Diff
Modified: trunk/JSTests/ChangeLog (266528 => 266529)
--- trunk/JSTests/ChangeLog 2020-09-03 16:57:49 UTC (rev 266528)
+++ trunk/JSTests/ChangeLog 2020-09-03 17:04:09 UTC (rev 266529)
@@ -1,3 +1,20 @@
+2020-09-03 Ross Kirsling <ross.kirsl...@sony.com>
+
+ [JSC] Add missing detached buffer errors for DataView
+ https://bugs.webkit.org/show_bug.cgi?id=216062
+
+ Reviewed by Yusuke Suzuki.
+
+ * stress/detached-buffer-typeerror.js:
+ Add new test.
+
+ * stress/dataview-jit-neuter.js:
+ * stress/native-constructors-length.js:
+ Update existing tests.
+
+ * test262/expectations.yaml:
+ Mark 74 test cases as passing.
+
2020-09-02 Yusuke Suzuki <ysuz...@apple.com>
[JSC] Update test262
Modified: trunk/JSTests/stress/dataview-jit-neuter.js (266528 => 266529)
--- trunk/JSTests/stress/dataview-jit-neuter.js 2020-09-03 16:57:49 UTC (rev 266528)
+++ trunk/JSTests/stress/dataview-jit-neuter.js 2020-09-03 17:04:09 UTC (rev 266529)
@@ -48,7 +48,7 @@
} catch(err) {
e = err;
}
- assert(e instanceof RangeError);
+ assert(e instanceof TypeError);
}
test();
@@ -75,6 +75,6 @@
} catch(err) {
e = err;
}
- assert(e instanceof RangeError);
+ assert(e instanceof TypeError);
}
test2();
Added: trunk/JSTests/stress/detached-buffer-typeerror.js (0 => 266529)
--- trunk/JSTests/stress/detached-buffer-typeerror.js (rev 0)
+++ trunk/JSTests/stress/detached-buffer-typeerror.js 2020-09-03 17:04:09 UTC (rev 266529)
@@ -0,0 +1,53 @@
+function shouldBe(actual, expected) {
+ if (actual !== expected)
+ throw new Error(`expected ${expected} but got ${actual}`);
+}
+
+function shouldThrowTypeError(func) {
+ let error;
+ try {
+ func();
+ } catch (e) {
+ error = e;
+ }
+
+ if (!(error instanceof TypeError))
+ throw new Error('Expected TypeError!');
+}
+
+function viewLength(view) {
+ return view.byteLength;
+}
+noInline(viewLength);
+
+function viewOffset(view) {
+ return view.byteOffset;
+}
+noInline(viewOffset);
+
+function loadU8(view, offset) {
+ return view.getUint8(offset);
+}
+noInline(loadU8);
+
+function storeU8(view, offset, value) {
+ return view.setUint8(offset, value);
+}
+noInline(storeU8);
+
+const buffer = new ArrayBuffer(1);
+const view = new DataView(buffer);
+
+for (let i = 0; i < 1e5; i++) {
+ storeU8(view, 0, 0xff);
+ shouldBe(loadU8(view, 0), 0xff);
+ shouldBe(viewLength(view), 1);
+ shouldBe(viewOffset(view), 0);
+}
+
+transferArrayBuffer(buffer);
+
+shouldThrowTypeError(() => storeU8(view, 0, 0xff));
+shouldThrowTypeError(() => loadU8(view, 0));
+shouldThrowTypeError(() => viewLength(view));
+shouldThrowTypeError(() => viewOffset(view));
Modified: trunk/JSTests/stress/native-constructors-length.js (266528 => 266529)
--- trunk/JSTests/stress/native-constructors-length.js 2020-09-03 16:57:49 UTC (rev 266528)
+++ trunk/JSTests/stress/native-constructors-length.js 2020-09-03 17:04:09 UTC (rev 266529)
@@ -15,7 +15,7 @@
assertLengthDescriptorAttributes(Array, 1);
assertLengthDescriptorAttributes(ArrayBuffer, 1);
assertLengthDescriptorAttributes(Boolean, 1);
-assertLengthDescriptorAttributes(DataView, 3);
+assertLengthDescriptorAttributes(DataView, 1);
assertLengthDescriptorAttributes(Date, 7);
assertLengthDescriptorAttributes(Error, 1);
assertLengthDescriptorAttributes(Function, 1);
Modified: trunk/JSTests/test262/expectations.yaml (266528 => 266529)
--- trunk/JSTests/test262/expectations.yaml 2020-09-03 16:57:49 UTC (rev 266528)
+++ trunk/JSTests/test262/expectations.yaml 2020-09-03 17:04:09 UTC (rev 266529)
@@ -636,117 +636,6 @@
test/built-ins/ArrayIteratorPrototype/next/detach-typedarray-in-progress.js:
default: 'Test262Error: Expected a TypeError to be thrown but no exception was thrown at all (Testing with Float64Array.)'
strict mode: 'Test262Error: Expected a TypeError to be thrown but no exception was thrown at all (Testing with Float64Array.)'
-test/built-ins/DataView/custom-proto-access-detaches-buffer.js:
- default: 'Test262Error: Expected a TypeError to be thrown but no exception was thrown at all'
- strict mode: 'Test262Error: Expected a TypeError to be thrown but no exception was thrown at all'
-test/built-ins/DataView/detached-buffer.js:
- default: 'Test262Error: throws if buffer is detached Expected a TypeError to be thrown but no exception was thrown at all'
- strict mode: 'Test262Error: throws if buffer is detached Expected a TypeError to be thrown but no exception was thrown at all'
-test/built-ins/DataView/length.js:
- default: 'Test262Error: descriptor value should be 1'
- strict mode: 'Test262Error: descriptor value should be 1'
-test/built-ins/DataView/prototype/byteLength/detached-buffer.js:
- default: 'Test262Error: Expected a TypeError to be thrown but no exception was thrown at all'
- strict mode: 'Test262Error: Expected a TypeError to be thrown but no exception was thrown at all'
-test/built-ins/DataView/prototype/byteOffset/detached-buffer.js:
- default: 'Test262Error: Expected a TypeError to be thrown but no exception was thrown at all'
- strict mode: 'Test262Error: Expected a TypeError to be thrown but no exception was thrown at all'
-test/built-ins/DataView/prototype/getFloat32/detached-buffer-before-outofrange-byteoffset.js:
- default: 'Test262Error: 13 Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: 13 Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/getFloat32/detached-buffer.js:
- default: 'Test262Error: Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/getFloat64/detached-buffer-before-outofrange-byteoffset.js:
- default: 'Test262Error: 13 Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: 13 Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/getFloat64/detached-buffer.js:
- default: 'Test262Error: Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/getInt16/detached-buffer-before-outofrange-byteoffset.js:
- default: 'Test262Error: 13 Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: 13 Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/getInt16/detached-buffer.js:
- default: 'Test262Error: Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/getInt32/detached-buffer-before-outofrange-byteoffset.js:
- default: 'Test262Error: 13 Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: 13 Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/getInt32/detached-buffer.js:
- default: 'Test262Error: Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/getInt8/detached-buffer-before-outofrange-byteoffset.js:
- default: 'Test262Error: 13 Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: 13 Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/getInt8/detached-buffer.js:
- default: 'Test262Error: Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/getUint16/detached-buffer-before-outofrange-byteoffset.js:
- default: 'Test262Error: 13 Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: 13 Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/getUint16/detached-buffer.js:
- default: 'Test262Error: Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/getUint32/detached-buffer-before-outofrange-byteoffset.js:
- default: 'Test262Error: 13 Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: 13 Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/getUint32/detached-buffer.js:
- default: 'Test262Error: Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/getUint8/detached-buffer-before-outofrange-byteoffset.js:
- default: 'Test262Error: 13 Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: 13 Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/getUint8/detached-buffer.js:
- default: 'Test262Error: Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/setFloat32/detached-buffer-before-outofrange-byteoffset.js:
- default: 'Test262Error: 13 Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: 13 Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/setFloat32/detached-buffer.js:
- default: 'Test262Error: Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/setFloat64/detached-buffer-before-outofrange-byteoffset.js:
- default: 'Test262Error: 13 Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: 13 Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/setFloat64/detached-buffer.js:
- default: 'Test262Error: Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/setInt16/detached-buffer-before-outofrange-byteoffset.js:
- default: 'Test262Error: 13 Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: 13 Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/setInt16/detached-buffer.js:
- default: 'Test262Error: Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/setInt32/detached-buffer-before-outofrange-byteoffset.js:
- default: 'Test262Error: 13 Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: 13 Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/setInt32/detached-buffer.js:
- default: 'Test262Error: Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/setInt8/detached-buffer-before-outofrange-byteoffset.js:
- default: 'Test262Error: 13 Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: 13 Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/setInt8/detached-buffer.js:
- default: 'Test262Error: Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/setUint16/detached-buffer-before-outofrange-byteoffset.js:
- default: 'Test262Error: 13 Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: 13 Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/setUint16/detached-buffer.js:
- default: 'Test262Error: Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/setUint32/detached-buffer-before-outofrange-byteoffset.js:
- default: 'Test262Error: 13 Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: 13 Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/setUint32/detached-buffer.js:
- default: 'Test262Error: Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/setUint8/detached-buffer-before-outofrange-byteoffset.js:
- default: 'Test262Error: 13 Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: 13 Expected a TypeError but got a RangeError'
-test/built-ins/DataView/prototype/setUint8/detached-buffer.js:
- default: 'Test262Error: Expected a TypeError but got a RangeError'
- strict mode: 'Test262Error: Expected a TypeError but got a RangeError'
test/built-ins/Function/call-bind-this-realm-undef.js:
default: 'Test262Error: implicit undefined Expected SameValue(«[object global]», «[object Undefined]») to be true'
strict mode: 'Test262Error: implicit undefined Expected SameValue(«[object global]», «[object Undefined]») to be true'
Modified: trunk/LayoutTests/ChangeLog (266528 => 266529)
--- trunk/LayoutTests/ChangeLog 2020-09-03 16:57:49 UTC (rev 266528)
+++ trunk/LayoutTests/ChangeLog 2020-09-03 17:04:09 UTC (rev 266529)
@@ -1,3 +1,21 @@
+2020-09-03 Ross Kirsling <ross.kirsl...@sony.com>
+
+ [JSC] Add missing detached buffer errors for DataView
+ https://bugs.webkit.org/show_bug.cgi?id=216062
+
+ Reviewed by Yusuke Suzuki.
+
+ * fast/canvas/webgl/arraybuffer-transfer-of-control.html:
+ * js/dom/constructor-length.html:
+ * js/script-tests/typedarray-constructors.js:
+ * js/typedarray-constructors-expected.txt:
+ * platform/glib/js/dom/constructor-length-expected.txt:
+ * platform/ios/js/dom/constructor-length-expected.txt:
+ * platform/mac/js/dom/constructor-length-expected.txt:
+ * platform/win/js/dom/constructor-length-expected.txt:
+ * platform/wincairo/js/dom/constructor-length-expected.txt:
+ Update tests and expectations.
+
2020-09-03 Alex Christensen <achristen...@webkit.org>
Align ISO-8859-{3,6,7,8,8-I} and windows-{874,1253,1255,1257} encodings with Chrome, Firefox, and the specification
Modified: trunk/LayoutTests/fast/canvas/webgl/arraybuffer-transfer-of-control.html (266528 => 266529)
--- trunk/LayoutTests/fast/canvas/webgl/arraybuffer-transfer-of-control.html 2020-09-03 16:57:49 UTC (rev 266528)
+++ trunk/LayoutTests/fast/canvas/webgl/arraybuffer-transfer-of-control.html 2020-09-03 17:04:09 UTC (rev 266529)
@@ -86,15 +86,15 @@
if (isTypedArray(view) || isDataView(view)) {
if (view.buffer !== null && !assertBufferClosed(testName, view.buffer))
return false;
- if (view.byteOffset !== 0 || !(view.byteOffset === 0)) {
- testFailed(testName + ": view byteOffset !== 0");
- return false;
- }
- if (view.byteLength !== 0 || !(view.byteLength === 0)) {
- testFailed(testName + ": view byteLength !== 0");
- return false;
- }
if (!isDataView(view)) {
+ if (view.byteOffset !== 0 || !(view.byteOffset === 0)) {
+ testFailed(testName + ": view byteOffset !== 0");
+ return false;
+ }
+ if (view.byteLength !== 0 || !(view.byteLength === 0)) {
+ testFailed(testName + ": view byteLength !== 0");
+ return false;
+ }
if (view.length !== 0 || !(view.length === 0)) {
testFailed(testName + ": TypedArray length !== 0");
return false;
@@ -133,6 +133,16 @@
}
} else {
try {
+ view.byteOffset;
+ testFailed(testName + ": view byteOffset did not throw");
+ return false;
+ } catch { }
+ try {
+ view.byteLength;
+ testFailed(testName + ": view byteLength did not throw");
+ return false;
+ } catch { }
+ try {
view.getInt8(0);
testFailed(testName + ": get on a closed view succeeded");
return false;
Modified: trunk/LayoutTests/js/dom/constructor-length.html (266528 => 266529)
--- trunk/LayoutTests/js/dom/constructor-length.html 2020-09-03 16:57:49 UTC (rev 266528)
+++ trunk/LayoutTests/js/dom/constructor-length.html 2020-09-03 17:04:09 UTC (rev 266529)
@@ -16,7 +16,7 @@
shouldBe('CustomEvent.length', '1');
shouldBe('DOMFormData.length', '0');
shouldBe('DOMParser.length', '0');
-shouldBe('DataView.length', '3');
+shouldBe('DataView.length', '1');
shouldBe('ErrorEvent.length', '1');
shouldBe('Event.length', '1');
shouldBe('EventSource.length', '1');
Modified: trunk/LayoutTests/js/script-tests/typedarray-constructors.js (266528 => 266529)
--- trunk/LayoutTests/js/script-tests/typedarray-constructors.js 2020-09-03 16:57:49 UTC (rev 266528)
+++ trunk/LayoutTests/js/script-tests/typedarray-constructors.js 2020-09-03 17:04:09 UTC (rev 266529)
@@ -24,4 +24,4 @@
shouldThrow("DataView(new ArrayBuffer())");
shouldNotThrow("new DataView(new ArrayBuffer())");
-shouldBe("DataView.length", "3");
+shouldBe("DataView.length", "1");
Modified: trunk/LayoutTests/js/typedarray-constructors-expected.txt (266528 => 266529)
--- trunk/LayoutTests/js/typedarray-constructors-expected.txt 2020-09-03 16:57:49 UTC (rev 266528)
+++ trunk/LayoutTests/js/typedarray-constructors-expected.txt 2020-09-03 17:04:09 UTC (rev 266529)
@@ -32,7 +32,7 @@
PASS Float64Array.length is 3
PASS DataView(new ArrayBuffer()) threw exception TypeError: calling DataView constructor without new is invalid.
PASS new DataView(new ArrayBuffer()) did not throw exception.
-PASS DataView.length is 3
+PASS DataView.length is 1
PASS successfullyParsed is true
TEST COMPLETE
Modified: trunk/LayoutTests/platform/glib/js/dom/constructor-length-expected.txt (266528 => 266529)
--- trunk/LayoutTests/platform/glib/js/dom/constructor-length-expected.txt 2020-09-03 16:57:49 UTC (rev 266528)
+++ trunk/LayoutTests/platform/glib/js/dom/constructor-length-expected.txt 2020-09-03 17:04:09 UTC (rev 266529)
@@ -12,7 +12,7 @@
PASS CustomEvent.length is 1
FAIL DOMFormData.length should be 0. Threw exception ReferenceError: Can't find variable: DOMFormData
PASS DOMParser.length is 0
-PASS DataView.length is 3
+PASS DataView.length is 1
PASS ErrorEvent.length is 1
PASS Event.length is 1
PASS EventSource.length is 1
Modified: trunk/LayoutTests/platform/ios/js/dom/constructor-length-expected.txt (266528 => 266529)
--- trunk/LayoutTests/platform/ios/js/dom/constructor-length-expected.txt 2020-09-03 16:57:49 UTC (rev 266528)
+++ trunk/LayoutTests/platform/ios/js/dom/constructor-length-expected.txt 2020-09-03 17:04:09 UTC (rev 266529)
@@ -12,7 +12,7 @@
PASS CustomEvent.length is 1
FAIL DOMFormData.length should be 0. Threw exception ReferenceError: Can't find variable: DOMFormData
PASS DOMParser.length is 0
-PASS DataView.length is 3
+PASS DataView.length is 1
PASS ErrorEvent.length is 1
PASS Event.length is 1
PASS EventSource.length is 1
Modified: trunk/LayoutTests/platform/mac/js/dom/constructor-length-expected.txt (266528 => 266529)
--- trunk/LayoutTests/platform/mac/js/dom/constructor-length-expected.txt 2020-09-03 16:57:49 UTC (rev 266528)
+++ trunk/LayoutTests/platform/mac/js/dom/constructor-length-expected.txt 2020-09-03 17:04:09 UTC (rev 266529)
@@ -12,7 +12,7 @@
PASS CustomEvent.length is 1
FAIL DOMFormData.length should be 0. Threw exception ReferenceError: Can't find variable: DOMFormData
PASS DOMParser.length is 0
-PASS DataView.length is 3
+PASS DataView.length is 1
PASS ErrorEvent.length is 1
PASS Event.length is 1
PASS EventSource.length is 1
Modified: trunk/LayoutTests/platform/win/js/dom/constructor-length-expected.txt (266528 => 266529)
--- trunk/LayoutTests/platform/win/js/dom/constructor-length-expected.txt 2020-09-03 16:57:49 UTC (rev 266528)
+++ trunk/LayoutTests/platform/win/js/dom/constructor-length-expected.txt 2020-09-03 17:04:09 UTC (rev 266529)
@@ -12,7 +12,7 @@
PASS CustomEvent.length is 1
FAIL DOMFormData.length should be 0. Threw exception ReferenceError: Can't find variable: DOMFormData
PASS DOMParser.length is 0
-PASS DataView.length is 3
+PASS DataView.length is 1
PASS ErrorEvent.length is 1
PASS Event.length is 1
PASS EventSource.length is 1
Modified: trunk/LayoutTests/platform/wincairo/js/dom/constructor-length-expected.txt (266528 => 266529)
--- trunk/LayoutTests/platform/wincairo/js/dom/constructor-length-expected.txt 2020-09-03 16:57:49 UTC (rev 266528)
+++ trunk/LayoutTests/platform/wincairo/js/dom/constructor-length-expected.txt 2020-09-03 17:04:09 UTC (rev 266529)
@@ -12,7 +12,7 @@
PASS CustomEvent.length is 1
FAIL DOMFormData.length should be 0. Threw exception ReferenceError: Can't find variable: DOMFormData
PASS DOMParser.length is 0
-PASS DataView.length is 3
+PASS DataView.length is 1
PASS ErrorEvent.length is 1
PASS Event.length is 1
PASS EventSource.length is 1
Modified: trunk/Source/_javascript_Core/ChangeLog (266528 => 266529)
--- trunk/Source/_javascript_Core/ChangeLog 2020-09-03 16:57:49 UTC (rev 266528)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-09-03 17:04:09 UTC (rev 266529)
@@ -1,3 +1,32 @@
+2020-09-03 Ross Kirsling <ross.kirsl...@sony.com>
+
+ [JSC] Add missing detached buffer errors for DataView
+ https://bugs.webkit.org/show_bug.cgi?id=216062
+
+ Reviewed by Yusuke Suzuki.
+
+ DataView methods are often expected to throw a TypeError if the underlying ArrayBuffer is detached
+ (or neutered, in older terminology) -- this patch adds a slew of missing cases from the following spec section:
+ - https://tc39.es/ecma262/#sec-properties-of-the-dataview-prototype-object
+
+ At the same time:
+ - get rid of JSDataView::getOwnPropertySlot, which was turning dataViewProtoGetterByte{Length,Offset}
+ into mostly unreachable code and erroneously causing byte{Length,Offset} to have property descriptors
+ - perform some simple cleanup of neighboring error calls / messages
+ - fix value of DataView.length (our only other DataView spec bug)
+
+ * runtime/JSDataView.cpp:
+ (JSC::JSDataView::create):
+ (JSC::JSDataView::getOwnPropertySlot): Deleted.
+ * runtime/JSDataView.h:
+ * runtime/JSDataViewPrototype.cpp:
+ (JSC::getData):
+ (JSC::setData):
+ (JSC::dataViewProtoGetterByteLength):
+ (JSC::dataViewProtoGetterByteOffset):
+ * runtime/JSGenericTypedArrayViewConstructorInlines.h:
+ (JSC::JSGenericTypedArrayViewConstructor<ViewClass>::finishCreation):
+
2020-09-02 Michael Saboff <msab...@apple.com>
ASSERTION FAILED: value.isCell() && value.asCell()->type() == CustomGetterSetterType ./bytecode/ObjectPropertyConditionSet.cpp
Modified: trunk/Source/_javascript_Core/runtime/JSDataView.cpp (266528 => 266529)
--- trunk/Source/_javascript_Core/runtime/JSDataView.cpp 2020-09-03 16:57:49 UTC (rev 266528)
+++ trunk/Source/_javascript_Core/runtime/JSDataView.cpp 2020-09-03 17:04:09 UTC (rev 266529)
@@ -48,14 +48,19 @@
auto scope = DECLARE_THROW_SCOPE(vm);
ASSERT(buffer);
+ if (buffer->isNeutered()) {
+ throwTypeError(globalObject, scope, "Buffer is already detached"_s);
+ return nullptr;
+ }
if (!ArrayBufferView::verifySubRangeLength(*buffer, byteOffset, byteLength, sizeof(uint8_t))) {
- throwVMError(globalObject, scope, createRangeError(globalObject, "Length out of range of buffer"_s));
+ throwRangeError(globalObject, scope, "Length out of range of buffer"_s);
return nullptr;
}
if (!ArrayBufferView::verifyByteOffsetAlignment(byteOffset, sizeof(uint8_t))) {
- throwException(globalObject, scope, createRangeError(globalObject, "Byte offset is not aligned"_s));
+ throwRangeError(globalObject, scope, "Byte offset is not aligned"_s);
return nullptr;
}
+
ConstructionContext context(
structure, buffer.copyRef(), byteOffset, byteLength, ConstructionContext::DataView);
ASSERT(context);
@@ -99,23 +104,6 @@
return DataView::create(unsharedBuffer(), byteOffset(), length());
}
-bool JSDataView::getOwnPropertySlot(
- JSObject* object, JSGlobalObject* globalObject, PropertyName propertyName, PropertySlot& slot)
-{
- VM& vm = globalObject->vm();
- JSDataView* thisObject = jsCast<JSDataView*>(object);
- if (propertyName == vm.propertyNames->byteLength) {
- slot.setValue(thisObject, PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly, jsNumber(thisObject->m_length));
- return true;
- }
- if (propertyName == vm.propertyNames->byteOffset) {
- slot.setValue(thisObject, PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly, jsNumber(thisObject->byteOffset()));
- return true;
- }
-
- return Base::getOwnPropertySlot(thisObject, globalObject, propertyName, slot);
-}
-
bool JSDataView::put(
JSCell* cell, JSGlobalObject* globalObject, PropertyName propertyName, JSValue value,
PutPropertySlot& slot)
Modified: trunk/Source/_javascript_Core/runtime/JSDataView.h (266528 => 266529)
--- trunk/Source/_javascript_Core/runtime/JSDataView.h 2020-09-03 16:57:49 UTC (rev 266528)
+++ trunk/Source/_javascript_Core/runtime/JSDataView.h 2020-09-03 17:04:09 UTC (rev 266529)
@@ -73,7 +73,6 @@
private:
JSDataView(VM&, ConstructionContext&, ArrayBuffer*);
- static bool getOwnPropertySlot(JSObject*, JSGlobalObject*, PropertyName, PropertySlot&);
static bool put(JSCell*, JSGlobalObject*, PropertyName, JSValue, PutPropertySlot&);
static bool defineOwnProperty(JSObject*, JSGlobalObject*, PropertyName, const PropertyDescriptor&, bool shouldThrow);
static bool deleteProperty(JSCell*, JSGlobalObject*, PropertyName, DeletePropertySlot&);
Modified: trunk/Source/_javascript_Core/runtime/JSDataViewPrototype.cpp (266528 => 266529)
--- trunk/Source/_javascript_Core/runtime/JSDataViewPrototype.cpp 2020-09-03 16:57:49 UTC (rev 266528)
+++ trunk/Source/_javascript_Core/runtime/JSDataViewPrototype.cpp 2020-09-03 17:04:09 UTC (rev 266529)
@@ -137,10 +137,13 @@
littleEndian = callFrame->uncheckedArgument(1).toBoolean(globalObject);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
}
-
+
+ if (dataView->isNeutered())
+ return throwVMTypeError(globalObject, scope, "Underlying ArrayBuffer has been detached from the view"_s);
+
unsigned byteLength = dataView->length();
if (elementSize > byteLength || byteOffset > byteLength - elementSize)
- return throwVMError(globalObject, scope, createRangeError(globalObject, "Out of bounds access"_s));
+ return throwVMRangeError(globalObject, scope, "Out of bounds access"_s);
const unsigned dataSize = sizeof(typename Adaptor::Type);
union {
@@ -189,10 +192,13 @@
littleEndian = callFrame->uncheckedArgument(2).toBoolean(globalObject);
RETURN_IF_EXCEPTION(scope, encodedJSValue());
}
-
+
+ if (dataView->isNeutered())
+ return throwVMTypeError(globalObject, scope, "Underlying ArrayBuffer has been detached from the view"_s);
+
unsigned byteLength = dataView->length();
if (elementSize > byteLength || byteOffset > byteLength - elementSize)
- return throwVMError(globalObject, scope, createRangeError(globalObject, "Out of bounds access"_s));
+ return throwVMRangeError(globalObject, scope, "Out of bounds access"_s);
uint8_t* dataPtr = static_cast<uint8_t*>(dataView->vector()) + byteOffset;
@@ -228,7 +234,9 @@
JSDataView* view = jsDynamicCast<JSDataView*>(vm, callFrame->thisValue());
if (!view)
- return throwVMTypeError(globalObject, scope, "DataView.prototype.buffer expects |this| to be a DataView object");
+ return throwVMTypeError(globalObject, scope, "DataView.prototype.byteLength expects |this| to be a DataView object");
+ if (view->isNeutered())
+ return throwVMTypeError(globalObject, scope, "Underlying ArrayBuffer has been detached from the view"_s);
return JSValue::encode(jsNumber(view->length()));
}
@@ -240,7 +248,9 @@
JSDataView* view = jsDynamicCast<JSDataView*>(vm, callFrame->thisValue());
if (!view)
- return throwVMTypeError(globalObject, scope, "DataView.prototype.buffer expects |this| to be a DataView object");
+ return throwVMTypeError(globalObject, scope, "DataView.prototype.byteOffset expects |this| to be a DataView object");
+ if (view->isNeutered())
+ return throwVMTypeError(globalObject, scope, "Underlying ArrayBuffer has been detached from the view"_s);
return JSValue::encode(jsNumber(view->byteOffset()));
}
Modified: trunk/Source/_javascript_Core/runtime/JSGenericTypedArrayViewConstructorInlines.h (266528 => 266529)
--- trunk/Source/_javascript_Core/runtime/JSGenericTypedArrayViewConstructorInlines.h 2020-09-03 16:57:49 UTC (rev 266528)
+++ trunk/Source/_javascript_Core/runtime/JSGenericTypedArrayViewConstructorInlines.h 2020-09-03 17:04:09 UTC (rev 266529)
@@ -54,7 +54,7 @@
{
Base::finishCreation(vm, name, NameAdditionMode::WithoutStructureTransition);
putDirectWithoutTransition(vm, vm.propertyNames->prototype, prototype, PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly);
- putDirectWithoutTransition(vm, vm.propertyNames->length, jsNumber(3), PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly);
+ putDirectWithoutTransition(vm, vm.propertyNames->length, jsNumber(ViewClass::TypedArrayStorageType == TypeDataView ? 1 : 3), PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly);
putDirectWithoutTransition(vm, vm.propertyNames->BYTES_PER_ELEMENT, jsNumber(ViewClass::elementSize), PropertyAttribute::DontEnum | PropertyAttribute::ReadOnly | PropertyAttribute::DontDelete);
if (privateAllocator)
