Changeset 288066 in webkit

Timestamp:

Jan 15, 2022 1:35:01 PM (6 months ago)

Author:

ysuzuki@apple.com

Message:

[JSC] Fix Date functions' argument coercion
​https://bugs.webkit.org/show_bug.cgi?id=235271

Reviewed by Alexey Shvayka.

JSTests:

• test262/expectations.yaml:

Source/JavaScriptCore:

Even if the input Date is NaN or the result looks like NaN, we need to coerce passed
arguments to Number[1] since it has observable side effect.

[1]: ​https://github.com/tc39/ecma262/pull/2136

• runtime/DatePrototype.cpp:

(JSC::applyToNumbersToTrashedArguments):
(JSC::fillStructuresUsingTimeArgs):
(JSC::fillStructuresUsingDateArgs):
(JSC::setNewValueFromTimeArgs):
(JSC::setNewValueFromDateArgs):

Location:

trunk

Files:

• JSTests/ChangeLog (modified) (1 diff)
• JSTests/test262/expectations.yaml (modified) (1 diff)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/runtime/DatePrototype.cpp (modified) (11 diffs)

trunk/JSTests/ChangeLog

@@ +1 @@
+2022-01-15  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Fix Date functions' argument coercion
+        https://bugs.webkit.org/show_bug.cgi?id=235271
+
+        Reviewed by Alexey Shvayka.
+
+        * test262/expectations.yaml:
+
 2022-01-15  Yusuke Suzuki  <ysuzuki@apple.com>
 

trunk/JSTests/test262/expectations.yaml

@@ -607 +607 @@
   default: 'Test262Error: order of operations / precision in MakeTime Expected SameValue(«NaN», «29312») to be true'
   strict mode: 'Test262Error: order of operations / precision in MakeTime Expected SameValue(«NaN», «29312») to be true'
-test/built-ins/Date/prototype/setDate/arg-coercion-order.js:
-  default: 'Test262Error: ToNumber invoked exactly once Expected SameValue(«0», «1») to be true'
-  strict mode: 'Test262Error: ToNumber invoked exactly once Expected SameValue(«0», «1») to be true'
-test/built-ins/Date/prototype/setHours/arg-coercion-order.js:
-  default: 'Test262Error: Expected [] and [valueOf hour, valueOf min, valueOf sec, valueOf ms] to have the same contents. '
-  strict mode: 'Test262Error: Expected [] and [valueOf hour, valueOf min, valueOf sec, valueOf ms] to have the same contents. '
-test/built-ins/Date/prototype/setMilliseconds/arg-coercion-order.js:
-  default: 'Test262Error: ToNumber invoked exactly once Expected SameValue(«0», «1») to be true'
-  strict mode: 'Test262Error: ToNumber invoked exactly once Expected SameValue(«0», «1») to be true'
-test/built-ins/Date/prototype/setMinutes/arg-coercion-order.js:
-  default: 'Test262Error: Expected [] and [valueOf min, valueOf sec, valueOf ms] to have the same contents. '
-  strict mode: 'Test262Error: Expected [] and [valueOf min, valueOf sec, valueOf ms] to have the same contents. '
-test/built-ins/Date/prototype/setMonth/arg-coercion-order.js:
-  default: 'Test262Error: Expected [] and [valueOf month, valueOf date] to have the same contents. '
-  strict mode: 'Test262Error: Expected [] and [valueOf month, valueOf date] to have the same contents. '
-test/built-ins/Date/prototype/setSeconds/arg-coercion-order.js:
-  default: 'Test262Error: Expected [] and [valueOf sec, valueOf ms] to have the same contents. '
-  strict mode: 'Test262Error: Expected [] and [valueOf sec, valueOf ms] to have the same contents. '
-test/built-ins/Date/prototype/setUTCDate/arg-coercion-order.js:
-  default: 'Test262Error: ToNumber invoked exactly once Expected SameValue(«0», «1») to be true'
-  strict mode: 'Test262Error: ToNumber invoked exactly once Expected SameValue(«0», «1») to be true'
-test/built-ins/Date/prototype/setUTCHours/arg-coercion-order.js:
-  default: 'Test262Error: Expected [] and [valueOf hour, valueOf min, valueOf sec, valueOf ms] to have the same contents. '
-  strict mode: 'Test262Error: Expected [] and [valueOf hour, valueOf min, valueOf sec, valueOf ms] to have the same contents. '
-test/built-ins/Date/prototype/setUTCMilliseconds/arg-coercion-order.js:
-  default: 'Test262Error: ToNumber invoked exactly once Expected SameValue(«0», «1») to be true'
-  strict mode: 'Test262Error: ToNumber invoked exactly once Expected SameValue(«0», «1») to be true'
-test/built-ins/Date/prototype/setUTCMinutes/arg-coercion-order.js:
-  default: 'Test262Error: Expected [] and [valueOf min, valueOf sec, valueOf ms] to have the same contents. '
-  strict mode: 'Test262Error: Expected [] and [valueOf min, valueOf sec, valueOf ms] to have the same contents. '
-test/built-ins/Date/prototype/setUTCMonth/arg-coercion-order.js:
-  default: 'Test262Error: Expected [] and [valueOf month, valueOf date] to have the same contents. '
-  strict mode: 'Test262Error: Expected [] and [valueOf month, valueOf date] to have the same contents. '
-test/built-ins/Date/prototype/setUTCSeconds/arg-coercion-order.js:
-  default: 'Test262Error: Expected [] and [valueOf sec, valueOf ms] to have the same contents. '
-  strict mode: 'Test262Error: Expected [] and [valueOf sec, valueOf ms] to have the same contents. '
 test/built-ins/Function/internals/Construct/derived-return-val-realm.js:
   default: 'Test262Error: Expected a TypeError but got a different error constructor with the same name'

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2022-01-15  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Fix Date functions' argument coercion
+        https://bugs.webkit.org/show_bug.cgi?id=235271
+
+        Reviewed by Alexey Shvayka.
+
+        Even if the input Date is NaN or the result looks like NaN, we need to coerce passed
+        arguments to Number[1] since it has observable side effect.
+
+        [1]: https://github.com/tc39/ecma262/pull/2136
+
+        * runtime/DatePrototype.cpp:
+        (JSC::applyToNumbersToTrashedArguments):
+        (JSC::fillStructuresUsingTimeArgs):
+        (JSC::fillStructuresUsingDateArgs):
+        (JSC::setNewValueFromTimeArgs):
+        (JSC::setNewValueFromDateArgs):
+
 2022-01-15  Yusuke Suzuki  <ysuzuki@apple.com>
 

trunk/Source/JavaScriptCore/runtime/DatePrototype.cpp

@@ -110 +110 @@
 }
 
+
+static void applyToNumbersToTrashedArguments(JSGlobalObject* globalObject, CallFrame* callFrame, unsigned maxArgs)
+{
+    VM& vm = globalObject->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    unsigned numArgs = std::min<unsigned>(callFrame->argumentCount(), maxArgs);
+    for (unsigned index = 0; index < numArgs; ++index) {
+        callFrame->uncheckedArgument(index).toNumber(globalObject);
+        RETURN_IF_EXCEPTION(scope, void());
+    }
+}
+
 // Converts a list of arguments sent to a Date member function into milliseconds, updating
 // ms (representing milliseconds) and t (representing the rest of the date structure) appropriately.
 //
 // Format of member function: f([hour,] [min,] [sec,] [ms])
-static bool fillStructuresUsingTimeArgs(JSGlobalObject* globalObject, CallFrame* callFrame, int maxArgs, double* ms, GregorianDateTime* t)
+static bool fillStructuresUsingTimeArgs(JSGlobalObject* globalObject, CallFrame* callFrame, unsigned maxArgs, double* ms, GregorianDateTime* t)
 {
     VM& vm = globalObject->vm();
@@ -120 +133 @@
 
     double milliseconds = 0;
-    bool ok = true;
-    int idx = 0;
-    int numArgs = callFrame->argumentCount();
-    
-    // JS allows extra trailing arguments -- ignore them
-    if (numArgs > maxArgs)
-        numArgs = maxArgs;
+    unsigned idx = 0;
+    unsigned numArgs = std::min<unsigned>(callFrame->argumentCount(), maxArgs);
 
     // hours
@@ -133 +141 @@
         double hours = callFrame->uncheckedArgument(idx++).toIntegerPreserveNaN(globalObject);
         RETURN_IF_EXCEPTION(scope, false);
-        ok = std::isfinite(hours);
         milliseconds += hours * msPerHour;
     }
 
     // minutes
-    if (maxArgs >= 3 && idx < numArgs && ok) {
+    if (maxArgs >= 3 && idx < numArgs) {
         t->setMinute(0);
         double minutes = callFrame->uncheckedArgument(idx++).toIntegerPreserveNaN(globalObject);
         RETURN_IF_EXCEPTION(scope, false);
-        ok = std::isfinite(minutes);
         milliseconds += minutes * msPerMinute;
     }
-    
+
     // seconds
-    if (maxArgs >= 2 && idx < numArgs && ok) {
+    if (maxArgs >= 2 && idx < numArgs) {
         t->setSecond(0);
         double seconds = callFrame->uncheckedArgument(idx++).toIntegerPreserveNaN(globalObject);
         RETURN_IF_EXCEPTION(scope, false);
-        ok = std::isfinite(seconds);
         milliseconds += seconds * msPerSecond;
     }
-    
-    if (!ok)
-        return false;
-        
+
     // milliseconds
     if (idx < numArgs) {
         double millis = callFrame->uncheckedArgument(idx).toIntegerPreserveNaN(globalObject);
         RETURN_IF_EXCEPTION(scope, false);
-        ok = std::isfinite(millis);
         milliseconds += millis;
     } else
         milliseconds += *ms;
-    
+
     *ms = milliseconds;
-    return ok;
+    return std::isfinite(milliseconds);
 }
 
@@ -175 +176 @@
 //
 // Format of member function: f([years,] [months,] [days])
-static bool fillStructuresUsingDateArgs(JSGlobalObject* globalObject, CallFrame* callFrame, int maxArgs, double *ms, GregorianDateTime *t)
-{
-    VM& vm = globalObject->vm();
-    auto scope = DECLARE_THROW_SCOPE(vm);
-
-    int idx = 0;
+static bool fillStructuresUsingDateArgs(JSGlobalObject* globalObject, CallFrame* callFrame, unsigned maxArgs, double *ms, GregorianDateTime *t)
+{
+    VM& vm = globalObject->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
     bool ok = true;
-    int numArgs = callFrame->argumentCount();
-  
-    // JS allows extra trailing arguments -- ignore them
-    if (numArgs > maxArgs)
-        numArgs = maxArgs;
+    unsigned idx = 0;
+    unsigned numArgs = std::min<unsigned>(callFrame->argumentCount(), maxArgs);
   
     // years
@@ -192 +189 @@
         double years = callFrame->uncheckedArgument(idx++).toIntegerPreserveNaN(globalObject);
         RETURN_IF_EXCEPTION(scope, false);
-        ok = std::isfinite(years);
+        ok = (ok && std::isfinite(years));
         t->setYear(toInt32(years));
     }
     // months
-    if (maxArgs >= 2 && idx < numArgs && ok) {
+    if (maxArgs >= 2 && idx < numArgs) {
         double months = callFrame->uncheckedArgument(idx++).toIntegerPreserveNaN(globalObject);
         RETURN_IF_EXCEPTION(scope, false);
-        ok = std::isfinite(months);
+        ok = (ok && std::isfinite(months));
         t->setMonth(toInt32(months));
     }
     // days
-    if (idx < numArgs && ok) {
+    if (idx < numArgs) {
         double days = callFrame->uncheckedArgument(idx++).toIntegerPreserveNaN(globalObject);
         RETURN_IF_EXCEPTION(scope, false);
-        ok = std::isfinite(days);
+        ok = (ok && std::isfinite(days));
         t->setMonthDay(0);
         *ms += days * msPerDay;
@@ -669 +666 @@
 }
 
-static EncodedJSValue setNewValueFromTimeArgs(JSGlobalObject* globalObject, CallFrame* callFrame, int numArgsToUse, WTF::TimeType inputTimeType)
+static EncodedJSValue setNewValueFromTimeArgs(JSGlobalObject* globalObject, CallFrame* callFrame, unsigned numArgsToUse, WTF::TimeType inputTimeType)
 {
     VM& vm = globalObject->vm();
@@ -683 +680 @@
 
     if (!callFrame->argumentCount() || std::isnan(milli)) {
+        applyToNumbersToTrashedArguments(globalObject, callFrame, numArgsToUse);
+        RETURN_IF_EXCEPTION(scope, { });
         thisDateObj->setInternalNumber(PNaN);
         return JSValue::encode(jsNaN());
@@ -693 +692 @@
         ? thisDateObj->gregorianDateTimeUTC(cache)
         : thisDateObj->gregorianDateTime(cache);
-    if (!other)
-        return JSValue::encode(jsNaN());
+    if (!other) {
+        applyToNumbersToTrashedArguments(globalObject, callFrame, numArgsToUse);
+        RETURN_IF_EXCEPTION(scope, { });
+        return JSValue::encode(jsNaN());
+    }
 
     GregorianDateTime gregorianDateTime(*other);
     bool success = fillStructuresUsingTimeArgs(globalObject, callFrame, numArgsToUse, &ms, &gregorianDateTime);
-    RETURN_IF_EXCEPTION(scope, encodedJSValue());
+    RETURN_IF_EXCEPTION(scope, { });
     if (!success) {
         thisDateObj->setInternalNumber(PNaN);
@@ -710 +712 @@
 }
 
-static EncodedJSValue setNewValueFromDateArgs(JSGlobalObject* globalObject, CallFrame* callFrame, int numArgsToUse, WTF::TimeType inputTimeType)
+static EncodedJSValue setNewValueFromDateArgs(JSGlobalObject* globalObject, CallFrame* callFrame, unsigned numArgsToUse, WTF::TimeType inputTimeType)
 {
     VM& vm = globalObject->vm();
@@ -722 +724 @@
 
     if (!callFrame->argumentCount()) {
+        applyToNumbersToTrashedArguments(globalObject, callFrame, numArgsToUse);
+        RETURN_IF_EXCEPTION(scope, { });
         thisDateObj->setInternalNumber(PNaN);
         return JSValue::encode(jsNaN());
@@ -737 +741 @@
             ? thisDateObj->gregorianDateTimeUTC(cache)
             : thisDateObj->gregorianDateTime(cache);
-        if (!other)
+        if (!other) {
+            applyToNumbersToTrashedArguments(globalObject, callFrame, numArgsToUse);
+            RETURN_IF_EXCEPTION(scope, { });
             return JSValue::encode(jsNaN());
+        }
         gregorianDateTime = *other;
     }
     
     bool success = fillStructuresUsingDateArgs(globalObject, callFrame, numArgsToUse, &ms, &gregorianDateTime);
-    RETURN_IF_EXCEPTION(scope, encodedJSValue());
+    RETURN_IF_EXCEPTION(scope, { });
     if (!success) {
         thisDateObj->setInternalNumber(PNaN);