeze in a fashion which suggests that it
is intended that the resulting function is (trivially) transitively
immutable (ignoring prototypes). However, it left the .prototype
property untouched, so any such function, if not otherwise defended, has
an accessible non-frozen .prototype object.

* Replace markFuncFreeze with a function markConstFunc (named to fit
  with constFunc) which sets .prototype to null.
* Replace all uses of markFuncFreeze on function literals with
  markConstFunc.
* Replaced uses of markFuncFreeze on existing functions with markFunc().

Supporting changes:
* Use ES5/3 interface instead of deprecated Cajita interface to grant
  assert functions in ES53RewriterTest.
* Deleted unused Cajita/Valija-legacy ___.markCtor and ___.extend.
* Deleted unused setup-valija.js.

Fixes <https://code.google.com/p/google-caja/issues/detail?id=1695>.

[kpreid2, 2013-04-10 22:43:01]

New snapshot; the function now nulls the prototype, and is called markConstFunc
rather than snowFunc.

https://codereview.appspot.com/8629044/diff/1/src/com/google/caja/es53.js
File src/com/google/caja/es53.js (right):

https://codereview.appspot.com/8629044/diff/1/src/com/google/caja/es53.js#new...
src/com/google/caja/es53.js:4094: var lengthGetter = freeze(markFunc(function ()
{
On 2013/04/10 19:47:05, felix8a wrote:
> why isn't this just snowFunc?

I saw its freeze(lengthGetter.prototype), and assumed the prototype was being
used for something. Looking in more detail I see that's not so.

[felix8a, 2013-04-10 22:46:16]

lgtm

[MarkM, 2013-04-10 23:08:48]

LGTM

[ihab.awad, 2013-04-12 05:20:05]

https://codereview.appspot.com/8629044/diff/3002/tests/com/google/caja/plugin...
File tests/com/google/caja/plugin/container.js (right):

https://codereview.appspot.com/8629044/diff/3002/tests/com/google/caja/plugin...
tests/com/google/caja/plugin/container.js:29: value: ___.markFunc(fail),
What determines markConstFunc vs markFunc usage here?

[kpreid2, 2013-04-12 16:32:39]

https://codereview.appspot.com/8629044/diff/3002/tests/com/google/caja/plugin...
File tests/com/google/caja/plugin/container.js (right):

https://codereview.appspot.com/8629044/diff/3002/tests/com/google/caja/plugin...
tests/com/google/caja/plugin/container.js:29: value: ___.markFunc(fail),
On 2013/04/12 05:20:06, ihab.awad wrote:
> What determines markConstFunc vs markFunc usage here?

I was working off the principle of not mutating existing functions — but
markFunc does that, and were already doing that, so perhaps markConstFunc would
be more appropriate here.

[ihab.awad, 2013-04-12 16:46:11]

Yeah, up to you -- just seemed whacky.

[kpreid2, 2013-04-16 17:58:58]

ES5/3 internally used markFuncFreeze in a fashion which suggests that it
is intended that the resulting function is (trivially) transitively
immutable (ignoring prototypes). However, it left the .prototype
property untouched, so any such function, if not otherwise defended, has
an accessible non-frozen .prototype object.

* Replace markFuncFreeze with a function markConstFunc (named to fit
  with constFunc) which sets .prototype to null.
* Replace all uses of markFuncFreeze on function literals with
  markConstFunc.
* Replaced uses of markFuncFreeze on existing functions with markFunc().

Supporting changes:
* Use ES5/3 interface instead of deprecated Cajita interface to grant
  assert functions in ES53RewriterTest.
* Deleted unused Cajita/Valija-legacy ___.markCtor and ___.extend.
* Deleted unused setup-valija.js.

Fixes <https://code.google.com/p/google-caja/issues/detail?id=1695>.