Diff
Modified: branches/safari-603-branch/JSTests/ChangeLog (210659 => 210660)
--- branches/safari-603-branch/JSTests/ChangeLog 2017-01-12 16:46:05 UTC (rev 210659)
+++ branches/safari-603-branch/JSTests/ChangeLog 2017-01-12 16:46:08 UTC (rev 210660)
@@ -1,5 +1,18 @@
2017-01-12 Matthew Hanson <matthew_han...@apple.com>
+ Merge r210563. rdar://problem/29940224
+
+ 2017-01-10 Mark Lam <mark....@apple.com>
+
+ Property setters should not be called for bound arguments list entries.
+ https://bugs.webkit.org/show_bug.cgi?id=165631
+
+ Reviewed by Filip Pizlo.
+
+ * stress/property-setters-should-not-be-called-for-bound-arguments-list-entries.js: Added.
+
+2017-01-12 Matthew Hanson <matthew_han...@apple.com>
+
Merge r210457. rdar://problem/27330808
2017-01-06 Michael Saboff <msab...@apple.com>
Added: branches/safari-603-branch/JSTests/stress/property-setters-should-not-be-called-for-bound-arguments-list-entries.js (0 => 210660)
--- branches/safari-603-branch/JSTests/stress/property-setters-should-not-be-called-for-bound-arguments-list-entries.js (rev 0)
+++ branches/safari-603-branch/JSTests/stress/property-setters-should-not-be-called-for-bound-arguments-list-entries.js 2017-01-12 16:46:08 UTC (rev 210660)
@@ -0,0 +1,8 @@
+Object.defineProperty(Array.prototype, "0", {
+ set: () => {
+ throw "ERROR: setter should not be called for bound arguments list";
+ }
+});
+
+function dummy() { }
+var f = dummy.bind({}, 1, 2, 3, 4);
Modified: branches/safari-603-branch/Source/_javascript_Core/ChangeLog (210659 => 210660)
--- branches/safari-603-branch/Source/_javascript_Core/ChangeLog 2017-01-12 16:46:05 UTC (rev 210659)
+++ branches/safari-603-branch/Source/_javascript_Core/ChangeLog 2017-01-12 16:46:08 UTC (rev 210660)
@@ -1,5 +1,28 @@
2017-01-12 Matthew Hanson <matthew_han...@apple.com>
+ Merge r210563. rdar://problem/29940224
+
+ 2017-01-10 Mark Lam <mark....@apple.com>
+
+ Property setters should not be called for bound arguments list entries.
+ https://bugs.webkit.org/show_bug.cgi?id=165631
+
+ Reviewed by Filip Pizlo.
+
+ * builtins/FunctionPrototype.js:
+ (bind):
+ - use @putByValDirect to set the bound arguments so that we don't consult the
+ prototype chain for setters.
+
+ * runtime/IntlDateTimeFormatPrototype.cpp:
+ (JSC::IntlDateTimeFormatPrototypeGetterFormat):
+ * runtime/IntlNumberFormatPrototype.cpp:
+ (JSC::IntlNumberFormatPrototypeGetterFormat):
+ - no need to create a bound arguments array because these bound functions binds
+ no arguments according to the spec.
+
+2017-01-12 Matthew Hanson <matthew_han...@apple.com>
+
Merge r210553. rdar://problem/29941356
2017-01-09 Filip Pizlo <fpi...@apple.com>
Modified: branches/safari-603-branch/Source/_javascript_Core/builtins/FunctionPrototype.js (210659 => 210660)
--- branches/safari-603-branch/Source/_javascript_Core/builtins/FunctionPrototype.js 2017-01-12 16:46:05 UTC (rev 210659)
+++ branches/safari-603-branch/Source/_javascript_Core/builtins/FunctionPrototype.js 2017-01-12 16:46:08 UTC (rev 210660)
@@ -72,7 +72,7 @@
numBoundArgs = argumentCount - 1;
boundArgs = @newArrayWithSize(numBoundArgs);
for (let i = 0; i < numBoundArgs; i++)
- boundArgs[i] = arguments[i + 1];
+ @putByValDirect(boundArgs, i, arguments[i + 1]);
}
let length = 0;
Modified: branches/safari-603-branch/Source/_javascript_Core/runtime/IntlDateTimeFormatPrototype.cpp (210659 => 210660)
--- branches/safari-603-branch/Source/_javascript_Core/runtime/IntlDateTimeFormatPrototype.cpp 2017-01-12 16:46:05 UTC (rev 210659)
+++ branches/safari-603-branch/Source/_javascript_Core/runtime/IntlDateTimeFormatPrototype.cpp 2017-01-12 16:46:08 UTC (rev 210660)
@@ -137,12 +137,8 @@
// a. Let F be a new built-in function object as defined in 12.3.4.
// b. The value of F’s length property is 1. (Note: F’s length property was 0 in ECMA-402 1.0)
JSFunction* targetObject = JSFunction::create(vm, globalObject, 1, ASCIILiteral("format"), IntlDateTimeFormatFuncFormatDateTime, NoIntrinsic);
- JSArray* boundArgs = JSArray::tryCreateUninitialized(vm, globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithUndecided), 0);
- if (!boundArgs)
- return JSValue::encode(throwOutOfMemoryError(state, scope));
-
// c. Let bf be BoundFunctionCreate(F, «this value»).
- boundFormat = JSBoundFunction::create(vm, state, globalObject, targetObject, dtf, boundArgs, 1, ASCIILiteral("format"));
+ boundFormat = JSBoundFunction::create(vm, state, globalObject, targetObject, dtf, nullptr, 1, ASCIILiteral("format"));
RETURN_IF_EXCEPTION(scope, encodedJSValue());
// d. Set dtf.[[boundFormat]] to bf.
dtf->setBoundFormat(vm, boundFormat);
Modified: branches/safari-603-branch/Source/_javascript_Core/runtime/IntlNumberFormatPrototype.cpp (210659 => 210660)
--- branches/safari-603-branch/Source/_javascript_Core/runtime/IntlNumberFormatPrototype.cpp 2017-01-12 16:46:05 UTC (rev 210659)
+++ branches/safari-603-branch/Source/_javascript_Core/runtime/IntlNumberFormatPrototype.cpp 2017-01-12 16:46:08 UTC (rev 210660)
@@ -125,12 +125,8 @@
// a. Let F be a new built-in function object as defined in 11.3.4.
// b. The value of F’s length property is 1.
JSFunction* targetObject = JSFunction::create(vm, globalObject, 1, ASCIILiteral("format"), IntlNumberFormatFuncFormatNumber, NoIntrinsic);
- JSArray* boundArgs = JSArray::tryCreateUninitialized(vm, globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithUndecided), 0);
- if (!boundArgs)
- return JSValue::encode(throwOutOfMemoryError(state, scope));
-
// c. Let bf be BoundFunctionCreate(F, «this value»).
- boundFormat = JSBoundFunction::create(vm, state, globalObject, targetObject, nf, boundArgs, 1, ASCIILiteral("format"));
+ boundFormat = JSBoundFunction::create(vm, state, globalObject, targetObject, nf, nullptr, 1, ASCIILiteral("format"));
RETURN_IF_EXCEPTION(scope, encodedJSValue());
// d. Set nf.[[boundFormat]] to bf.
nf->setBoundFormat(vm, boundFormat);