[webkit-changes] [258410] trunk

[shvaikalesh]

Title: [258410] trunk

Revision

258410

Author

shvaikal...@gmail.com

Date

2020-03-13 10:51:50 -0700 (Fri, 13 Mar 2020)

Log Message

Bound functions should pass correct NewTarget value
https://bugs.webkit.org/show_bug.cgi?id=209057

Reviewed by Keith Miller.

JSTests:

* test262/expectations.yaml: Mark 4 test cases as passing.

Source/_javascript_Core:

This change implements steps 5-6 of bound function's [[Construct]] method [1],
fixing bound function subclasses and aligning JSC with V8 and SpiderMonkey.

[1]: https://tc39.es/ecma262/#sec-bound-function-exotic-objects-construct-argumentslist-newtarget

* runtime/JSBoundFunction.cpp:
(JSC::boundThisNoArgsFunctionConstruct):
(JSC::boundFunctionConstruct):

Modified Paths

• trunk/JSTests/ChangeLog
• trunk/JSTests/test262/expectations.yaml
• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/runtime/JSBoundFunction.cpp

Diff

Modified: trunk/JSTests/ChangeLog (258409 => 258410)

--- trunk/JSTests/ChangeLog	2020-03-13 17:44:32 UTC (rev 258409)
+++ trunk/JSTests/ChangeLog	2020-03-13 17:51:50 UTC (rev 258410)
@@ -1,3 +1,12 @@
+2020-03-13  Alexey Shvayka  <shvaikal...@gmail.com>
+
+        Bound functions should pass correct NewTarget value
+        https://bugs.webkit.org/show_bug.cgi?id=209057
+
+        Reviewed by Keith Miller.
+
+        * test262/expectations.yaml: Mark 4 test cases as passing.
+
 2020-03-11  Keith Miller  <keith_mil...@apple.com>
 
         Test262-runner should always consider crashes as new failures

Modified: trunk/JSTests/test262/expectations.yaml (258409 => 258410)

--- trunk/JSTests/test262/expectations.yaml	2020-03-13 17:44:32 UTC (rev 258409)
+++ trunk/JSTests/test262/expectations.yaml	2020-03-13 17:51:50 UTC (rev 258410)
@@ -942,9 +942,6 @@
 test/built-ins/Function/prototype/bind/length-exceeds-int32.js:
   default: 'Test262Error: Expected SameValue(«0», «2147483648») to be true'
   strict mode: 'Test262Error: Expected SameValue(«0», «2147483648») to be true'
-test/built-ins/Function/prototype/bind/proto-from-ctor-realm.js:
-  default: 'Test262Error: Expected SameValue(«[object Object]», «[object Object]») to be true'
-  strict mode: 'Test262Error: Expected SameValue(«[object Object]», «[object Object]») to be true'
 test/built-ins/Function/prototype/toString/AsyncFunction.js:
   default: "SyntaxError: Unexpected token ';'. Expected a ')' or a ',' after a parameter declaration."
   strict mode: "SyntaxError: Unexpected token ';'. Expected a ')' or a ',' after a parameter declaration."
@@ -3306,9 +3303,6 @@
 test/language/statements/class/poisoned-underscore-proto.js:
   default: 'Test262Error: should not be called'
   strict mode: 'Test262Error: should not be called'
-test/language/statements/class/subclass/bound-function.js:
-  default: 'Test262Error: Expected SameValue(«[object Object]», «[object Object]») to be true'
-  strict mode: 'Test262Error: Expected SameValue(«[object Object]», «[object Object]») to be true'
 test/language/statements/class/subclass/builtin-objects/ArrayBuffer/regular-subclassing.js:
   default: 'Test262Error: Expected true but got false'
   strict mode: 'Test262Error: Expected true but got false'

Modified: trunk/Source/_javascript_Core/ChangeLog (258409 => 258410)

--- trunk/Source/_javascript_Core/ChangeLog	2020-03-13 17:44:32 UTC (rev 258409)
+++ trunk/Source/_javascript_Core/ChangeLog	2020-03-13 17:51:50 UTC (rev 258410)
@@ -1,3 +1,19 @@
+2020-03-13  Alexey Shvayka  <shvaikal...@gmail.com>
+
+        Bound functions should pass correct NewTarget value
+        https://bugs.webkit.org/show_bug.cgi?id=209057
+
+        Reviewed by Keith Miller.
+
+        This change implements steps 5-6 of bound function's [[Construct]] method [1],
+        fixing bound function subclasses and aligning JSC with V8 and SpiderMonkey.
+
+        [1]: https://tc39.es/ecma262/#sec-bound-function-exotic-objects-construct-argumentslist-newtarget
+
+        * runtime/JSBoundFunction.cpp:
+        (JSC::boundThisNoArgsFunctionConstruct):
+        (JSC::boundFunctionConstruct):
+
 2020-03-13  Yusuke Suzuki  <ysuz...@apple.com>
 
         Unreviewed, change ASSERT to ASSERT_WITH_SECURITY_IMPLICATION since it is now enabled under ENABLE(SECURITY_ASSERTIONS)

Modified: trunk/Source/_javascript_Core/runtime/JSBoundFunction.cpp (258409 => 258410)

--- trunk/Source/_javascript_Core/runtime/JSBoundFunction.cpp	2020-03-13 17:44:32 UTC (rev 258409)
+++ trunk/Source/_javascript_Core/runtime/JSBoundFunction.cpp	2020-03-13 17:51:50 UTC (rev 258410)
@@ -111,7 +111,11 @@
     ConstructData constructData;
     ConstructType constructType = getConstructData(globalObject->vm(), targetFunction, constructData);
     ASSERT(constructType != ConstructType::None);
-    return JSValue::encode(construct(globalObject, targetFunction, constructType, constructData, args));
+
+    JSValue newTarget = callFrame->newTarget();
+    if (newTarget == boundFunction)
+        newTarget = targetFunction;
+    return JSValue::encode(construct(globalObject, targetFunction, constructType, constructData, args, newTarget));
 }
 
 EncodedJSValue JSC_HOST_CALL boundFunctionConstruct(JSGlobalObject* globalObject, CallFrame* callFrame)
@@ -139,7 +143,11 @@
     ConstructData constructData;
     ConstructType constructType = getConstructData(vm, targetFunction, constructData);
     ASSERT(constructType != ConstructType::None);
-    RELEASE_AND_RETURN(scope, JSValue::encode(construct(globalObject, targetFunction, constructType, constructData, args)));
+
+    JSValue newTarget = callFrame->newTarget();
+    if (newTarget == boundFunction)
+        newTarget = targetFunction;
+    RELEASE_AND_RETURN(scope, JSValue::encode(construct(globalObject, targetFunction, constructType, constructData, args, newTarget)));
 }
 
 EncodedJSValue JSC_HOST_CALL isBoundFunction(JSGlobalObject* globalObject, CallFrame* callFrame)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes