<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[191193] trunk/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/191193">191193</a></dd>
<dt>Author</dt> <dd>keith_miller@apple.com</dd>
<dt>Date</dt> <dd>2015-10-16 12:47:04 -0700 (Fri, 16 Oct 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Unreviewed, rolling out <a href="http://trac.webkit.org/projects/webkit/changeset/191190">r191190</a>.
Patch needs some design changes.
Reverted changeset:
"Fix some issues with TypedArrays"
https://bugs.webkit.org/show_bug.cgi?id=150216
http://trac.webkit.org/changeset/191190</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOperationscpp">trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSGenericTypedArrayViewConstructorInlinesh">trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSGenericTypedArrayViewPrototypeFunctionsh">trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h</a></li>
</ul>
<h3>Removed Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoretestsstresstypedarrayconstructiteratorjs">trunk/Source/JavaScriptCore/tests/stress/typedarray-construct-iterator.js</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (191192 => 191193)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2015-10-16 19:26:38 UTC (rev 191192)
+++ trunk/Source/JavaScriptCore/ChangeLog 2015-10-16 19:47:04 UTC (rev 191193)
</span><span class="lines">@@ -1,3 +1,15 @@
</span><ins>+2015-10-16 Keith Miller <keith_miller@apple.com>
+
+ Unreviewed, rolling out r191190.
+
+ Patch needs some design changes.
+
+ Reverted changeset:
+
+ "Fix some issues with TypedArrays"
+ https://bugs.webkit.org/show_bug.cgi?id=150216
+ http://trac.webkit.org/changeset/191190
+
</ins><span class="cx"> 2015-10-16 Mark Lam <mark.lam@apple.com>
</span><span class="cx">
</span><span class="cx"> Move all the probe trampolines into their respective MacroAssembler files.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOperationscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp (191192 => 191193)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp 2015-10-16 19:26:38 UTC (rev 191192)
+++ trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp 2015-10-16 19:47:04 UTC (rev 191193)
</span><span class="lines">@@ -142,6 +142,64 @@
</span><span class="cx"> return bitwise_cast<char*>(ViewClass::create(exec, structure, size));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+template<typename ViewClass>
+char* newTypedArrayWithOneArgument(
+ ExecState* exec, Structure* structure, EncodedJSValue encodedValue)
+{
+ VM& vm = exec->vm();
+ NativeCallFrameTracer tracer(&vm, exec);
+
+ JSValue value = JSValue::decode(encodedValue);
+
+ if (JSArrayBuffer* jsBuffer = jsDynamicCast<JSArrayBuffer*>(value)) {
+ RefPtr<ArrayBuffer> buffer = jsBuffer->impl();
+
+ if (buffer->byteLength() % ViewClass::elementSize) {
+ vm.throwException(exec, createRangeError(exec, ASCIILiteral("ArrayBuffer length minus the byteOffset is not a multiple of the element size")));
+ return 0;
+ }
+ return bitwise_cast<char*>(
+ ViewClass::create(
+ exec, structure, buffer, 0, buffer->byteLength() / ViewClass::elementSize));
+ }
+
+ if (JSObject* object = jsDynamicCast<JSObject*>(value)) {
+ unsigned length = object->get(exec, vm.propertyNames->length).toUInt32(exec);
+ if (exec->hadException())
+ return 0;
+
+ ViewClass* result = ViewClass::createUninitialized(exec, structure, length);
+ if (!result)
+ return 0;
+
+ if (!result->set(exec, object, 0, length))
+ return 0;
+
+ return bitwise_cast<char*>(result);
+ }
+
+ int length;
+ if (value.isInt32())
+ length = value.asInt32();
+ else if (!value.isNumber()) {
+ vm.throwException(exec, createTypeError(exec, ASCIILiteral("Invalid array length argument")));
+ return 0;
+ } else {
+ length = static_cast<int>(value.asNumber());
+ if (length != value.asNumber()) {
+ vm.throwException(exec, createTypeError(exec, ASCIILiteral("Invalid array length argument (fractional lengths not allowed)")));
+ return 0;
+ }
+ }
+
+ if (length < 0) {
+ vm.throwException(exec, createRangeError(exec, ASCIILiteral("Requested length is negative")));
+ return 0;
+ }
+
+ return bitwise_cast<char*>(ViewClass::create(exec, structure, length));
+}
+
</ins><span class="cx"> extern "C" {
</span><span class="cx">
</span><span class="cx"> EncodedJSValue JIT_OPERATION operationToThis(ExecState* exec, EncodedJSValue encodedOp)
</span><span class="lines">@@ -606,7 +664,7 @@
</span><span class="cx"> char* JIT_OPERATION operationNewInt8ArrayWithOneArgument(
</span><span class="cx"> ExecState* exec, Structure* structure, EncodedJSValue encodedValue)
</span><span class="cx"> {
</span><del>- return bitwise_cast<char*>(constructGenericTypedArrayViewWithFirstArgument<JSInt8Array>(exec, structure, encodedValue));
</del><ins>+ return newTypedArrayWithOneArgument<JSInt8Array>(exec, structure, encodedValue);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewInt16ArrayWithSize(
</span><span class="lines">@@ -618,7 +676,7 @@
</span><span class="cx"> char* JIT_OPERATION operationNewInt16ArrayWithOneArgument(
</span><span class="cx"> ExecState* exec, Structure* structure, EncodedJSValue encodedValue)
</span><span class="cx"> {
</span><del>- return bitwise_cast<char*>(constructGenericTypedArrayViewWithFirstArgument<JSInt16Array>(exec, structure, encodedValue));
</del><ins>+ return newTypedArrayWithOneArgument<JSInt16Array>(exec, structure, encodedValue);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewInt32ArrayWithSize(
</span><span class="lines">@@ -630,7 +688,7 @@
</span><span class="cx"> char* JIT_OPERATION operationNewInt32ArrayWithOneArgument(
</span><span class="cx"> ExecState* exec, Structure* structure, EncodedJSValue encodedValue)
</span><span class="cx"> {
</span><del>- return bitwise_cast<char*>(constructGenericTypedArrayViewWithFirstArgument<JSInt32Array>(exec, structure, encodedValue));
</del><ins>+ return newTypedArrayWithOneArgument<JSInt32Array>(exec, structure, encodedValue);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewUint8ArrayWithSize(
</span><span class="lines">@@ -642,7 +700,7 @@
</span><span class="cx"> char* JIT_OPERATION operationNewUint8ArrayWithOneArgument(
</span><span class="cx"> ExecState* exec, Structure* structure, EncodedJSValue encodedValue)
</span><span class="cx"> {
</span><del>- return bitwise_cast<char*>(constructGenericTypedArrayViewWithFirstArgument<JSUint8Array>(exec, structure, encodedValue));
</del><ins>+ return newTypedArrayWithOneArgument<JSUint8Array>(exec, structure, encodedValue);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewUint8ClampedArrayWithSize(
</span><span class="lines">@@ -654,7 +712,7 @@
</span><span class="cx"> char* JIT_OPERATION operationNewUint8ClampedArrayWithOneArgument(
</span><span class="cx"> ExecState* exec, Structure* structure, EncodedJSValue encodedValue)
</span><span class="cx"> {
</span><del>- return bitwise_cast<char*>(constructGenericTypedArrayViewWithFirstArgument<JSUint8ClampedArray>(exec, structure, encodedValue));
</del><ins>+ return newTypedArrayWithOneArgument<JSUint8ClampedArray>(exec, structure, encodedValue);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewUint16ArrayWithSize(
</span><span class="lines">@@ -666,7 +724,7 @@
</span><span class="cx"> char* JIT_OPERATION operationNewUint16ArrayWithOneArgument(
</span><span class="cx"> ExecState* exec, Structure* structure, EncodedJSValue encodedValue)
</span><span class="cx"> {
</span><del>- return bitwise_cast<char*>(constructGenericTypedArrayViewWithFirstArgument<JSUint16Array>(exec, structure, encodedValue));
</del><ins>+ return newTypedArrayWithOneArgument<JSUint16Array>(exec, structure, encodedValue);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewUint32ArrayWithSize(
</span><span class="lines">@@ -678,7 +736,7 @@
</span><span class="cx"> char* JIT_OPERATION operationNewUint32ArrayWithOneArgument(
</span><span class="cx"> ExecState* exec, Structure* structure, EncodedJSValue encodedValue)
</span><span class="cx"> {
</span><del>- return bitwise_cast<char*>(constructGenericTypedArrayViewWithFirstArgument<JSUint32Array>(exec, structure, encodedValue));
</del><ins>+ return newTypedArrayWithOneArgument<JSUint32Array>(exec, structure, encodedValue);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewFloat32ArrayWithSize(
</span><span class="lines">@@ -690,7 +748,7 @@
</span><span class="cx"> char* JIT_OPERATION operationNewFloat32ArrayWithOneArgument(
</span><span class="cx"> ExecState* exec, Structure* structure, EncodedJSValue encodedValue)
</span><span class="cx"> {
</span><del>- return bitwise_cast<char*>(constructGenericTypedArrayViewWithFirstArgument<JSFloat32Array>(exec, structure, encodedValue));
</del><ins>+ return newTypedArrayWithOneArgument<JSFloat32Array>(exec, structure, encodedValue);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewFloat64ArrayWithSize(
</span><span class="lines">@@ -702,7 +760,7 @@
</span><span class="cx"> char* JIT_OPERATION operationNewFloat64ArrayWithOneArgument(
</span><span class="cx"> ExecState* exec, Structure* structure, EncodedJSValue encodedValue)
</span><span class="cx"> {
</span><del>- return bitwise_cast<char*>(constructGenericTypedArrayViewWithFirstArgument<JSFloat64Array>(exec, structure, encodedValue));
</del><ins>+ return newTypedArrayWithOneArgument<JSFloat64Array>(exec, structure, encodedValue);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> JSCell* JIT_OPERATION operationCreateActivationDirect(ExecState* exec, Structure* structure, JSScope* scope, SymbolTable* table, EncodedJSValue initialValueEncoded)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSGenericTypedArrayViewConstructorInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h (191192 => 191193)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h 2015-10-16 19:26:38 UTC (rev 191192)
+++ trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h 2015-10-16 19:47:04 UTC (rev 191193)
</span><span class="lines">@@ -77,23 +77,23 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename ViewClass>
</span><del>-static JSObject* constructGenericTypedArrayViewFromIterator(ExecState* exec, Structure* structure, JSValue iterator)
</del><ins>+static EncodedJSValue constructGenericTypedArrayViewFromIterator(ExecState* exec, Structure* structure, JSValue iterator)
</ins><span class="cx"> {
</span><span class="cx"> if (!iterator.isObject())
</span><del>- return throwTypeError(exec, "Symbol.Iterator for the first argument did not return an object.");
</del><ins>+ return JSValue::encode(throwTypeError(exec, "Symbol.Iterator for the first argument did not return an object."));
</ins><span class="cx">
</span><span class="cx"> MarkedArgumentBuffer storage;
</span><span class="cx"> while (true) {
</span><span class="cx"> JSValue next = iteratorStep(exec, iterator);
</span><span class="cx"> if (exec->hadException())
</span><del>- return nullptr;
</del><ins>+ return JSValue::encode(jsUndefined());
</ins><span class="cx">
</span><span class="cx"> if (next.isFalse())
</span><span class="cx"> break;
</span><span class="cx">
</span><span class="cx"> JSValue nextItem = iteratorValue(exec, next);
</span><span class="cx"> if (exec->hadException())
</span><del>- return nullptr;
</del><ins>+ return JSValue::encode(jsUndefined());
</ins><span class="cx">
</span><span class="cx"> storage.append(nextItem);
</span><span class="cx"> }
</span><span class="lines">@@ -101,146 +101,132 @@
</span><span class="cx"> ViewClass* result = ViewClass::createUninitialized(exec, structure, storage.size());
</span><span class="cx"> if (!result) {
</span><span class="cx"> ASSERT(exec->hadException());
</span><del>- return nullptr;
</del><ins>+ return JSValue::encode(jsUndefined());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> for (unsigned i = 0; i < storage.size(); ++i) {
</span><span class="cx"> if (!result->setIndex(exec, i, storage.at(i))) {
</span><span class="cx"> ASSERT(exec->hadException());
</span><del>- return nullptr;
</del><ins>+ return JSValue::encode(jsUndefined());
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- return result;
</del><ins>+ return JSValue::encode(result);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-template<typename ViewClass, bool checkForOtherArguments = false>
-static JSObject* constructGenericTypedArrayViewWithFirstArgument(ExecState* exec, Structure* structure, EncodedJSValue firstArgument)
</del><ins>+template<typename ViewClass>
+static EncodedJSValue JSC_HOST_CALL constructGenericTypedArrayView(ExecState* exec)
</ins><span class="cx"> {
</span><del>- JSValue firstValue = JSValue::decode(firstArgument);
</del><ins>+ Structure* structure =
+ asInternalFunction(exec->callee())->globalObject()->typedArrayStructure(
+ ViewClass::TypedArrayStorageType);
+
</ins><span class="cx"> VM& vm = exec->vm();
</span><span class="cx">
</span><del>- if (JSArrayBuffer* jsBuffer = jsDynamicCast<JSArrayBuffer*>(firstValue)) {
</del><ins>+ if (!exec->argumentCount()) {
+ if (ViewClass::TypedArrayStorageType == TypeDataView)
+ return throwVMError(exec, createTypeError(exec, "DataView constructor requires at least one argument."));
+
+ // Even though the documentation doesn't say so, it's correct to say
+ // "new Int8Array()". This is the same as allocating an array of zero
+ // length.
+ return JSValue::encode(ViewClass::create(exec, structure, 0));
+ }
+
+ if (JSArrayBuffer* jsBuffer = jsDynamicCast<JSArrayBuffer*>(exec->argument(0))) {
</ins><span class="cx"> RefPtr<ArrayBuffer> buffer = jsBuffer->impl();
</span><del>-
- unsigned offset = 0;
</del><ins>+
+ unsigned offset = (exec->argumentCount() > 1) ? exec->uncheckedArgument(1).toUInt32(exec) : 0;
+ if (exec->hadException())
+ return JSValue::encode(jsUndefined());
</ins><span class="cx"> unsigned length = 0;
</span><del>- if (checkForOtherArguments && exec->argumentCount() > 1) {
- offset = exec->uncheckedArgument(1).toUInt32(exec);
- if (exec->hadException())
- return nullptr;
- }
-
- if (checkForOtherArguments && exec->argumentCount() > 2) {
</del><ins>+ if (exec->argumentCount() > 2) {
</ins><span class="cx"> length = exec->uncheckedArgument(2).toUInt32(exec);
</span><span class="cx"> if (exec->hadException())
</span><del>- return nullptr;
</del><ins>+ return JSValue::encode(jsUndefined());
</ins><span class="cx"> } else {
</span><span class="cx"> if ((buffer->byteLength() - offset) % ViewClass::elementSize)
</span><del>- return throwRangeError(exec, "ArrayBuffer length minus the byteOffset is not a multiple of the element size");
</del><ins>+ return throwVMError(exec, createRangeError(exec, "ArrayBuffer length minus the byteOffset is not a multiple of the element size"));
</ins><span class="cx"> length = (buffer->byteLength() - offset) / ViewClass::elementSize;
</span><del>-
</del><span class="cx"> }
</span><del>-
- return ViewClass::create(exec, structure, buffer, offset, length);
</del><ins>+ return JSValue::encode(ViewClass::create(exec, structure, buffer, offset, length));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (ViewClass::TypedArrayStorageType == TypeDataView)
</span><del>- return throwTypeError(exec, "Expected ArrayBuffer for the first argument.");
</del><ins>+ return throwVMError(exec, createTypeError(exec, "Expected ArrayBuffer for the first argument."));
</ins><span class="cx">
</span><span class="cx"> // For everything but DataView, we allow construction with any of:
</span><span class="cx"> // - Another array. This creates a copy of the of that array.
</span><span class="cx"> // - An integer. This creates a new typed array of that length and zero-initializes it.
</span><ins>+
+ if (JSObject* object = jsDynamicCast<JSObject*>(exec->uncheckedArgument(0))) {
+ PropertySlot lengthSlot(object);
+ object->getPropertySlot(exec, vm.propertyNames->length, lengthSlot);
</ins><span class="cx">
</span><del>- if (JSObject* object = jsDynamicCast<JSObject*>(firstValue)) {
- unsigned length;
-
- if (isTypedView(object->classInfo()->typedArrayStorageType))
- length = jsCast<JSArrayBufferView*>(object)->length();
- else {
- PropertySlot lengthSlot(object);
- object->getPropertySlot(exec, vm.propertyNames->length, lengthSlot);
-
</del><ins>+ if (!isTypedView(object->classInfo()->typedArrayStorageType)) {
</ins><span class="cx"> JSValue iteratorFunc = object->get(exec, vm.propertyNames->iteratorSymbol);
</span><span class="cx"> if (exec->hadException())
</span><del>- return nullptr;
</del><ins>+ return JSValue::encode(jsUndefined());
</ins><span class="cx">
</span><span class="cx"> // We would like not use the iterator as it is painfully slow. Fortunately, unless
</span><span class="cx"> // 1) The iterator is not a known iterator.
</span><span class="cx"> // 2) The base object does not have a length getter.
</span><del>- // 3) The base object might have indexed getters.
</del><ins>+ // 3) Bad times are being had.
</ins><span class="cx"> // it should not be observable that we do not use the iterator.
</span><span class="cx">
</span><span class="cx"> if (!iteratorFunc.isUndefined()
</span><del>- && (iteratorFunc != object->globalObject()->arrayProtoValuesFunction()
</del><ins>+ && (iteratorFunc != exec->lexicalGlobalObject()->arrayProtoValuesFunction()
</ins><span class="cx"> || lengthSlot.isAccessor() || lengthSlot.isCustom()
</span><del>- || hasAnyArrayStorage(object->indexingType()))) {
</del><ins>+ || exec->lexicalGlobalObject()->isHavingABadTime())) {
</ins><span class="cx">
</span><span class="cx"> CallData callData;
</span><span class="cx"> CallType callType = getCallData(iteratorFunc, callData);
</span><span class="cx"> if (callType == CallTypeNone)
</span><del>- return throwTypeError(exec, "Symbol.Iterator for the first argument cannot be called.");
</del><ins>+ return JSValue::encode(throwTypeError(exec, "Symbol.Iterator for the first argument cannot be called."));
</ins><span class="cx">
</span><span class="cx"> ArgList arguments;
</span><span class="cx"> JSValue iterator = call(exec, iteratorFunc, callType, callData, object, arguments);
</span><span class="cx"> if (exec->hadException())
</span><del>- return nullptr;
</del><ins>+ return JSValue::encode(jsUndefined());
</ins><span class="cx">
</span><span class="cx"> return constructGenericTypedArrayViewFromIterator<ViewClass>(exec, structure, iterator);
</span><del>- }
</del><span class="cx">
</span><del>- length = lengthSlot.isUnset() ? 0 : lengthSlot.getValue(exec, vm.propertyNames->length).toUInt32(exec);
- if (exec->hadException())
- return nullptr;
</del><ins>+ }
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+ unsigned length = lengthSlot.getValue(exec, vm.propertyNames->length).toUInt32(exec);
+ if (exec->hadException())
+ return JSValue::encode(jsUndefined());
</ins><span class="cx">
</span><span class="cx"> ViewClass* result = ViewClass::createUninitialized(exec, structure, length);
</span><span class="cx"> if (!result) {
</span><span class="cx"> ASSERT(exec->hadException());
</span><del>- return nullptr;
</del><ins>+ return JSValue::encode(jsUndefined());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (!result->set(exec, object, 0, length))
</span><del>- return nullptr;
</del><ins>+ return JSValue::encode(jsUndefined());
</ins><span class="cx">
</span><del>- return result;
</del><ins>+ return JSValue::encode(result);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> int length;
</span><del>- if (firstValue.isInt32())
- length = firstValue.asInt32();
- else if (!firstValue.isNumber())
- return throwTypeError(exec, "Invalid array length argument");
</del><ins>+ if (exec->uncheckedArgument(0).isInt32())
+ length = exec->uncheckedArgument(0).asInt32();
+ else if (!exec->uncheckedArgument(0).isNumber())
+ return throwVMError(exec, createTypeError(exec, "Invalid array length argument"));
</ins><span class="cx"> else {
</span><del>- length = static_cast<int>(firstValue.asNumber());
- if (length != firstValue.asNumber())
- return throwTypeError(exec, "Invalid array length argument (fractional lengths not allowed)");
</del><ins>+ length = static_cast<int>(exec->uncheckedArgument(0).asNumber());
+ if (length != exec->uncheckedArgument(0).asNumber())
+ return throwVMError(exec, createTypeError(exec, "Invalid array length argument (fractional lengths not allowed)"));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (length < 0)
</span><del>- return throwRangeError(exec, "Requested length is negative");
- return ViewClass::create(exec, structure, length);
</del><ins>+ return throwVMError(exec, createRangeError(exec, "Requested length is negative"));
+ return JSValue::encode(ViewClass::create(exec, structure, length));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename ViewClass>
</span><del>-static EncodedJSValue JSC_HOST_CALL constructGenericTypedArrayView(ExecState* exec)
-{
- Structure* structure =
- asInternalFunction(exec->callee())->globalObject()->typedArrayStructure(
- ViewClass::TypedArrayStorageType);
-
- if (!exec->argumentCount()) {
- if (ViewClass::TypedArrayStorageType == TypeDataView)
- return throwVMError(exec, createTypeError(exec, "DataView constructor requires at least one argument."));
-
- return JSValue::encode(ViewClass::create(exec, structure, 0));
- }
-
- return JSValue::encode(constructGenericTypedArrayViewWithFirstArgument<ViewClass, true>(exec, structure, JSValue::encode(exec->uncheckedArgument(0))));
-}
-
-template<typename ViewClass>
</del><span class="cx"> ConstructType JSGenericTypedArrayViewConstructor<ViewClass>::getConstructData(JSCell*, ConstructData& constructData)
</span><span class="cx"> {
</span><span class="cx"> constructData.native.function = constructGenericTypedArrayView<ViewClass>;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSGenericTypedArrayViewPrototypeFunctionsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h (191192 => 191193)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h 2015-10-16 19:26:38 UTC (rev 191192)
+++ trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h 2015-10-16 19:47:04 UTC (rev 191193)
</span><span class="lines">@@ -66,6 +66,10 @@
</span><span class="cx"> if (!exec->argumentCount())
</span><span class="cx"> return throwVMError(exec, createTypeError(exec, "Expected at least one argument"));
</span><span class="cx">
</span><ins>+ JSObject* sourceArray = jsDynamicCast<JSObject*>(exec->uncheckedArgument(0));
+ if (!sourceArray)
+ return throwVMError(exec, createTypeError(exec, "First argument should be an object"));
+
</ins><span class="cx"> unsigned offset;
</span><span class="cx"> if (exec->argumentCount() >= 2) {
</span><span class="cx"> offset = exec->uncheckedArgument(1).toUInt32(exec);
</span><span class="lines">@@ -74,16 +78,7 @@
</span><span class="cx"> } else
</span><span class="cx"> offset = 0;
</span><span class="cx">
</span><del>- JSObject* sourceArray = jsDynamicCast<JSObject*>(exec->uncheckedArgument(0));
- if (!sourceArray)
- return throwVMError(exec, createTypeError(exec, "First argument should be an object"));
-
- unsigned length;
- if (isTypedView(sourceArray->classInfo()->typedArrayStorageType))
- length = jsDynamicCast<JSArrayBufferView*>(sourceArray)->length();
- else
- length = sourceArray->get(exec, exec->vm().propertyNames->length).toUInt32(exec);
-
</del><ins>+ unsigned length = sourceArray->get(exec, exec->vm().propertyNames->length).toUInt32(exec);
</ins><span class="cx"> if (exec->hadException())
</span><span class="cx"> return JSValue::encode(jsUndefined());
</span><span class="cx">
</span><span class="lines">@@ -288,6 +283,7 @@
</span><span class="cx"> return JSValue::encode(jsNumber(thisObject->byteOffset()));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+
</ins><span class="cx"> template<typename ViewClass>
</span><span class="cx"> EncodedJSValue JSC_HOST_CALL genericTypedArrayViewProtoFuncReverse(ExecState* exec)
</span><span class="cx"> {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstresstypedarrayconstructiteratorjs"></a>
<div class="delfile"><h4>Deleted: trunk/Source/JavaScriptCore/tests/stress/typedarray-construct-iterator.js (191192 => 191193)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/typedarray-construct-iterator.js 2015-10-16 19:26:38 UTC (rev 191192)
+++ trunk/Source/JavaScriptCore/tests/stress/typedarray-construct-iterator.js 2015-10-16 19:47:04 UTC (rev 191193)
</span><span class="lines">@@ -1,66 +0,0 @@
</span><del>-// Test a bunch of things about typed array constructors with iterators.
-
-// Test that the dfg actually respects iterators.
-let foo = [1,2,3,4];
-
-function iterator() {
- return { i: 0,
- next: function() {
- if (this.i < foo.length/2) {
- return { done: false,
- value: foo[this.i++]
- };
- }
- return { done: true };
- }
- };
-}
-
-foo[Symbol.iterator] = iterator;
-
-(function body() {
-
- for (var i = 1; i < 100000; i++) {
- if (new Int32Array(foo).length !== 2)
- throw "iterator did not run";
- }
-
-})();
-
-// Test that the optimizations used for iterators during construction is valid.
-
-foo = { 0:0, 1:1, 2:2, 3:3 };
-count = 4;
-foo.__defineGetter__("length", function() {
- return count--;
-});
-
-foo[Symbol.iterator] = Array.prototype[Symbol.iterator];
-
-if (new Int32Array(foo).length !== 2)
- throw "iterator did not run";
-
-// Test that we handle length is unset... whoops.
-
-foo = { 0:0, 2:2, 3:3 };
-
-if (new Int32Array(foo).length !== 0)
- throw "did not handle object with unset length";
-
-// Test that we handle prototypes with accessors.
-
-foo = { 0:0, 2:2, 3:3 };
-foo[Symbol.iterator] = Array.prototype[Symbol.iterator];
-foo.length = 4;
-bar = { };
-
-bar.__defineGetter__("1", function() {
- foo.length = 0;
- return 1;
-});
-
-
-foo.__proto__ = bar;
-
-if (new Int32Array(foo).length !== 2)
- throw "did not handle object with accessor on prototype";
</del></span></pre>
</div>
</div>
</body>
</html>