Title: [196959] trunk/Source/_javascript_Core
- Revision
- 196959
- Author
- sbar...@apple.com
- Date
- 2016-02-22 14:24:51 -0800 (Mon, 22 Feb 2016)
Log Message
JSValue::isConstructor and JSValue::isFunction should check getConstructData and getCallData
https://bugs.webkit.org/show_bug.cgi?id=154552
Reviewed by Mark Lam.
ES6 Proxy breaks our isFunction() and isConstructor() JSValue methods.
They return false on a Proxy with internal [[Call]] and [[Construct]]
properties. It seems safest, most forward looking, and most adherent
to the specification to check getCallData() and getConstructData() to
implement these functions.
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::createSubclassStructure):
* runtime/JSCJSValueInlines.h:
(JSC::JSValue::isFunction):
(JSC::JSValue::isConstructor):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (196958 => 196959)
--- trunk/Source/_javascript_Core/ChangeLog 2016-02-22 22:23:39 UTC (rev 196958)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-02-22 22:24:51 UTC (rev 196959)
@@ -1,3 +1,22 @@
+2016-02-22 Saam barati <sbar...@apple.com>
+
+ JSValue::isConstructor and JSValue::isFunction should check getConstructData and getCallData
+ https://bugs.webkit.org/show_bug.cgi?id=154552
+
+ Reviewed by Mark Lam.
+
+ ES6 Proxy breaks our isFunction() and isConstructor() JSValue methods.
+ They return false on a Proxy with internal [[Call]] and [[Construct]]
+ properties. It seems safest, most forward looking, and most adherent
+ to the specification to check getCallData() and getConstructData() to
+ implement these functions.
+
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::createSubclassStructure):
+ * runtime/JSCJSValueInlines.h:
+ (JSC::JSValue::isFunction):
+ (JSC::JSValue::isConstructor):
+
2016-02-22 Keith Miller <keith_mil...@apple.com>
Bound functions should use the prototype of the function being bound
Modified: trunk/Source/_javascript_Core/runtime/InternalFunction.cpp (196958 => 196959)
--- trunk/Source/_javascript_Core/runtime/InternalFunction.cpp 2016-02-22 22:23:39 UTC (rev 196958)
+++ trunk/Source/_javascript_Core/runtime/InternalFunction.cpp 2016-02-22 22:24:51 UTC (rev 196959)
@@ -84,7 +84,7 @@
VM& vm = exec->vm();
// We allow newTarget == JSValue() because the API needs to be able to create classes without having a real JS frame.
// Since we don't allow subclassing in the API we just treat newTarget == JSValue() as newTarget == exec->callee()
- ASSERT(!newTarget || newTarget.isFunction());
+ ASSERT(!newTarget || newTarget.isConstructor());
if (newTarget && newTarget != exec->callee()) {
// newTarget may be an InternalFunction if we were called from Reflect.construct.
Modified: trunk/Source/_javascript_Core/runtime/JSCJSValueInlines.h (196958 => 196959)
--- trunk/Source/_javascript_Core/runtime/JSCJSValueInlines.h 2016-02-22 22:23:39 UTC (rev 196958)
+++ trunk/Source/_javascript_Core/runtime/JSCJSValueInlines.h 2016-02-22 22:24:51 UTC (rev 196959)
@@ -679,17 +679,20 @@
inline bool JSValue::isFunction() const
{
- return isCell() && (asCell()->inherits(JSFunction::info()) || asCell()->inherits(InternalFunction::info()));
+ if (!isCell())
+ return false;
+ JSCell* cell = asCell();
+ CallData ignored;
+ return cell->methodTable()->getCallData(cell, ignored) != CallTypeNone;
}
-// FIXME: We could do this in a smarter way. See: https://bugs.webkit.org/show_bug.cgi?id=153670
inline bool JSValue::isConstructor() const
{
- if (isFunction()) {
- ConstructData data;
- return getConstructData(*this, data) != ConstructTypeNone;
- }
- return false;
+ if (!isCell())
+ return false;
+ JSCell* cell = asCell();
+ ConstructData ignored;
+ return cell->methodTable()->getConstructData(cell, ignored) != ConstructTypeNone;
}
// this method is here to be after the inline declaration of JSCell::inherits
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
