Changeset 267029 in webkit
- Timestamp:
- Sep 14, 2020 12:49:01 PM (4 years ago)
- Location:
- trunk
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r267017 r267029 1 2020-09-14 Alexey Shvayka <shvaikalesh@gmail.com> 2 3 Make a few built-in methods throw if called as top-level functions 4 https://bugs.webkit.org/show_bug.cgi?id=216467 5 6 Reviewed by Darin Adler. 7 8 * test262/expectations.yaml: Mark 10 test cases as passing. 9 1 10 2020-09-14 Saam Barati <sbarati@apple.com> 2 11 -
trunk/JSTests/test262/expectations.yaml
r266973 r267029 610 610 default: 'Test262Error: Expected a RangeError but got a TypeError' 611 611 strict mode: 'Test262Error: Expected a RangeError but got a TypeError' 612 test/built-ins/Array/prototype/methods-called-as-functions.js:613 default: 'Test262Error: entries Expected a TypeError to be thrown but no exception was thrown at all'614 strict mode: 'Test262Error: entries Expected a TypeError to be thrown but no exception was thrown at all'615 612 test/built-ins/ArrayBuffer/prototype/byteLength/detached-buffer.js: 616 613 default: 'Test262Error: Expected a TypeError to be thrown but no exception was thrown at all' … … 643 640 default: 'Test262Error: Expected a TypeError to be thrown but no exception was thrown at all (Testing with Float64Array.)' 644 641 strict mode: 'Test262Error: Expected a TypeError to be thrown but no exception was thrown at all (Testing with Float64Array.)' 645 test/built-ins/Date/prototype/Symbol.toPrimitive/called-as-function.js:646 default: 'Test262Error: Expected a TypeError but got a Test262Error'647 strict mode: 'Test262Error: Expected a TypeError but got a Test262Error'648 test/built-ins/Date/prototype/toJSON/called-as-function.js:649 default: 'Test262Error: Expected a TypeError but got a Test262Error'650 strict mode: 'Test262Error: Expected a TypeError but got a Test262Error'651 test/built-ins/Error/prototype/toString/called-as-function.js:652 default: 'Test262Error: Expected a TypeError but got a Test262Error'653 strict mode: 'Test262Error: Expected a TypeError but got a Test262Error'654 642 test/built-ins/Function/call-bind-this-realm-undef.js: 655 643 default: 'Test262Error: implicit undefined Expected SameValue(«[object global]», «[object Undefined]») to be true' … … 1286 1274 default: 'Test262Error: Expected SameValue(«�», «null») to be true' 1287 1275 strict mode: 'Test262Error: Expected SameValue(«�», «null») to be true' 1288 test/built-ins/RegExp/prototype/toString/called-as-function.js:1289 default: 'Test262Error: Expected a TypeError but got a Test262Error'1290 strict mode: 'Test262Error: Expected a TypeError but got a Test262Error'1291 1276 test/built-ins/RegExp/quantifier-integer-limit.js: 1292 1277 default: 'SyntaxError: Invalid regular expression: number too large in {} quantifier' -
trunk/Source/JavaScriptCore/ChangeLog
r267028 r267029 1 2020-09-14 Alexey Shvayka <shvaikalesh@gmail.com> 2 3 Make a few built-in methods throw if called as top-level functions 4 https://bugs.webkit.org/show_bug.cgi?id=216467 5 6 Reviewed by Darin Adler. 7 8 Non-strict userland functions substitute undefined & null `this` values 9 with the global object [1], while built-in functions do not [2]. 10 11 This patch adds 5 missing toThis(globalObject, ECMAMode::strict()) calls, 12 preventing built-in methods from being called as top-level functions: 13 14 ``` 15 let {toString} = Error.prototype; 16 toString(); // now throws TypeError 17 ``` 18 19 Aligns JSC with V8 and SpiderMonkey. 20 This change is performance-neutral due to DFG inlining of OpToThis. 21 All other callFrame->thisValue() usages were vetted to be spec-correct. 22 23 [1]: https://tc39.es/ecma262/#sec-ordinarycallbindthis (step 6.a.iii) 24 [2]: https://tc39.es/ecma262/#sec-built-in-function-objects-call-thisargument-argumentslist (step 10) 25 26 * runtime/ArrayPrototype.cpp: 27 (JSC::createArrayIteratorObject): 28 * runtime/DatePrototype.cpp: 29 (JSC::dateProtoFuncToPrimitiveSymbol): 30 (JSC::dateProtoFuncToJSON): 31 * runtime/ErrorPrototype.cpp: 32 (JSC::errorProtoFuncToString): 33 * runtime/RegExpPrototype.cpp: 34 (JSC::regExpProtoFuncToString): 35 1 36 2020-09-14 Devin Rousso <drousso@apple.com> 2 37 -
trunk/Source/JavaScriptCore/runtime/ArrayPrototype.cpp
r266641 r267029 829 829 auto scope = DECLARE_THROW_SCOPE(vm); 830 830 831 JSObject* thisObject = callFrame->thisValue().toObject(globalObject);831 JSObject* thisObject = callFrame->thisValue().toThis(globalObject, ECMAMode::strict()).toObject(globalObject); 832 832 EXCEPTION_ASSERT(!!scope.exception() == !thisObject); 833 833 UNUSED_PARAM(scope); -
trunk/Source/JavaScriptCore/runtime/DatePrototype.cpp
r263250 r267029 353 353 VM& vm = globalObject->vm(); 354 354 auto scope = DECLARE_THROW_SCOPE(vm); 355 JSValue thisValue = callFrame->thisValue() ;355 JSValue thisValue = callFrame->thisValue().toThis(globalObject, ECMAMode::strict()); 356 356 if (!thisValue.isObject()) 357 357 return throwVMTypeError(globalObject, scope, "Date.prototype[Symbol.toPrimitive] expected |this| to be an object."); … … 884 884 VM& vm = globalObject->vm(); 885 885 auto scope = DECLARE_THROW_SCOPE(vm); 886 JSValue thisValue = callFrame->thisValue() ;886 JSValue thisValue = callFrame->thisValue().toThis(globalObject, ECMAMode::strict()); 887 887 JSObject* object = thisValue.toObject(globalObject); 888 888 RETURN_IF_EXCEPTION(scope, encodedJSValue()); -
trunk/Source/JavaScriptCore/runtime/ErrorPrototype.cpp
r261895 r267029 74 74 75 75 // 1. Let O be the this value. 76 JSValue thisValue = callFrame->thisValue() ;76 JSValue thisValue = callFrame->thisValue().toThis(globalObject, ECMAMode::strict()); 77 77 78 78 // 2. If Type(O) is not Object, throw a TypeError exception. -
trunk/Source/JavaScriptCore/runtime/RegExpPrototype.cpp
r262908 r267029 207 207 auto scope = DECLARE_THROW_SCOPE(vm); 208 208 209 JSValue thisValue = callFrame->thisValue() ;209 JSValue thisValue = callFrame->thisValue().toThis(globalObject, ECMAMode::strict()); 210 210 if (!thisValue.isObject()) 211 211 return throwVMTypeError(globalObject, scope);
Note: See TracChangeset
for help on using the changeset viewer.