Diff
Modified: trunk/JSTests/ChangeLog (207651 => 207652)
--- trunk/JSTests/ChangeLog 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/JSTests/ChangeLog 2016-10-21 01:33:14 UTC (rev 207652)
@@ -1,3 +1,33 @@
+2016-10-20 Yusuke Suzuki <utatane....@gmail.com>
+
+ [JSC] Drop isEnvironmentRecord type info flag and use JSType information instead
+ https://bugs.webkit.org/show_bug.cgi?id=163761
+
+ Reviewed by Keith Miller.
+
+ * modules/string-prototype-module-scope.js: Added.
+ (shouldBe):
+ (catch):
+ (refer):
+ * stress/string-prototype-scopes-global-lexical-environment-strict.js: Added.
+ (shouldBe):
+ (catch):
+ * stress/string-prototype-scopes-global-lexical-environment.js: Added.
+ (shouldBe):
+ (catch):
+ * stress/string-prototype-scopes-strict.js: Added.
+ (shouldBe):
+ (catch):
+ (try.refer):
+ (refer):
+ * stress/string-prototype-scopes.js: Added.
+ (shouldBe):
+ (catch):
+ (try.refer):
+ (refer):
+ (object.toString):
+ (with):
+
2016-10-20 JF Bastien <jfbast...@apple.com>
WebAssembly API: implement exception constructors properly
Added: trunk/JSTests/modules/string-prototype-module-scope.js (0 => 207652)
--- trunk/JSTests/modules/string-prototype-module-scope.js (rev 0)
+++ trunk/JSTests/modules/string-prototype-module-scope.js 2016-10-21 01:33:14 UTC (rev 207652)
@@ -0,0 +1,15 @@
+function shouldBe(actual, expected) {
+ if (actual !== expected)
+ throw new Error('bad value: ' + actual);
+}
+
+var error = null;
+try {
+ var charAt = String.prototype.charAt;
+ charAt();
+} catch (e) {
+ error = e;
+}
+shouldBe(String(error), `TypeError: Type error`);
+
+function refer() { charAt; }
Added: trunk/JSTests/stress/string-prototype-scopes-global-lexical-environment-strict.js (0 => 207652)
--- trunk/JSTests/stress/string-prototype-scopes-global-lexical-environment-strict.js (rev 0)
+++ trunk/JSTests/stress/string-prototype-scopes-global-lexical-environment-strict.js 2016-10-21 01:33:14 UTC (rev 207652)
@@ -0,0 +1,15 @@
+"use strict";
+
+function shouldBe(actual, expected) {
+ if (actual !== expected)
+ throw new Error('bad value: ' + actual);
+}
+
+var error = null;
+let charAt = String.prototype.charAt;
+try {
+ charAt();
+} catch (e) {
+ error = e;
+}
+shouldBe(String(error), `TypeError: Type error`);
Added: trunk/JSTests/stress/string-prototype-scopes-global-lexical-environment.js (0 => 207652)
--- trunk/JSTests/stress/string-prototype-scopes-global-lexical-environment.js (rev 0)
+++ trunk/JSTests/stress/string-prototype-scopes-global-lexical-environment.js 2016-10-21 01:33:14 UTC (rev 207652)
@@ -0,0 +1,13 @@
+function shouldBe(actual, expected) {
+ if (actual !== expected)
+ throw new Error('bad value: ' + actual);
+}
+
+var error = null;
+let charAt = String.prototype.charAt;
+try {
+ charAt();
+} catch (e) {
+ error = e;
+}
+shouldBe(String(error), `TypeError: Type error`);
Added: trunk/JSTests/stress/string-prototype-scopes-strict.js (0 => 207652)
--- trunk/JSTests/stress/string-prototype-scopes-strict.js (rev 0)
+++ trunk/JSTests/stress/string-prototype-scopes-strict.js 2016-10-21 01:33:14 UTC (rev 207652)
@@ -0,0 +1,51 @@
+"use strict";
+
+function shouldBe(actual, expected) {
+ if (actual !== expected)
+ throw new Error('bad value: ' + actual);
+}
+
+var error = null;
+try {
+ eval(`
+ var charAt = String.prototype.charAt;
+ charAt();
+ `);
+} catch (e) {
+ error = e;
+}
+shouldBe(String(error), `TypeError: Type error`);
+
+var error = null;
+try {
+ var charAt = String.prototype.charAt;
+ charAt();
+} catch (e) {
+ error = e;
+}
+shouldBe(String(error), `TypeError: Type error`);
+
+var error = null;
+try {
+ let charAt = String.prototype.charAt;
+ charAt();
+ function refer() { charAt; }
+} catch (e) {
+ error = e;
+}
+shouldBe(String(error), `TypeError: Type error`);
+
+(function () {
+ var error = null;
+ var ok = 42;
+ try {
+ var charAt = String.prototype.charAt;
+ charAt();
+ } catch (e) {
+ error = e;
+ }
+
+ function refer() { charAt; } // Refer the charAt variable.
+ shouldBe(String(error), `TypeError: Type error`);
+ return ok;
+}());
Added: trunk/JSTests/stress/string-prototype-scopes.js (0 => 207652)
--- trunk/JSTests/stress/string-prototype-scopes.js (rev 0)
+++ trunk/JSTests/stress/string-prototype-scopes.js 2016-10-21 01:33:14 UTC (rev 207652)
@@ -0,0 +1,54 @@
+function shouldBe(actual, expected) {
+ if (actual !== expected)
+ throw new Error('bad value: ' + actual);
+}
+
+var error = null;
+try {
+ eval(`
+ var charAt = String.prototype.charAt;
+ charAt();
+ `);
+} catch (e) {
+ error = e;
+}
+shouldBe(String(error), `TypeError: Type error`);
+
+var error = null;
+try {
+ var charAt = String.prototype.charAt;
+ charAt();
+} catch (e) {
+ error = e;
+}
+shouldBe(String(error), `TypeError: Type error`);
+
+var error = null;
+try {
+ let charAt = String.prototype.charAt;
+ charAt();
+ function refer() { charAt; }
+} catch (e) {
+ error = e;
+}
+shouldBe(String(error), `TypeError: Type error`);
+
+(function () {
+ var error = null;
+ var ok = 42;
+ try {
+ var charAt = String.prototype.charAt;
+ charAt();
+ } catch (e) {
+ error = e;
+ }
+
+ function refer() { charAt; } // Refer the charAt variable.
+ shouldBe(String(error), `TypeError: Type error`);
+ return ok;
+}());
+
+var object = { __proto__: String.prototype, toString() { return "Cocoa"; } };
+with (object) {
+ shouldBe(charAt(0), `C`);
+}
Modified: trunk/LayoutTests/ChangeLog (207651 => 207652)
--- trunk/LayoutTests/ChangeLog 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/LayoutTests/ChangeLog 2016-10-21 01:33:14 UTC (rev 207652)
@@ -1,3 +1,19 @@
+2016-10-20 Yusuke Suzuki <utatane....@gmail.com>
+
+ [JSC] Drop isEnvironmentRecord type info flag and use JSType information instead
+ https://bugs.webkit.org/show_bug.cgi?id=163761
+
+ Reviewed by Keith Miller.
+
+ * js/dom/script-tests/string-prototype-scopes-in-workers.js: Added.
+ (catch):
+ * js/dom/script-tests/string-prototype-scopes.js: Added.
+ (catch):
+ * js/dom/string-prototype-scopes-expected.txt: Added.
+ * js/dom/string-prototype-scopes-in-workers-expected.txt: Added.
+ * js/dom/string-prototype-scopes-in-workers.html: Added.
+ * js/dom/string-prototype-scopes.html: Added.
+
2016-10-20 Myles C. Maxfield <mmaxfi...@apple.com>
Implement WebGL2 bufferData() and bufferSubData() methods
Added: trunk/LayoutTests/js/dom/script-tests/string-prototype-scopes-in-workers.js (0 => 207652)
--- trunk/LayoutTests/js/dom/script-tests/string-prototype-scopes-in-workers.js (rev 0)
+++ trunk/LayoutTests/js/dom/script-tests/string-prototype-scopes-in-workers.js 2016-10-21 01:33:14 UTC (rev 207652)
@@ -0,0 +1,16 @@
+importScripts('../../../resources/js-test-pre.js');
+
+description("This test checks whether String.prototype methods correctly handle |this| if |this| becomes worker global scope.");
+
+var global = this;
+global.jsTestIsAsync = true;
+
+var error = null;
+try {
+ var charAt = String.prototype.charAt;
+ charAt();
+} catch (e) {
+ error = e;
+}
+shouldBe(`String(error)`, `"TypeError: Type error"`);
+finishJSTest();
Added: trunk/LayoutTests/js/dom/script-tests/string-prototype-scopes.js (0 => 207652)
--- trunk/LayoutTests/js/dom/script-tests/string-prototype-scopes.js (rev 0)
+++ trunk/LayoutTests/js/dom/script-tests/string-prototype-scopes.js 2016-10-21 01:33:14 UTC (rev 207652)
@@ -0,0 +1,10 @@
+description("This test checks whether String.prototype methods correctly handle |this| if |this| becomes window.");
+
+var error = null;
+try {
+ var charAt = String.prototype.charAt;
+ charAt();
+} catch (e) {
+ error = e;
+}
+shouldBe(`String(error)`, `"TypeError: Type error"`);
Added: trunk/LayoutTests/js/dom/string-prototype-scopes-expected.txt (0 => 207652)
--- trunk/LayoutTests/js/dom/string-prototype-scopes-expected.txt (rev 0)
+++ trunk/LayoutTests/js/dom/string-prototype-scopes-expected.txt 2016-10-21 01:33:14 UTC (rev 207652)
@@ -0,0 +1,10 @@
+This test checks whether String.prototype methods correctly handle |this| if |this| becomes window.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS String(error) is "TypeError: Type error"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/js/dom/string-prototype-scopes-in-workers-expected.txt (0 => 207652)
--- trunk/LayoutTests/js/dom/string-prototype-scopes-in-workers-expected.txt (rev 0)
+++ trunk/LayoutTests/js/dom/string-prototype-scopes-in-workers-expected.txt 2016-10-21 01:33:14 UTC (rev 207652)
@@ -0,0 +1,10 @@
+[Worker] This test checks whether String.prototype methods correctly handle |this| if |this| becomes worker global scope.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+Starting worker: ./script-tests/string-prototype-scopes-in-workers.js
+PASS [Worker] String(error) is "TypeError: Type error"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/js/dom/string-prototype-scopes-in-workers.html (0 => 207652)
--- trunk/LayoutTests/js/dom/string-prototype-scopes-in-workers.html (rev 0)
+++ trunk/LayoutTests/js/dom/string-prototype-scopes-in-workers.html 2016-10-21 01:33:14 UTC (rev 207652)
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script>
+worker = startWorker('./script-tests/string-prototype-scopes-in-workers.js');
+</script>
+<script src=""
+</body>
+</html>
Added: trunk/LayoutTests/js/dom/string-prototype-scopes.html (0 => 207652)
--- trunk/LayoutTests/js/dom/string-prototype-scopes.html (rev 0)
+++ trunk/LayoutTests/js/dom/string-prototype-scopes.html 2016-10-21 01:33:14 UTC (rev 207652)
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script src=""
+<script src=""
+</body>
+</html>
Modified: trunk/Source/_javascript_Core/ChangeLog (207651 => 207652)
--- trunk/Source/_javascript_Core/ChangeLog 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-10-21 01:33:14 UTC (rev 207652)
@@ -1,3 +1,45 @@
+2016-10-20 Yusuke Suzuki <utatane....@gmail.com>
+
+ [JSC] Drop isEnvironmentRecord type info flag and use JSType information instead
+ https://bugs.webkit.org/show_bug.cgi?id=163761
+
+ Reviewed by Keith Miller.
+
+ When we call a function in the following form,
+
+ var charAt = String.prototype.charAt;
+ charAt(); // |this| becomes the global object.
+
+ we should see |this| as undefined/null. In StringPrototype.cpp,
+ we use IsEnvironmentRecord type info flag to check whther the
+ given |this| is an environment record.
+ However, type info flag is precious thing and only StringPrototype.cpp
+ uses IsEnvironmentRecord. In addition to that, JSType should
+ already knows whether the given object is an environment record.
+ So IsEnvironmentRecord type info flag should be dropped.
+
+ This patch adds a new JSType, StrictEvalActivation. And we add a new
+ method JSObject::isEnvironmentRecord(). This method uses JSType to
+ return the result. And we drop IsEnvironmentRecord type info flag.
+ This patch makes a room for putting one bit flag to the out of line
+ type info flag. Previously, it is already exhausted.
+
+ * llint/LLIntData.cpp:
+ (JSC::LLInt::Data::performAssertions):
+ * llint/LowLevelInterpreter.asm:
+ * runtime/JSObject.h:
+ (JSC::JSObject::isStrictEvalActivation):
+ (JSC::JSObject::isEnvironmentRecord):
+ * runtime/JSSymbolTableObject.h:
+ * runtime/JSType.h:
+ * runtime/JSTypeInfo.h:
+ (JSC::TypeInfo::newImpurePropertyFiresWatchpoints):
+ (JSC::TypeInfo::isEnvironmentRecord): Deleted.
+ * runtime/StrictEvalActivation.h:
+ (JSC::StrictEvalActivation::createStructure):
+ * runtime/StringPrototype.cpp:
+ (JSC::checkObjectCoercible):
+
2016-10-20 JF Bastien <jfbast...@apple.com>
WebAssembly API: implement exception constructors properly
Modified: trunk/Source/_javascript_Core/llint/LLIntData.cpp (207651 => 207652)
--- trunk/Source/_javascript_Core/llint/LLIntData.cpp 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/Source/_javascript_Core/llint/LLIntData.cpp 2016-10-21 01:33:14 UTC (rev 207652)
@@ -161,7 +161,7 @@
STATIC_ASSERT(JSFunctionType == 23);
STATIC_ASSERT(ArrayType == 31);
STATIC_ASSERT(DerivedArrayType == 32);
- STATIC_ASSERT(ProxyObjectType == 49);
+ STATIC_ASSERT(ProxyObjectType == 50);
STATIC_ASSERT(Int8ArrayType == 33);
STATIC_ASSERT(Int16ArrayType == 34);
STATIC_ASSERT(Int32ArrayType == 35);
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm (207651 => 207652)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm 2016-10-21 01:33:14 UTC (rev 207652)
@@ -350,7 +350,7 @@
const JSFunctionType = 23
const ArrayType = 31
const DerivedArrayType = 32
-const ProxyObjectType = 49
+const ProxyObjectType = 50
# The typed array types need to be numbered in a particular order because of the manually written
# switch statement in get_by_val and put_by_val.
Modified: trunk/Source/_javascript_Core/runtime/JSObject.h (207651 => 207652)
--- trunk/Source/_javascript_Core/runtime/JSObject.h 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/Source/_javascript_Core/runtime/JSObject.h 2016-10-21 01:33:14 UTC (rev 207652)
@@ -706,12 +706,15 @@
JS_EXPORT_PRIVATE static bool defineOwnProperty(JSObject*, ExecState*, PropertyName, const PropertyDescriptor&, bool shouldThrow);
+ bool isEnvironmentRecord() const;
bool isGlobalObject() const;
bool isJSLexicalEnvironment() const;
bool isGlobalLexicalEnvironment() const;
- bool isErrorInstance() const;
+ bool isStrictEvalActivation() const;
bool isWithScope() const;
+ bool isErrorInstance() const;
+
JS_EXPORT_PRIVATE void seal(VM&);
JS_EXPORT_PRIVATE void freeze(VM&);
JS_EXPORT_PRIVATE static bool preventExtensions(JSObject*, ExecState*);
@@ -1175,6 +1178,18 @@
return type() == GlobalLexicalEnvironmentType;
}
+inline bool JSObject::isStrictEvalActivation() const
+{
+ return type() == StrictEvalActivationType;
+}
+
+inline bool JSObject::isEnvironmentRecord() const
+{
+ bool result = GlobalObjectType <= type() && type() <= StrictEvalActivationType;
+ ASSERT((isGlobalObject() || isJSLexicalEnvironment() || isGlobalLexicalEnvironment() || isStrictEvalActivation()) == result);
+ return result;
+}
+
inline bool JSObject::isErrorInstance() const
{
return type() == ErrorInstanceType;
Modified: trunk/Source/_javascript_Core/runtime/JSSymbolTableObject.h (207651 => 207652)
--- trunk/Source/_javascript_Core/runtime/JSSymbolTableObject.h 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/Source/_javascript_Core/runtime/JSSymbolTableObject.h 2016-10-21 01:33:14 UTC (rev 207652)
@@ -39,7 +39,7 @@
class JSSymbolTableObject : public JSScope {
public:
typedef JSScope Base;
- static const unsigned StructureFlags = Base::StructureFlags | IsEnvironmentRecord | OverridesGetPropertyNames;
+ static const unsigned StructureFlags = Base::StructureFlags | OverridesGetPropertyNames;
SymbolTable* symbolTable() const { return m_symbolTable.get(); }
Modified: trunk/Source/_javascript_Core/runtime/JSType.h (207651 => 207652)
--- trunk/Source/_javascript_Core/runtime/JSType.h 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/Source/_javascript_Core/runtime/JSType.h 2016-10-21 01:33:14 UTC (rev 207652)
@@ -77,10 +77,15 @@
DataViewType,
GetterSetterType,
+
+ // Start environment record types.
GlobalObjectType,
LexicalEnvironmentType,
GlobalLexicalEnvironmentType,
ModuleEnvironmentType,
+ StrictEvalActivationType,
+ // End environment record types.
+
RegExpObjectType,
ProxyObjectType,
JSMapType,
Modified: trunk/Source/_javascript_Core/runtime/JSTypeInfo.h (207651 => 207652)
--- trunk/Source/_javascript_Core/runtime/JSTypeInfo.h 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/Source/_javascript_Core/runtime/JSTypeInfo.h 2016-10-21 01:33:14 UTC (rev 207652)
@@ -48,7 +48,6 @@
static const unsigned ProhibitsPropertyCaching = 1 << 10;
static const unsigned GetOwnPropertySlotIsImpure = 1 << 11;
static const unsigned NewImpurePropertyFiresWatchpoints = 1 << 12;
-static const unsigned IsEnvironmentRecord = 1 << 13;
static const unsigned GetOwnPropertySlotIsImpureForPropertyAbsence = 1 << 14;
static const unsigned InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero = 1 << 15;
@@ -90,7 +89,6 @@
bool getOwnPropertySlotIsImpure() const { return isSetOnFlags2(GetOwnPropertySlotIsImpure); }
bool getOwnPropertySlotIsImpureForPropertyAbsence() const { return isSetOnFlags2(GetOwnPropertySlotIsImpureForPropertyAbsence); }
bool newImpurePropertyFiresWatchpoints() const { return isSetOnFlags2(NewImpurePropertyFiresWatchpoints); }
- bool isEnvironmentRecord() const { return isSetOnFlags2(IsEnvironmentRecord); }
bool interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero() const { return isSetOnFlags2(InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero); }
static ptrdiff_t flagsOffset()
Modified: trunk/Source/_javascript_Core/runtime/StrictEvalActivation.h (207651 => 207652)
--- trunk/Source/_javascript_Core/runtime/StrictEvalActivation.h 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/Source/_javascript_Core/runtime/StrictEvalActivation.h 2016-10-21 01:33:14 UTC (rev 207652)
@@ -32,7 +32,7 @@
class StrictEvalActivation : public JSScope {
public:
typedef JSScope Base;
- static const unsigned StructureFlags = Base::StructureFlags | IsEnvironmentRecord | OverridesToThis;
+ static const unsigned StructureFlags = Base::StructureFlags | OverridesToThis;
static StrictEvalActivation* create(ExecState* exec, JSScope* currentScope)
{
@@ -46,7 +46,7 @@
static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
{
- return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
+ return Structure::create(vm, globalObject, prototype, TypeInfo(StrictEvalActivationType, StructureFlags), info());
}
DECLARE_INFO;
Modified: trunk/Source/_javascript_Core/runtime/StringPrototype.cpp (207651 => 207652)
--- trunk/Source/_javascript_Core/runtime/StringPrototype.cpp 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/Source/_javascript_Core/runtime/StringPrototype.cpp 2016-10-21 01:33:14 UTC (rev 207652)
@@ -746,7 +746,7 @@
if (thisValue.isUndefinedOrNull())
return false;
- if (thisValue.isCell() && thisValue.asCell()->structure()->typeInfo().isEnvironmentRecord())
+ if (thisValue.isObject() && asObject(thisValue)->isEnvironmentRecord())
return false;
return true;
