From: barraclough@apple.com Date: Wed, 28 Sep 2011 19:02:57 +0000 (+0000) Subject: https://bugs.webkit.org/show_bug.cgi?id=64679 X-Git-Tag: 070512121124~23444 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=80032cc21d9918fadde7d8fd3e7352ca68ee5a5e;p=profile%2Fivi%2Fwebkit-efl.git https://bugs.webkit.org/show_bug.cgi?id=64679 Fix bugs in Array.prototype this handling. Reviewed by Oliver Hunt. * runtime/ArrayPrototype.cpp: (JSC::arrayProtoFuncJoin): (JSC::arrayProtoFuncConcat): (JSC::arrayProtoFuncPop): (JSC::arrayProtoFuncPush): (JSC::arrayProtoFuncReverse): (JSC::arrayProtoFuncShift): (JSC::arrayProtoFuncSlice): (JSC::arrayProtoFuncSort): (JSC::arrayProtoFuncSplice): (JSC::arrayProtoFuncUnShift): (JSC::arrayProtoFuncFilter): (JSC::arrayProtoFuncMap): (JSC::arrayProtoFuncEvery): (JSC::arrayProtoFuncForEach): (JSC::arrayProtoFuncSome): (JSC::arrayProtoFuncReduce): (JSC::arrayProtoFuncReduceRight): (JSC::arrayProtoFuncIndexOf): (JSC::arrayProtoFuncLastIndexOf): - These methods should throw if this value is undefined. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96243 268f45cc-cd09-0410-ab3c-d52691b4dbfc --- diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog index d5b4160..8b71d7f 100644 --- a/Source/JavaScriptCore/ChangeLog +++ b/Source/JavaScriptCore/ChangeLog @@ -1,3 +1,32 @@ +2011-09-28 Gavin Barraclough + + https://bugs.webkit.org/show_bug.cgi?id=64679 + Fix bugs in Array.prototype this handling. + + Reviewed by Oliver Hunt. + + * runtime/ArrayPrototype.cpp: + (JSC::arrayProtoFuncJoin): + (JSC::arrayProtoFuncConcat): + (JSC::arrayProtoFuncPop): + (JSC::arrayProtoFuncPush): + (JSC::arrayProtoFuncReverse): + (JSC::arrayProtoFuncShift): + (JSC::arrayProtoFuncSlice): + (JSC::arrayProtoFuncSort): + (JSC::arrayProtoFuncSplice): + (JSC::arrayProtoFuncUnShift): + (JSC::arrayProtoFuncFilter): + (JSC::arrayProtoFuncMap): + (JSC::arrayProtoFuncEvery): + (JSC::arrayProtoFuncForEach): + (JSC::arrayProtoFuncSome): + (JSC::arrayProtoFuncReduce): + (JSC::arrayProtoFuncReduceRight): + (JSC::arrayProtoFuncIndexOf): + (JSC::arrayProtoFuncLastIndexOf): + - These methods should throw if this value is undefined. + 2011-09-27 Yuqiang Xian Value profiling in baseline JIT for JSVALUE32_64 diff --git a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp index 3dd8b0c..8576f27 100644 --- a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp +++ b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp @@ -271,7 +271,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncToLocaleString(ExecState* exec) EncodedJSValue JSC_HOST_CALL arrayProtoFuncJoin(ExecState* exec) { - JSObject* thisObj = exec->hostThisValue().toThisObject(exec); + JSObject* thisObj = exec->hostThisValue().toObject(exec); unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec); if (exec->hadException()) return JSValue::encode(jsUndefined()); @@ -341,7 +341,9 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncConcat(ExecState* exec) JSValue thisValue = exec->hostThisValue(); JSArray* arr = constructEmptyArray(exec); unsigned n = 0; - JSValue curArg = thisValue.toThisObject(exec); + JSValue curArg = thisValue.toObject(exec); + if (exec->hadException()) + return JSValue::encode(jsUndefined()); size_t i = 0; size_t argCount = exec->argumentCount(); while (1) { @@ -373,7 +375,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncPop(ExecState* exec) if (isJSArray(&exec->globalData(), thisValue)) return JSValue::encode(asArray(thisValue)->pop()); - JSObject* thisObj = thisValue.toThisObject(exec); + JSObject* thisObj = thisValue.toObject(exec); unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec); if (exec->hadException()) return JSValue::encode(jsUndefined()); @@ -400,7 +402,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncPush(ExecState* exec) return JSValue::encode(jsNumber(array->length())); } - JSObject* thisObj = thisValue.toThisObject(exec); + JSObject* thisObj = thisValue.toObject(exec); unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec); if (exec->hadException()) return JSValue::encode(jsUndefined()); @@ -422,7 +424,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncPush(ExecState* exec) EncodedJSValue JSC_HOST_CALL arrayProtoFuncReverse(ExecState* exec) { - JSObject* thisObj = exec->hostThisValue().toThisObject(exec); + JSObject* thisObj = exec->hostThisValue().toObject(exec); unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec); if (exec->hadException()) return JSValue::encode(jsUndefined()); @@ -448,13 +450,12 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncReverse(ExecState* exec) EncodedJSValue JSC_HOST_CALL arrayProtoFuncShift(ExecState* exec) { - JSObject* thisObj = exec->hostThisValue().toThisObject(exec); - JSValue result; - + JSObject* thisObj = exec->hostThisValue().toObject(exec); unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec); if (exec->hadException()) return JSValue::encode(jsUndefined()); + JSValue result; if (length == 0) { putProperty(exec, thisObj, exec->propertyNames().length, jsNumber(length)); result = jsUndefined(); @@ -479,16 +480,15 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncShift(ExecState* exec) EncodedJSValue JSC_HOST_CALL arrayProtoFuncSlice(ExecState* exec) { // http://developer.netscape.com/docs/manuals/js/client/jsref/array.htm#1193713 or 15.4.4.10 - JSObject* thisObj = exec->hostThisValue().toThisObject(exec); + JSObject* thisObj = exec->hostThisValue().toObject(exec); + unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec); + if (exec->hadException()) + return JSValue::encode(jsUndefined()); // We return a new array JSArray* resObj = constructEmptyArray(exec); JSValue result = resObj; - unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec); - if (exec->hadException()) - return JSValue::encode(jsUndefined()); - unsigned begin = argumentClampedIndexFromStartOrEnd(exec, 0, length); unsigned end = argumentClampedIndexFromStartOrEnd(exec, 1, length, length); @@ -503,7 +503,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncSlice(ExecState* exec) EncodedJSValue JSC_HOST_CALL arrayProtoFuncSort(ExecState* exec) { - JSObject* thisObj = exec->hostThisValue().toThisObject(exec); + JSObject* thisObj = exec->hostThisValue().toObject(exec); unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec); if (!length || exec->hadException()) return JSValue::encode(thisObj); @@ -565,7 +565,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncSplice(ExecState* exec) { // 15.4.4.12 - JSObject* thisObj = exec->hostThisValue().toThisObject(exec); + JSObject* thisObj = exec->hostThisValue().toObject(exec); unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec); if (exec->hadException()) return JSValue::encode(jsUndefined()); @@ -633,7 +633,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncUnShift(ExecState* exec) { // 15.4.4.13 - JSObject* thisObj = exec->hostThisValue().toThisObject(exec); + JSObject* thisObj = exec->hostThisValue().toObject(exec); unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec); if (exec->hadException()) return JSValue::encode(jsUndefined()); @@ -660,7 +660,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncUnShift(ExecState* exec) EncodedJSValue JSC_HOST_CALL arrayProtoFuncFilter(ExecState* exec) { - JSObject* thisObj = exec->hostThisValue().toThisObject(exec); + JSObject* thisObj = exec->hostThisValue().toObject(exec); unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec); if (exec->hadException()) return JSValue::encode(jsUndefined()); @@ -719,7 +719,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncFilter(ExecState* exec) EncodedJSValue JSC_HOST_CALL arrayProtoFuncMap(ExecState* exec) { - JSObject* thisObj = exec->hostThisValue().toThisObject(exec); + JSObject* thisObj = exec->hostThisValue().toObject(exec); unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec); if (exec->hadException()) return JSValue::encode(jsUndefined()); @@ -781,7 +781,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncMap(ExecState* exec) EncodedJSValue JSC_HOST_CALL arrayProtoFuncEvery(ExecState* exec) { - JSObject* thisObj = exec->hostThisValue().toThisObject(exec); + JSObject* thisObj = exec->hostThisValue().toObject(exec); unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec); if (exec->hadException()) return JSValue::encode(jsUndefined()); @@ -839,7 +839,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncEvery(ExecState* exec) EncodedJSValue JSC_HOST_CALL arrayProtoFuncForEach(ExecState* exec) { - JSObject* thisObj = exec->hostThisValue().toThisObject(exec); + JSObject* thisObj = exec->hostThisValue().toObject(exec); unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec); if (exec->hadException()) return JSValue::encode(jsUndefined()); @@ -889,7 +889,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncForEach(ExecState* exec) EncodedJSValue JSC_HOST_CALL arrayProtoFuncSome(ExecState* exec) { - JSObject* thisObj = exec->hostThisValue().toThisObject(exec); + JSObject* thisObj = exec->hostThisValue().toObject(exec); unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec); if (exec->hadException()) return JSValue::encode(jsUndefined()); @@ -946,7 +946,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncSome(ExecState* exec) EncodedJSValue JSC_HOST_CALL arrayProtoFuncReduce(ExecState* exec) { - JSObject* thisObj = exec->hostThisValue().toThisObject(exec); + JSObject* thisObj = exec->hostThisValue().toObject(exec); unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec); if (exec->hadException()) return JSValue::encode(jsUndefined()); @@ -1021,7 +1021,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncReduce(ExecState* exec) EncodedJSValue JSC_HOST_CALL arrayProtoFuncReduceRight(ExecState* exec) { - JSObject* thisObj = exec->hostThisValue().toThisObject(exec); + JSObject* thisObj = exec->hostThisValue().toObject(exec); unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec); if (exec->hadException()) return JSValue::encode(jsUndefined()); @@ -1096,7 +1096,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncReduceRight(ExecState* exec) EncodedJSValue JSC_HOST_CALL arrayProtoFuncIndexOf(ExecState* exec) { // 15.4.4.14 - JSObject* thisObj = exec->hostThisValue().toThisObject(exec); + JSObject* thisObj = exec->hostThisValue().toObject(exec); unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec); if (exec->hadException()) return JSValue::encode(jsUndefined()); @@ -1117,7 +1117,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncIndexOf(ExecState* exec) EncodedJSValue JSC_HOST_CALL arrayProtoFuncLastIndexOf(ExecState* exec) { // 15.4.4.15 - JSObject* thisObj = exec->hostThisValue().toThisObject(exec); + JSObject* thisObj = exec->hostThisValue().toObject(exec); unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec); if (!length) return JSValue::encode(jsNumber(-1));