<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[196318] tags/Safari-602.1.18.6</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/196318">196318</a></dd>
<dt>Author</dt> <dd>bshafiei@apple.com</dd>
<dt>Date</dt> <dd>2016-02-09 10:31:39 -0800 (Tue, 09 Feb 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merged <a href="http://trac.webkit.org/projects/webkit/changeset/196001">r196001</a>. rdar://problem/19506502</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#tagsSafari6021186LayoutTestsChangeLog">tags/Safari-602.1.18.6/LayoutTests/ChangeLog</a></li>
<li><a href="#tagsSafari6021186LayoutTestsinspectorruntimegetPropertiesexpectedtxt">tags/Safari-602.1.18.6/LayoutTests/inspector/runtime/getProperties-expected.txt</a></li>
<li><a href="#tagsSafari6021186SourceJavaScriptCoreCMakeListstxt">tags/Safari-602.1.18.6/Source/JavaScriptCore/CMakeLists.txt</a></li>
<li><a href="#tagsSafari6021186SourceJavaScriptCoreChangeLog">tags/Safari-602.1.18.6/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#tagsSafari6021186SourceJavaScriptCoreJavaScriptCorevcxprojJavaScriptCorevcxproj">tags/Safari-602.1.18.6/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj</a></li>
<li><a href="#tagsSafari6021186SourceJavaScriptCoreJavaScriptCorevcxprojJavaScriptCorevcxprojfilters">tags/Safari-602.1.18.6/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters</a></li>
<li><a href="#tagsSafari6021186SourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj">tags/Safari-602.1.18.6/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#tagsSafari6021186SourceJavaScriptCoreinspectorInjectedScriptSourcejs">tags/Safari-602.1.18.6/Source/JavaScriptCore/inspector/InjectedScriptSource.js</a></li>
<li><a href="#tagsSafari6021186SourceJavaScriptCoreruntimeJSGlobalObjectcpp">tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/JSGlobalObject.cpp</a></li>
<li><a href="#tagsSafari6021186SourceJavaScriptCoreruntimeJSGlobalObjecth">tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/JSGlobalObject.h</a></li>
<li><a href="#tagsSafari6021186SourceJavaScriptCoreruntimeJSObjectcpp">tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/JSObject.cpp</a></li>
<li><a href="#tagsSafari6021186SourceJavaScriptCoreruntimePropertyDescriptorcpp">tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/PropertyDescriptor.cpp</a></li>
<li><a href="#tagsSafari6021186SourceJavaScriptCoreruntimeVMcpp">tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/VM.cpp</a></li>
<li><a href="#tagsSafari6021186SourceJavaScriptCoreruntimeVMh">tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/VM.h</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#tagsSafari6021186LayoutTestshttptestssecuritycrossoriginwindowpropertyaccessexpectedtxt">tags/Safari-602.1.18.6/LayoutTests/http/tests/security/cross-origin-window-property-access-expected.txt</a></li>
<li><a href="#tagsSafari6021186LayoutTestshttptestssecuritycrossoriginwindowpropertyaccesshtml">tags/Safari-602.1.18.6/LayoutTests/http/tests/security/cross-origin-window-property-access.html</a></li>
<li><a href="#tagsSafari6021186LayoutTestsjsdomnativebindingsdescriptorsexpectedtxt">tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors-expected.txt</a></li>
<li><a href="#tagsSafari6021186LayoutTestsjsdomnativebindingsdescriptorshtml">tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors.html</a></li>
<li><a href="#tagsSafari6021186LayoutTestsjsdomnativebindingsdescriptors2expectedtxt">tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors2-expected.txt</a></li>
<li><a href="#tagsSafari6021186LayoutTestsjsdomnativebindingsdescriptors2html">tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors2.html</a></li>
<li><a href="#tagsSafari6021186LayoutTestsjsdomnativebindingsdescriptors3expectedtxt">tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors3-expected.txt</a></li>
<li><a href="#tagsSafari6021186LayoutTestsjsdomnativebindingsdescriptors3html">tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors3.html</a></li>
<li><a href="#tagsSafari6021186LayoutTestsjsdomnativebindingsdescriptors4expectedtxt">tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors4-expected.txt</a></li>
<li><a href="#tagsSafari6021186LayoutTestsjsdomnativebindingsdescriptors4html">tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors4.html</a></li>
<li><a href="#tagsSafari6021186LayoutTestsjsdomnativebindingsdescriptors5expectedtxt">tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors5-expected.txt</a></li>
<li><a href="#tagsSafari6021186SourceJavaScriptCoreruntimeJSBoundSlotBaseFunctioncpp">tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/JSBoundSlotBaseFunction.cpp</a></li>
<li><a href="#tagsSafari6021186SourceJavaScriptCoreruntimeJSBoundSlotBaseFunctionh">tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/JSBoundSlotBaseFunction.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="tagsSafari6021186LayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: tags/Safari-602.1.18.6/LayoutTests/ChangeLog (196317 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/LayoutTests/ChangeLog 2016-02-09 18:28:30 UTC (rev 196317)
+++ tags/Safari-602.1.18.6/LayoutTests/ChangeLog 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -1,3 +1,31 @@
</span><ins>+2016-02-09 Babak Shafiei <bshafiei@apple.com>
+
+ Merge r196001.
+
+ 2016-02-01 Chris Dumez <cdumez@apple.com>
+
+ Native Bindings Descriptors are Incomplete
+ https://bugs.webkit.org/show_bug.cgi?id=140575
+ <rdar://problem/19506502>
+
+ Reviewed by Oliver Hunt.
+
+ Add test coverage.
+
+ * http/tests/security/cross-origin-window-property-access-expected.txt: Added.
+ * http/tests/security/cross-origin-window-property-access.html: Added.
+ * inspector/runtime/getProperties-expected.txt:
+ * js/dom/native-bindings-descriptors-expected.txt: Added.
+ * js/dom/native-bindings-descriptors.html: Added.
+ * js/dom/native-bindings-descriptors2-expected.txt: Added.
+ * js/dom/native-bindings-descriptors2.html: Added.
+ * js/dom/native-bindings-descriptors3-expected.txt: Added.
+ * js/dom/native-bindings-descriptors3.html: Added.
+ * js/dom/native-bindings-descriptors4-expected.txt: Added.
+ * js/dom/native-bindings-descriptors4.html: Added.
+ * js/dom/native-bindings-descriptors5-expected.txt: Added.
+ * js/dom/native-bindings-descriptors5.html: Added.
+
</ins><span class="cx"> 2016-01-28 Joseph Pecoraro <pecoraro@apple.com>
</span><span class="cx">
</span><span class="cx"> Web Inspector: InspectorTimelineAgent doesn't need to recompile functions because it now uses the sampling profiler
</span></span></pre></div>
<a id="tagsSafari6021186LayoutTestshttptestssecuritycrossoriginwindowpropertyaccessexpectedtxtfromrev196001trunkLayoutTestshttptestssecuritycrossoriginwindowpropertyaccessexpectedtxt"></a>
<div class="copfile"><h4>Copied: tags/Safari-602.1.18.6/LayoutTests/http/tests/security/cross-origin-window-property-access-expected.txt (from rev 196001, trunk/LayoutTests/http/tests/security/cross-origin-window-property-access-expected.txt) (0 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/LayoutTests/http/tests/security/cross-origin-window-property-access-expected.txt (rev 0)
+++ tags/Safari-602.1.18.6/LayoutTests/http/tests/security/cross-origin-window-property-access-expected.txt 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+Tests that using another window's property getter does not bypass cross-origin checks.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS Object.getOwnPropertyDescriptor(window, "document").get.call(crossOriginWindow) threw exception TypeError: undefined is not an object (evaluating 'Object.getOwnPropertyDescriptor(window, "document").get.call').
+PASS Object.getOwnPropertyDescriptor(window, "location").get.call(crossOriginWindow) threw exception TypeError: undefined is not an object (evaluating 'Object.getOwnPropertyDescriptor(window, "location").get.call').
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="tagsSafari6021186LayoutTestshttptestssecuritycrossoriginwindowpropertyaccesshtmlfromrev196001trunkLayoutTestshttptestssecuritycrossoriginwindowpropertyaccesshtml"></a>
<div class="copfile"><h4>Copied: tags/Safari-602.1.18.6/LayoutTests/http/tests/security/cross-origin-window-property-access.html (from rev 196001, trunk/LayoutTests/http/tests/security/cross-origin-window-property-access.html) (0 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/LayoutTests/http/tests/security/cross-origin-window-property-access.html (rev 0)
+++ tags/Safari-602.1.18.6/LayoutTests/http/tests/security/cross-origin-window-property-access.html 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -0,0 +1,22 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script>
+description("Tests that using another window's property getter does not bypass cross-origin checks.");
+jsTestIsAsync = true;
+if (window.testRunner)
+ testRunner.setCanOpenWindows();
+
+var crossOriginWindow = window.open("http://127.0.0.1:8000/security/resources/blank.html");
+crossOriginWindow.onload = function() {
+ shouldThrow('Object.getOwnPropertyDescriptor(window, "document").get.call(crossOriginWindow)');
+ shouldThrow('Object.getOwnPropertyDescriptor(window, "location").get.call(crossOriginWindow)');
+ finishJSTest();
+}
+</script>
+</body>
+<script src="../../resources/js-test-post.js"></script>
+</html>
</ins></span></pre></div>
<a id="tagsSafari6021186LayoutTestsinspectorruntimegetPropertiesexpectedtxt"></a>
<div class="modfile"><h4>Modified: tags/Safari-602.1.18.6/LayoutTests/inspector/runtime/getProperties-expected.txt (196317 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/LayoutTests/inspector/runtime/getProperties-expected.txt 2016-02-09 18:28:30 UTC (rev 196317)
+++ tags/Safari-602.1.18.6/LayoutTests/inspector/runtime/getProperties-expected.txt 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -21,8 +21,8 @@
</span><span class="cx"> __proto__ function function () {
</span><span class="cx"> [native code]
</span><span class="cx"> }
</span><del>- arguments
- caller
</del><ins>+ arguments object TypeError: Type error
+ caller object TypeError: Type error
</ins><span class="cx"> length number 0
</span><span class="cx"> name string Number
</span><span class="cx"> Internal properties:
</span></span></pre></div>
<a id="tagsSafari6021186LayoutTestsjsdomnativebindingsdescriptorsexpectedtxtfromrev196001trunkLayoutTestsjsdomnativebindingsdescriptorsexpectedtxt"></a>
<div class="copfile"><h4>Copied: tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors-expected.txt (from rev 196001, trunk/LayoutTests/js/dom/native-bindings-descriptors-expected.txt) (0 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors-expected.txt (rev 0)
+++ tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors-expected.txt 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -0,0 +1,45 @@
</span><ins>+CONSOLE MESSAGE: line 1: [object Object]
+CONSOLE MESSAGE: line 1: function nodeType() {
+ [native code]
+}
+document.title
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'title') is not Object.getOwnPropertyDescriptor(Document.prototype, 'title')
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'title').get is Object.getOwnPropertyDescriptor(Document.prototype, 'title').get
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'title').set is Object.getOwnPropertyDescriptor(Document.prototype, 'title').set
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'title').get.toString() is "function title() {\n [native code]\n}"
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'title').get.length is 0
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'title').set.toString() is "function title() {\n [native code]\n}"
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'title').set.length is 1
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'title').get.call(document) is document.title
+PASS document.title is "old title"
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'title').get.call(document) is "old title"
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'title').get.call() threw exception TypeError: The Document.title getter can only be used on instances of Document.
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'title').get.call(null) threw exception TypeError: The Document.title getter can only be used on instances of Document.
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'title').get.call(document.documentElement) threw exception TypeError: The Document.title getter can only be used on instances of Document.
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'title').set.call(document, 'new title') is undefined.
+PASS document.title is "new title"
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'title').get.call(document) is "new title"
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'title').set.call() threw exception TypeError: The Document.title setter can only be used on instances of Document.
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'title').set.call(null) threw exception TypeError: The Document.title setter can only be used on instances of Document.
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'title').set.call(document.documentElement) threw exception TypeError: The Document.title setter can only be used on instances of Document.
+
+document.readyState
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'readyState') is not Object.getOwnPropertyDescriptor(Document.prototype, 'readyState')
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'readyState').get is Object.getOwnPropertyDescriptor(Document.prototype, 'readyState').get
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'readyState').set is Object.getOwnPropertyDescriptor(Document.prototype, 'readyState').set
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'readyState').get.toString() is "function readyState() {\n [native code]\n}"
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'readyState').get.length is 0
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'readyState').get.call(document) is document.readyState
+PASS Object.getOwnPropertyDescriptor(Document.prototype, 'readyState').set is undefined.
+
+Node.nodeType
+PASS console.log(node_type) did not throw exception.
+PASS console.log(getter) did not throw exception.
+PASS node_type.get is defined.
+PASS node_type.get.call(document.body) is 1
+PASS node_type.enumerable is true
+PASS getter === otherGetter is true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="tagsSafari6021186LayoutTestsjsdomnativebindingsdescriptorshtmlfromrev196001trunkLayoutTestsjsdomnativebindingsdescriptorshtml"></a>
<div class="copfile"><h4>Copied: tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors.html (from rev 196001, trunk/LayoutTests/js/dom/native-bindings-descriptors.html) (0 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors.html (rev 0)
+++ tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors.html 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -0,0 +1,64 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+<title>old title</title>
+</head>
+<body>
+<script>
+debug("document.title");
+shouldNotBe("Object.getOwnPropertyDescriptor(Document.prototype, 'title')", "Object.getOwnPropertyDescriptor(Document.prototype, 'title')");
+shouldBe("Object.getOwnPropertyDescriptor(Document.prototype, 'title').get", "Object.getOwnPropertyDescriptor(Document.prototype, 'title').get");
+shouldBe("Object.getOwnPropertyDescriptor(Document.prototype, 'title').set", "Object.getOwnPropertyDescriptor(Document.prototype, 'title').set");
+shouldBeEqualToString("Object.getOwnPropertyDescriptor(Document.prototype, 'title').get.toString()", "function title() {\n [native code]\n}");
+shouldBe("Object.getOwnPropertyDescriptor(Document.prototype, 'title').get.length", "0");
+shouldBeEqualToString("Object.getOwnPropertyDescriptor(Document.prototype, 'title').set.toString()", "function title() {\n [native code]\n}");
+shouldBe("Object.getOwnPropertyDescriptor(Document.prototype, 'title').set.length", "1");
+shouldBe("Object.getOwnPropertyDescriptor(Document.prototype, 'title').get.call(document)", "document.title");
+shouldBeEqualToString('document.title', 'old title');
+shouldBeEqualToString("Object.getOwnPropertyDescriptor(Document.prototype, 'title').get.call(document)", 'old title');
+shouldThrow("Object.getOwnPropertyDescriptor(Document.prototype, 'title').get.call()");
+shouldThrow("Object.getOwnPropertyDescriptor(Document.prototype, 'title').get.call(null)");
+shouldThrow("Object.getOwnPropertyDescriptor(Document.prototype, 'title').get.call(document.documentElement)");
+shouldBeUndefined("Object.getOwnPropertyDescriptor(Document.prototype, 'title').set.call(document, 'new title')");
+shouldBeEqualToString('document.title', 'new title');
+shouldBeEqualToString("Object.getOwnPropertyDescriptor(Document.prototype, 'title').get.call(document)", 'new title');
+shouldThrow("Object.getOwnPropertyDescriptor(Document.prototype, 'title').set.call()");
+shouldThrow("Object.getOwnPropertyDescriptor(Document.prototype, 'title').set.call(null)");
+shouldThrow("Object.getOwnPropertyDescriptor(Document.prototype, 'title').set.call(document.documentElement)");
+
+// document.readyState CustomAccessor: getter
+// readonly attribute DOMString readyState;
+debug("");
+debug("document.readyState");
+shouldNotBe("Object.getOwnPropertyDescriptor(Document.prototype, 'readyState')", "Object.getOwnPropertyDescriptor(Document.prototype, 'readyState')");
+shouldBe("Object.getOwnPropertyDescriptor(Document.prototype, 'readyState').get", "Object.getOwnPropertyDescriptor(Document.prototype, 'readyState').get");
+shouldBe("Object.getOwnPropertyDescriptor(Document.prototype, 'readyState').set", "Object.getOwnPropertyDescriptor(Document.prototype, 'readyState').set");
+shouldBeEqualToString("Object.getOwnPropertyDescriptor(Document.prototype, 'readyState').get.toString()", "function readyState() {\n [native code]\n}");
+shouldBe("Object.getOwnPropertyDescriptor(Document.prototype, 'readyState').get.length", "0");
+shouldBe("Object.getOwnPropertyDescriptor(Document.prototype, 'readyState').get.call(document)", "document.readyState");
+shouldBeUndefined("Object.getOwnPropertyDescriptor(Document.prototype, 'readyState').set");
+
+debug("");
+debug("Node.nodeType");
+
+var node_type = Object.getOwnPropertyDescriptor(Node.prototype, 'nodeType');
+
+// tests that logging one of these to the console does not cause a crash or throw an exception.
+shouldNotThrow("console.log(node_type)");
+
+var getter = node_type.get;
+shouldNotThrow("console.log(getter)");
+
+shouldBeDefined("node_type.get");
+shouldBe("node_type.get.call(document.body)", "1");
+shouldBeTrue("node_type.enumerable");
+
+// tests that the getter on native descriptors is always the same under strict equality.
+var otherGetter = Object.getOwnPropertyDescriptor(Node.prototype, 'nodeType').get;
+shouldBeTrue("getter === otherGetter");
+
+</script>
+</body>
+<script src="../../resources/js-test-post.js"></script>
+</html>
</ins></span></pre></div>
<a id="tagsSafari6021186LayoutTestsjsdomnativebindingsdescriptors2expectedtxtfromrev196001trunkLayoutTestsjsdomnativebindingsdescriptors2expectedtxt"></a>
<div class="copfile"><h4>Copied: tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors2-expected.txt (from rev 196001, trunk/LayoutTests/js/dom/native-bindings-descriptors2-expected.txt) (0 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors2-expected.txt (rev 0)
+++ tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors2-expected.txt 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+PASS document.title is "old title"
+Object.defineProperty(Document.prototype, "title", { value: 5 })
+PASS originalDescriptor.value is not newDescriptor.value
+PASS document.title is 5
+PASS document.title is "old title"
+document.title = "new title"
+PASS document.title is "new title"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="tagsSafari6021186LayoutTestsjsdomnativebindingsdescriptors2htmlfromrev196001trunkLayoutTestsjsdomnativebindingsdescriptors2html"></a>
<div class="copfile"><h4>Copied: tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors2.html (from rev 196001, trunk/LayoutTests/js/dom/native-bindings-descriptors2.html) (0 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors2.html (rev 0)
+++ tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors2.html 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -0,0 +1,27 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+<title>old title</title>
+</head>
+<body>
+<script>
+var originalDescriptor = Object.getOwnPropertyDescriptor(Document.prototype, "title");
+
+shouldBeEqualToString('document.title', 'old title');
+
+evalAndLog('Object.defineProperty(Document.prototype, "title", { value: 5 })');
+var newDescriptor = Object.getOwnPropertyDescriptor(Document.prototype, "title");
+
+shouldNotBe('originalDescriptor.value', 'newDescriptor.value');
+shouldBe('document.title', '5');
+
+Object.defineProperty(Document.prototype, "title", originalDescriptor);
+shouldBeEqualToString('document.title', 'old title');
+
+evalAndLog('document.title = "new title"');
+shouldBeEqualToString('document.title', 'new title');
+</script>
+</body>
+<script src="../../resources/js-test-post.js"></script>
+</html>
</ins></span></pre></div>
<a id="tagsSafari6021186LayoutTestsjsdomnativebindingsdescriptors3expectedtxtfromrev196001trunkLayoutTestsjsdomnativebindingsdescriptors3expectedtxt"></a>
<div class="copfile"><h4>Copied: tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors3-expected.txt (from rev 196001, trunk/LayoutTests/js/dom/native-bindings-descriptors3-expected.txt) (0 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors3-expected.txt (rev 0)
+++ tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors3-expected.txt 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -0,0 +1,22 @@
</span><ins>+PASS originalGetter.call(document.body) is document.body.id
+
+PASS getterCallCount is 0
+PASS setterCallCount is 0
+
+* Calling Getter
+PASS document.body.id is ""
+PASS getterCallCount is 1
+PASS setterCallCount is 0
+
+* Calling Setter
+document.body.id = "newid";
+PASS getterCallCount is 1
+PASS setterCallCount is 1
+
+PASS document.body.id is "newid"
+PASS Object.getOwnPropertyDescriptor(document.body.__proto__.__proto__.__proto__, "id").set is countingSet
+PASS Object.getOwnPropertyDescriptor(document.body.__proto__.__proto__.__proto__, "id").get is countingGet
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="tagsSafari6021186LayoutTestsjsdomnativebindingsdescriptors3htmlfromrev196001trunkLayoutTestsjsdomnativebindingsdescriptors3html"></a>
<div class="copfile"><h4>Copied: tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors3.html (from rev 196001, trunk/LayoutTests/js/dom/native-bindings-descriptors3.html) (0 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors3.html (rev 0)
+++ tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors3.html 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -0,0 +1,49 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script>
+var descriptor = Object.getOwnPropertyDescriptor(document.body.__proto__.__proto__.__proto__, "id")
+var originalGetter = descriptor.get;
+var originalSetter = descriptor.set;
+
+var getterCallCount = 0;
+var setterCallCount = 0;
+
+shouldBe('originalGetter.call(document.body)', 'document.body.id');
+var countingGet = function () { getterCallCount++; return originalGetter.call(this); };
+var countingSet = function (s) { setterCallCount++; return originalSetter.call(this, s); };
+descriptor.get = countingGet;
+descriptor.set = countingSet;
+
+Object.defineProperty(document.body.__proto__.__proto__.__proto__, 'id', descriptor);
+
+debug('');
+shouldBe('getterCallCount', '0');
+shouldBe('setterCallCount', '0');
+
+debug('');
+debug('* Calling Getter');
+shouldBeEqualToString('document.body.id', '');
+
+shouldBe('getterCallCount', '1');
+shouldBe('setterCallCount', '0');
+
+debug('');
+debug('* Calling Setter');
+evalAndLog('document.body.id = "newid";');
+
+shouldBe('getterCallCount', '1');
+shouldBe('setterCallCount', '1');
+
+debug('');
+shouldBeEqualToString('document.body.id', 'newid');
+
+shouldBe('Object.getOwnPropertyDescriptor(document.body.__proto__.__proto__.__proto__, "id").set', 'countingSet');
+shouldBe('Object.getOwnPropertyDescriptor(document.body.__proto__.__proto__.__proto__, "id").get', 'countingGet');
+</script>
+</body>
+<script src="../../resources/js-test-post.js"></script>
+</html>
</ins></span></pre></div>
<a id="tagsSafari6021186LayoutTestsjsdomnativebindingsdescriptors4expectedtxtfromrev196001trunkLayoutTestsjsdomnativebindingsdescriptors4expectedtxt"></a>
<div class="copfile"><h4>Copied: tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors4-expected.txt (from rev 196001, trunk/LayoutTests/js/dom/native-bindings-descriptors4-expected.txt) (0 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors4-expected.txt (rev 0)
+++ tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors4-expected.txt 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -0,0 +1,16 @@
</span><ins>+Tests calling property setter on a different object.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS firstDiv.innerText is ""
+PASS secondDiv.innerText is ""
+Object.getOwnPropertyDescriptor(firstDiv.__proto__.__proto__, "innerText").set.call(secondDiv, "test")
+PASS firstDiv.innerText is ""
+PASS Object.getOwnPropertyDescriptor(secondDiv.__proto__.__proto__, "innerText").get.call(firstDiv) is ""
+PASS secondDiv.innerText is "test"
+PASS Object.getOwnPropertyDescriptor(firstDiv.__proto__.__proto__, "innerText").get.call(secondDiv) is "test"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+test
</ins></span></pre></div>
<a id="tagsSafari6021186LayoutTestsjsdomnativebindingsdescriptors4htmlfromrev196001trunkLayoutTestsjsdomnativebindingsdescriptors4html"></a>
<div class="copfile"><h4>Copied: tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors4.html (from rev 196001, trunk/LayoutTests/js/dom/native-bindings-descriptors4.html) (0 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors4.html (rev 0)
+++ tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors4.html 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -0,0 +1,28 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<div id="firstDiv"></div>
+<div id="secondDiv"></div>
+<script>
+description("Tests calling property setter on a different object.");
+
+var firstDiv = document.getElementById("firstDiv");
+var secondDiv = document.getElementById("secondDiv");
+
+shouldBeEqualToString('firstDiv.innerText', '');
+shouldBeEqualToString('secondDiv.innerText', '');
+
+evalAndLog('Object.getOwnPropertyDescriptor(firstDiv.__proto__.__proto__, "innerText").set.call(secondDiv, "test")');
+
+shouldBeEqualToString('firstDiv.innerText', '');
+shouldBeEqualToString('Object.getOwnPropertyDescriptor(secondDiv.__proto__.__proto__, "innerText").get.call(firstDiv)', '');
+shouldBeEqualToString('secondDiv.innerText', 'test');
+shouldBeEqualToString('Object.getOwnPropertyDescriptor(firstDiv.__proto__.__proto__, "innerText").get.call(secondDiv)', 'test');
+
+</script>
+</body>
+<script src="../../resources/js-test-post.js"></script>
+</html>
</ins></span></pre></div>
<a id="tagsSafari6021186LayoutTestsjsdomnativebindingsdescriptors5expectedtxtfromrev196001trunkLayoutTestsjsdomnativebindingsdescriptors5expectedtxt"></a>
<div class="copfile"><h4>Copied: tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors5-expected.txt (from rev 196001, trunk/LayoutTests/js/dom/native-bindings-descriptors5-expected.txt) (0 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors5-expected.txt (rev 0)
+++ tags/Safari-602.1.18.6/LayoutTests/js/dom/native-bindings-descriptors5-expected.txt 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+Tests calling a window.document getter on another window instance does not work
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS Object.getOwnPropertyDescriptor(window, "document").get.call(otherWindow) threw exception TypeError: undefined is not an object (evaluating 'Object.getOwnPropertyDescriptor(window, "document").get.call').
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="tagsSafari6021186SourceJavaScriptCoreCMakeListstxt"></a>
<div class="modfile"><h4>Modified: tags/Safari-602.1.18.6/Source/JavaScriptCore/CMakeLists.txt (196317 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/Source/JavaScriptCore/CMakeLists.txt 2016-02-09 18:28:30 UTC (rev 196317)
+++ tags/Safari-602.1.18.6/Source/JavaScriptCore/CMakeLists.txt 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -652,6 +652,7 @@
</span><span class="cx"> runtime/JSArrayBufferView.cpp
</span><span class="cx"> runtime/JSArrayIterator.cpp
</span><span class="cx"> runtime/JSBoundFunction.cpp
</span><ins>+ runtime/JSBoundSlotBaseFunction.cpp
</ins><span class="cx"> runtime/JSCJSValue.cpp
</span><span class="cx"> runtime/JSCallee.cpp
</span><span class="cx"> runtime/JSCell.cpp
</span></span></pre></div>
<a id="tagsSafari6021186SourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: tags/Safari-602.1.18.6/Source/JavaScriptCore/ChangeLog (196317 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/Source/JavaScriptCore/ChangeLog 2016-02-09 18:28:30 UTC (rev 196317)
+++ tags/Safari-602.1.18.6/Source/JavaScriptCore/ChangeLog 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -1,3 +1,50 @@
</span><ins>+2016-02-09 Babak Shafiei <bshafiei@apple.com>
+
+ Merge r196001.
+
+ 2016-02-01 Chris Dumez <cdumez@apple.com>
+
+ Native Bindings Descriptors are Incomplete
+ https://bugs.webkit.org/show_bug.cgi?id=140575
+ <rdar://problem/19506502>
+
+ Reviewed by Oliver Hunt.
+
+ This patch is based on initial work by Joe Pecoraro and Matthew Mirman.
+
+ This patch was initially rolled out for breaking chromeexperiments.com,
+ presumably because our IDL attributes were not marked as [configurable]
+ at the time. However, since r190104, our IDL attributes are now
+ configurable. Based on local testing, chromeexperiments.com seems to be
+ working fine now.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * inspector/InjectedScriptSource.js:
+ (endsWith):
+ (InjectedScript.prototype.processProperties):
+ * runtime/JSBoundSlotBaseFunction.cpp: Added.
+ (JSC::boundSlotBaseFunctionCall):
+ (JSC::JSBoundSlotBaseFunction::JSBoundSlotBaseFunction):
+ (JSC::JSBoundSlotBaseFunction::create):
+ (JSC::JSBoundSlotBaseFunction::visitChildren):
+ (JSC::JSBoundSlotBaseFunction::finishCreation):
+ * runtime/JSBoundSlotBaseFunction.h: Added.
+ (JSC::JSBoundSlotBaseFunction::createStructure):
+ (JSC::JSBoundSlotBaseFunction::boundSlotBase):
+ (JSC::JSBoundSlotBaseFunction::customGetterSetter):
+ (JSC::JSBoundSlotBaseFunction::isSetter):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::init):
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::boundSlotBaseFunctionStructure):
+ * runtime/JSObject.cpp:
+ (JSC::getBoundSlotBaseFunctionForGetterSetter):
+ (JSC::JSObject::getOwnPropertyDescriptor):
+ * runtime/VM.cpp:
+ (JSC::VM::VM):
+ * runtime/VM.h:
+
</ins><span class="cx"> 2016-02-05 Babak Shafiei <bshafiei@apple.com>
</span><span class="cx">
</span><span class="cx"> Merge r196197.
</span></span></pre></div>
<a id="tagsSafari6021186SourceJavaScriptCoreJavaScriptCorevcxprojJavaScriptCorevcxproj"></a>
<div class="modfile"><h4>Modified: tags/Safari-602.1.18.6/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj (196317 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj 2016-02-09 18:28:30 UTC (rev 196317)
+++ tags/Safari-602.1.18.6/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -799,6 +799,7 @@
</span><span class="cx"> <ClCompile Include="..\runtime\JSArrayBufferPrototype.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\JSArrayBufferView.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\JSBoundFunction.cpp" />
</span><ins>+ <ClCompile Include="..\runtime\JSBoundSlotBaseFunction.cpp" />
</ins><span class="cx"> <ClCompile Include="..\runtime\JSCJSValue.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\JSCallee.cpp" />
</span><span class="cx"> <ClCompile Include="..\runtime\JSCell.cpp" />
</span><span class="lines">@@ -1678,6 +1679,7 @@
</span><span class="cx"> <ClInclude Include="..\runtime\JSArrayBufferViewInlines.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\JSArrayIterator.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\JSBoundFunction.h" />
</span><ins>+ <ClInclude Include="..\runtime\JSBoundSlotBaseFunction.h" />
</ins><span class="cx"> <ClInclude Include="..\runtime\JSCInlines.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\JSCJSValue.h" />
</span><span class="cx"> <ClInclude Include="..\runtime\JSCJSValueInlines.h" />
</span></span></pre></div>
<a id="tagsSafari6021186SourceJavaScriptCoreJavaScriptCorevcxprojJavaScriptCorevcxprojfilters"></a>
<div class="modfile"><h4>Modified: tags/Safari-602.1.18.6/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters (196317 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters 2016-02-09 18:28:30 UTC (rev 196317)
+++ tags/Safari-602.1.18.6/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -765,6 +765,9 @@
</span><span class="cx"> <ClCompile Include="..\runtime\JSBoundFunction.cpp">
</span><span class="cx"> <Filter>runtime</Filter>
</span><span class="cx"> </ClCompile>
</span><ins>+ <ClCompile Include="..\runtime\JSBoundSlotBaseFunction.cpp">
+ <Filter>runtime</Filter>
+ </ClCompile>
</ins><span class="cx"> <ClCompile Include="..\runtime\JSCallee.cpp">
</span><span class="cx"> <Filter>runtime</Filter>
</span><span class="cx"> </ClCompile>
</span><span class="lines">@@ -2983,6 +2986,9 @@
</span><span class="cx"> <ClInclude Include="..\runtime\JSBoundFunction.h">
</span><span class="cx"> <Filter>runtime</Filter>
</span><span class="cx"> </ClInclude>
</span><ins>+ <ClInclude Include="..\runtime\JSBoundSlotBaseFunction.h">
+ <Filter>runtime</Filter>
+ </ClInclude>
</ins><span class="cx"> <ClInclude Include="..\runtime\JSCallee.h">
</span><span class="cx"> <Filter>runtime</Filter>
</span><span class="cx"> </ClInclude>
</span></span></pre></div>
<a id="tagsSafari6021186SourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: tags/Safari-602.1.18.6/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (196317 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2016-02-09 18:28:30 UTC (rev 196317)
+++ tags/Safari-602.1.18.6/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -1197,6 +1197,8 @@
</span><span class="cx"> 43C392AB1C3BEB0500241F53 /* AssemblerCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = 43C392AA1C3BEB0000241F53 /* AssemblerCommon.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 4443AE3316E188D90076F110 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 51F0EB6105C86C6B00E6DF1B /* Foundation.framework */; };
</span><span class="cx"> 451539B912DC994500EF7AC4 /* Yarr.h in Headers */ = {isa = PBXBuildFile; fileRef = 451539B812DC994500EF7AC4 /* Yarr.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><ins>+ 46D4DCBD1C5AB2D500D8D321 /* JSBoundSlotBaseFunction.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 46D4DCBB1C5AB2D500D8D321 /* JSBoundSlotBaseFunction.cpp */; };
+ 46D4DCBE1C5AB2D500D8D321 /* JSBoundSlotBaseFunction.h in Headers */ = {isa = PBXBuildFile; fileRef = 46D4DCBC1C5AB2D500D8D321 /* JSBoundSlotBaseFunction.h */; };
</ins><span class="cx"> 52678F8E1A031009006A306D /* BasicBlockLocation.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 52678F8C1A031009006A306D /* BasicBlockLocation.cpp */; };
</span><span class="cx"> 52678F8F1A031009006A306D /* BasicBlockLocation.h in Headers */ = {isa = PBXBuildFile; fileRef = 52678F8D1A031009006A306D /* BasicBlockLocation.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 52678F911A04177C006A306D /* ControlFlowProfiler.h in Headers */ = {isa = PBXBuildFile; fileRef = 52678F901A04177C006A306D /* ControlFlowProfiler.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="lines">@@ -3351,6 +3353,8 @@
</span><span class="cx"> 449097EE0F8F81B50076A327 /* FeatureDefines.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = FeatureDefines.xcconfig; sourceTree = "<group>"; };
</span><span class="cx"> 451539B812DC994500EF7AC4 /* Yarr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Yarr.h; path = yarr/Yarr.h; sourceTree = "<group>"; };
</span><span class="cx"> 45E12D8806A49B0F00E9DF84 /* jsc.cpp */ = {isa = PBXFileReference; fileEncoding = 30; indentWidth = 4; lastKnownFileType = sourcecode.cpp.cpp; path = jsc.cpp; sourceTree = "<group>"; tabWidth = 4; };
</span><ins>+ 46D4DCBB1C5AB2D500D8D321 /* JSBoundSlotBaseFunction.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSBoundSlotBaseFunction.cpp; sourceTree = "<group>"; };
+ 46D4DCBC1C5AB2D500D8D321 /* JSBoundSlotBaseFunction.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSBoundSlotBaseFunction.h; sourceTree = "<group>"; };
</ins><span class="cx"> 51F0EB6105C86C6B00E6DF1B /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = /System/Library/Frameworks/Foundation.framework; sourceTree = "<absolute>"; };
</span><span class="cx"> 51F0EC0705C86C9A00E6DF1B /* libobjc.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libobjc.dylib; path = /usr/lib/libobjc.dylib; sourceTree = "<absolute>"; };
</span><span class="cx"> 52678F8C1A031009006A306D /* BasicBlockLocation.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = BasicBlockLocation.cpp; sourceTree = "<group>"; };
</span><span class="lines">@@ -5781,6 +5785,8 @@
</span><span class="cx"> A7BDAEC517F4EA1400F6140C /* JSArrayIterator.h */,
</span><span class="cx"> 86FA9E8F142BBB2D001773B7 /* JSBoundFunction.cpp */,
</span><span class="cx"> 86FA9E90142BBB2E001773B7 /* JSBoundFunction.h */,
</span><ins>+ 46D4DCBB1C5AB2D500D8D321 /* JSBoundSlotBaseFunction.cpp */,
+ 46D4DCBC1C5AB2D500D8D321 /* JSBoundSlotBaseFunction.h */,
</ins><span class="cx"> 657CF45619BF6662004ACBF2 /* JSCallee.cpp */,
</span><span class="cx"> 657CF45719BF6662004ACBF2 /* JSCallee.h */,
</span><span class="cx"> BC7F8FBA0E19D1EF008632C0 /* JSCell.cpp */,
</span><span class="lines">@@ -8047,6 +8053,7 @@
</span><span class="cx"> A5FD0070189B00AA00633231 /* ScriptCallStack.h in Headers */,
</span><span class="cx"> A5FD007E189B0B4C00633231 /* ScriptCallStackFactory.h in Headers */,
</span><span class="cx"> A503FA22188EFF6800110F14 /* ScriptDebugListener.h in Headers */,
</span><ins>+ 46D4DCBE1C5AB2D500D8D321 /* JSBoundSlotBaseFunction.h in Headers */,
</ins><span class="cx"> A503FA26188EFFFD00110F14 /* ScriptDebugServer.h in Headers */,
</span><span class="cx"> A55D93A6185012A800400DED /* ScriptFunctionCall.h in Headers */,
</span><span class="cx"> A54CF2FA184EAEDA00237F19 /* ScriptObject.h in Headers */,
</span><span class="lines">@@ -8976,6 +8983,7 @@
</span><span class="cx"> 0F1725FF1B48719A00AC3A55 /* DFGMinifiedGraph.cpp in Sources */,
</span><span class="cx"> 0F2BDC4D1522818600CD8910 /* DFGMinifiedNode.cpp in Sources */,
</span><span class="cx"> 0F8F14351ADF090100ED792C /* DFGMovHintRemovalPhase.cpp in Sources */,
</span><ins>+ 46D4DCBD1C5AB2D500D8D321 /* JSBoundSlotBaseFunction.cpp in Sources */,
</ins><span class="cx"> 0FF2CD5B1B61A4F8004955A8 /* DFGMultiGetByOffsetData.cpp in Sources */,
</span><span class="cx"> A737810D1799EA2E00817533 /* DFGNaturalLoops.cpp in Sources */,
</span><span class="cx"> 0FF0F19C16B72A03005DF95B /* DFGNode.cpp in Sources */,
</span></span></pre></div>
<a id="tagsSafari6021186SourceJavaScriptCoreinspectorInjectedScriptSourcejs"></a>
<div class="modfile"><h4>Modified: tags/Safari-602.1.18.6/Source/JavaScriptCore/inspector/InjectedScriptSource.js (196317 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/Source/JavaScriptCore/inspector/InjectedScriptSource.js 2016-02-09 18:28:30 UTC (rev 196317)
+++ tags/Safari-602.1.18.6/Source/JavaScriptCore/inspector/InjectedScriptSource.js 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -54,6 +54,14 @@
</span><span class="cx"> return "" + (obj >>> 0) === obj;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+function endsWith(str, suffix)
+{
+ var position = str.length - suffix.length;
+ if (position < 0)
+ return false;
+ return str.indexOf(suffix, position) === position;
+}
+
</ins><span class="cx"> function isSymbol(obj)
</span><span class="cx"> {
</span><span class="cx"> return typeof obj === "symbol";
</span><span class="lines">@@ -680,8 +688,10 @@
</span><span class="cx"> continue;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (descriptor.hasOwnProperty("get") && descriptor.hasOwnProperty("set") && !descriptor.get && !descriptor.set) {
- // FIXME: <https://webkit.org/b/140575> Web Inspector: Native Bindings Descriptors are Incomplete
</del><ins>+ if (endsWith(String(descriptor.get), "[native code]\n}") ||
+ (!descriptor.get && descriptor.hasOwnProperty("get") && !descriptor.set && descriptor.hasOwnProperty("set"))) {
+ // FIXME: Some Native Bindings Descriptors are Incomplete
+ // <https://webkit.org/b/141585> Some IDL attributes appear on the instances instead of on prototypes
</ins><span class="cx"> // Developers may create such a descriptors, so we should be resilient:
</span><span class="cx"> // var x = {}; Object.defineProperty(x, "p", {get:undefined}); Object.getOwnPropertyDescriptor(x, "p")
</span><span class="cx"> var fakeDescriptor = createFakeValueDescriptor(name, symbol, descriptor, isOwnProperty, true);
</span></span></pre></div>
<a id="tagsSafari6021186SourceJavaScriptCoreruntimeJSBoundSlotBaseFunctioncppfromrev196001trunkSourceJavaScriptCoreruntimeJSBoundSlotBaseFunctioncpp"></a>
<div class="copfile"><h4>Copied: tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/JSBoundSlotBaseFunction.cpp (from rev 196001, trunk/Source/JavaScriptCore/runtime/JSBoundSlotBaseFunction.cpp) (0 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/JSBoundSlotBaseFunction.cpp (rev 0)
+++ tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/JSBoundSlotBaseFunction.cpp 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -0,0 +1,94 @@
</span><ins>+/*
+ * Copyright (C) 2015, 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "JSBoundSlotBaseFunction.h"
+
+#include "CustomGetterSetter.h"
+#include "GetterSetter.h"
+#include "JSCInlines.h"
+#include "JSGlobalObject.h"
+
+namespace JSC {
+
+const ClassInfo JSBoundSlotBaseFunction::s_info = { "Function", &Base::s_info, 0, CREATE_METHOD_TABLE(JSBoundSlotBaseFunction) };
+
+EncodedJSValue JSC_HOST_CALL boundSlotBaseFunctionCall(ExecState* exec)
+{
+ JSBoundSlotBaseFunction* boundSlotBaseFunction = jsCast<JSBoundSlotBaseFunction*>(exec->callee());
+ JSObject* baseObject = boundSlotBaseFunction->boundSlotBase();
+ CustomGetterSetter* customGetterSetter = boundSlotBaseFunction->customGetterSetter();
+
+ if (boundSlotBaseFunction->isSetter()) {
+ callCustomSetter(exec, customGetterSetter, baseObject, exec->thisValue(), exec->argument(0));
+ return JSValue::encode(jsUndefined());
+ }
+
+ CustomGetterSetter::CustomGetter getter = customGetterSetter->getter();
+ if (!getter)
+ return JSValue::encode(jsUndefined());
+
+ const String& name = boundSlotBaseFunction->name(exec);
+ return getter(exec, baseObject, JSValue::encode(exec->thisValue()), PropertyName(Identifier::fromString(exec, name)));
+}
+
+JSBoundSlotBaseFunction::JSBoundSlotBaseFunction(VM& vm, JSGlobalObject* globalObject, Structure* structure, const Type type)
+ : Base(vm, globalObject, structure)
+ , m_type(type)
+{
+}
+
+JSBoundSlotBaseFunction* JSBoundSlotBaseFunction::create(VM& vm, JSGlobalObject* globalObject, JSObject* boundSlotBase, CustomGetterSetter* getterSetter, const Type type, const String& name)
+{
+ NativeExecutable* executable = vm.getHostFunction(boundSlotBaseFunctionCall, callHostFunctionAsConstructor, name);
+
+ JSBoundSlotBaseFunction* function = new (NotNull, allocateCell<JSBoundSlotBaseFunction>(vm.heap)) JSBoundSlotBaseFunction(vm, globalObject, globalObject->boundSlotBaseFunctionStructure(), type);
+
+ // Can't do this during initialization because getHostFunction might do a GC allocation.
+ function->finishCreation(vm, executable, boundSlotBase, getterSetter, name);
+ return function;
+}
+
+void JSBoundSlotBaseFunction::visitChildren(JSCell* cell, SlotVisitor& visitor)
+{
+ JSBoundSlotBaseFunction* thisObject = jsCast<JSBoundSlotBaseFunction*>(cell);
+ ASSERT_GC_OBJECT_INHERITS(thisObject, info());
+ Base::visitChildren(thisObject, visitor);
+
+ visitor.append(&thisObject->m_boundSlotBase);
+ visitor.append(&thisObject->m_getterSetter);
+}
+
+void JSBoundSlotBaseFunction::finishCreation(VM& vm, NativeExecutable* executable, JSObject* boundSlotBase, CustomGetterSetter* getterSetter, const String& name)
+{
+ Base::finishCreation(vm, executable, isSetter(), name);
+ ASSERT(inherits(info()));
+ ASSERT(boundSlotBase);
+ ASSERT(getterSetter);
+ m_boundSlotBase.set(vm, this, boundSlotBase);
+ m_getterSetter.set(vm, this, getterSetter);
+}
+
+} // namespace JSC
</ins></span></pre></div>
<a id="tagsSafari6021186SourceJavaScriptCoreruntimeJSBoundSlotBaseFunctionhfromrev196001trunkSourceJavaScriptCoreruntimeJSBoundSlotBaseFunctionh"></a>
<div class="copfile"><h4>Copied: tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/JSBoundSlotBaseFunction.h (from rev 196001, trunk/Source/JavaScriptCore/runtime/JSBoundSlotBaseFunction.h) (0 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/JSBoundSlotBaseFunction.h (rev 0)
+++ tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/JSBoundSlotBaseFunction.h 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -0,0 +1,75 @@
</span><ins>+/*
+ * Copyright (C) 2015, 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef JSBoundSlotBaseFunction_h
+#define JSBoundSlotBaseFunction_h
+
+#include "JSFunction.h"
+
+namespace JSC {
+
+class CustomGetterSetter;
+
+EncodedJSValue JSC_HOST_CALL boundSlotBaseFunctionCall(ExecState*);
+
+class JSBoundSlotBaseFunction : public JSFunction {
+public:
+ typedef JSFunction Base;
+
+ // The Type is set to the number of arguments the resultant function will have.
+ enum class Type { Getter = 0, Setter = 1 };
+
+ static const unsigned StructureFlags = Base::StructureFlags;
+
+ static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
+ {
+ ASSERT(globalObject);
+ return Structure::create(vm, globalObject, prototype, TypeInfo(JSFunctionType, StructureFlags), info());
+ }
+
+ static JSBoundSlotBaseFunction* create(VM&, JSGlobalObject*, JSObject*, CustomGetterSetter*, const Type, const String&);
+
+ JSObject* boundSlotBase() const { return m_boundSlotBase.get(); }
+ CustomGetterSetter* customGetterSetter() const { return m_getterSetter.get(); }
+ bool isSetter() const { return m_type == Type::Setter; }
+
+ DECLARE_EXPORT_INFO;
+
+protected:
+ static void visitChildren(JSCell*, SlotVisitor&);
+
+private:
+ JSBoundSlotBaseFunction(VM&, JSGlobalObject*, Structure*, Type);
+
+ void finishCreation(VM&, NativeExecutable*, JSObject*, CustomGetterSetter*, const String&);
+
+ WriteBarrier<JSObject> m_boundSlotBase;
+ WriteBarrier<CustomGetterSetter> m_getterSetter;
+ Type m_type;
+};
+
+} // namespace JSC
+
+#endif // JSBoundSlotBaseFunction_h
</ins></span></pre></div>
<a id="tagsSafari6021186SourceJavaScriptCoreruntimeJSGlobalObjectcpp"></a>
<div class="modfile"><h4>Modified: tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/JSGlobalObject.cpp (196317 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/JSGlobalObject.cpp 2016-02-09 18:28:30 UTC (rev 196317)
+++ tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/JSGlobalObject.cpp 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -64,6 +64,7 @@
</span><span class="cx"> #include "JSArrayBufferPrototype.h"
</span><span class="cx"> #include "JSArrayIterator.h"
</span><span class="cx"> #include "JSBoundFunction.h"
</span><ins>+#include "JSBoundSlotBaseFunction.h"
</ins><span class="cx"> #include "JSCInlines.h"
</span><span class="cx"> #include "JSCallbackConstructor.h"
</span><span class="cx"> #include "JSCallbackFunction.h"
</span><span class="lines">@@ -278,6 +279,7 @@
</span><span class="cx"> exec->setCallee(m_globalCallee.get());
</span><span class="cx">
</span><span class="cx"> m_functionStructure.set(vm, this, JSFunction::createStructure(vm, this, m_functionPrototype.get()));
</span><ins>+ m_boundSlotBaseFunctionStructure.set(vm, this, JSBoundSlotBaseFunction::createStructure(vm, this, m_functionPrototype.get()));
</ins><span class="cx"> m_boundFunctionStructure.set(vm, this, JSBoundFunction::createStructure(vm, this, m_functionPrototype.get()));
</span><span class="cx"> m_nativeStdFunctionStructure.set(vm, this, JSNativeStdFunction::createStructure(vm, this, m_functionPrototype.get()));
</span><span class="cx"> m_namedFunctionStructure.set(vm, this, Structure::addPropertyTransition(vm, m_functionStructure.get(), vm.propertyNames->name, DontDelete | ReadOnly | DontEnum, m_functionNameOffset));
</span><span class="lines">@@ -888,6 +890,7 @@
</span><span class="cx"> visitor.append(&thisObject->m_errorStructure);
</span><span class="cx"> visitor.append(&thisObject->m_calleeStructure);
</span><span class="cx"> visitor.append(&thisObject->m_functionStructure);
</span><ins>+ visitor.append(&thisObject->m_boundSlotBaseFunctionStructure);
</ins><span class="cx"> visitor.append(&thisObject->m_boundFunctionStructure);
</span><span class="cx"> visitor.append(&thisObject->m_nativeStdFunctionStructure);
</span><span class="cx"> visitor.append(&thisObject->m_namedFunctionStructure);
</span></span></pre></div>
<a id="tagsSafari6021186SourceJavaScriptCoreruntimeJSGlobalObjecth"></a>
<div class="modfile"><h4>Modified: tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/JSGlobalObject.h (196317 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/JSGlobalObject.h 2016-02-09 18:28:30 UTC (rev 196317)
+++ tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/JSGlobalObject.h 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -263,6 +263,7 @@
</span><span class="cx"> WriteBarrier<Structure> m_calleeStructure;
</span><span class="cx"> WriteBarrier<Structure> m_functionStructure;
</span><span class="cx"> WriteBarrier<Structure> m_boundFunctionStructure;
</span><ins>+ WriteBarrier<Structure> m_boundSlotBaseFunctionStructure;
</ins><span class="cx"> WriteBarrier<Structure> m_nativeStdFunctionStructure;
</span><span class="cx"> WriteBarrier<Structure> m_namedFunctionStructure;
</span><span class="cx"> PropertyOffset m_functionNameOffset;
</span><span class="lines">@@ -511,6 +512,7 @@
</span><span class="cx"> Structure* calleeStructure() const { return m_calleeStructure.get(); }
</span><span class="cx"> Structure* functionStructure() const { return m_functionStructure.get(); }
</span><span class="cx"> Structure* boundFunctionStructure() const { return m_boundFunctionStructure.get(); }
</span><ins>+ Structure* boundSlotBaseFunctionStructure() const { return m_boundSlotBaseFunctionStructure.get(); }
</ins><span class="cx"> Structure* nativeStdFunctionStructure() const { return m_nativeStdFunctionStructure.get(); }
</span><span class="cx"> Structure* namedFunctionStructure() const { return m_namedFunctionStructure.get(); }
</span><span class="cx"> PropertyOffset functionNameOffset() const { return m_functionNameOffset; }
</span></span></pre></div>
<a id="tagsSafari6021186SourceJavaScriptCoreruntimeJSObjectcpp"></a>
<div class="modfile"><h4>Modified: tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/JSObject.cpp (196317 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/JSObject.cpp 2016-02-09 18:28:30 UTC (rev 196317)
+++ tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/JSObject.cpp 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -36,6 +36,7 @@
</span><span class="cx"> #include "Executable.h"
</span><span class="cx"> #include "GetterSetter.h"
</span><span class="cx"> #include "IndexingHeaderInlines.h"
</span><ins>+#include "JSBoundSlotBaseFunction.h"
</ins><span class="cx"> #include "JSFunction.h"
</span><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "Lookup.h"
</span><span class="lines">@@ -2530,6 +2531,17 @@
</span><span class="cx"> return Butterfly::createOrGrowPropertyStorage(m_butterfly.get(this), vm, this, structure(vm), oldSize, newSize);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+static JSBoundSlotBaseFunction* getBoundSlotBaseFunctionForGetterSetter(ExecState* exec, PropertyName propertyName, JSC::PropertySlot& slot, CustomGetterSetter* getterSetter, JSBoundSlotBaseFunction::Type type)
+{
+ auto key = std::make_pair(getterSetter, (int)type);
+ JSBoundSlotBaseFunction* boundSlotBase = exec->vm().customGetterSetterFunctionMap.get(key);
+ if (!boundSlotBase) {
+ boundSlotBase = JSBoundSlotBaseFunction::create(exec->vm(), exec->lexicalGlobalObject(), slot.slotBase(), getterSetter, type, propertyName.publicName());
+ exec->vm().customGetterSetterFunctionMap.set(key, boundSlotBase);
+ }
+ return boundSlotBase;
+}
+
</ins><span class="cx"> bool JSObject::getOwnPropertyDescriptor(ExecState* exec, PropertyName propertyName, PropertyDescriptor& descriptor)
</span><span class="cx"> {
</span><span class="cx"> JSC::PropertySlot slot(this);
</span><span class="lines">@@ -2540,9 +2552,20 @@
</span><span class="cx"> return false;
</span><span class="cx"> if (slot.isAccessor())
</span><span class="cx"> descriptor.setAccessorDescriptor(slot.getterSetter(), slot.attributes());
</span><del>- else if (slot.attributes() & CustomAccessor)
</del><ins>+ else if (slot.attributes() & CustomAccessor) {
</ins><span class="cx"> descriptor.setCustomDescriptor(slot.attributes());
</span><del>- else
</del><ins>+
+ JSValue maybeGetterSetter = getDirect(exec->vm(), propertyName);
+ // FIXME: This currently does not work for properties that are on the instance and not reified.
+ if (maybeGetterSetter) {
+ auto* getterSetter = jsCast<CustomGetterSetter*>(maybeGetterSetter);
+ ASSERT(getterSetter);
+ if (getterSetter->getter())
+ descriptor.setGetter(getBoundSlotBaseFunctionForGetterSetter(exec, propertyName, slot, getterSetter, JSBoundSlotBaseFunction::Type::Getter));
+ if (getterSetter->setter())
+ descriptor.setSetter(getBoundSlotBaseFunctionForGetterSetter(exec, propertyName, slot, getterSetter, JSBoundSlotBaseFunction::Type::Setter));
+ }
+ } else
</ins><span class="cx"> descriptor.setDescriptor(slot.getValue(exec, propertyName), slot.attributes());
</span><span class="cx"> return true;
</span><span class="cx"> }
</span></span></pre></div>
<a id="tagsSafari6021186SourceJavaScriptCoreruntimePropertyDescriptorcpp"></a>
<div class="modfile"><h4>Modified: tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/PropertyDescriptor.cpp (196317 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/PropertyDescriptor.cpp 2016-02-09 18:28:30 UTC (rev 196317)
+++ tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/PropertyDescriptor.cpp 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -232,7 +232,7 @@
</span><span class="cx"> overrideMask |= DontDelete;
</span><span class="cx"> if (isAccessorDescriptor())
</span><span class="cx"> overrideMask |= Accessor;
</span><del>- return (m_attributes & overrideMask) | (currentAttributes & ~overrideMask);
</del><ins>+ return (m_attributes & overrideMask) | (currentAttributes & ~overrideMask & ~CustomAccessor);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> }
</span></span></pre></div>
<a id="tagsSafari6021186SourceJavaScriptCoreruntimeVMcpp"></a>
<div class="modfile"><h4>Modified: tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/VM.cpp (196317 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/VM.cpp 2016-02-09 18:28:30 UTC (rev 196317)
+++ tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/VM.cpp 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -157,6 +157,7 @@
</span><span class="cx"> , m_atomicStringTable(vmType == Default ? wtfThreadData().atomicStringTable() : new AtomicStringTable)
</span><span class="cx"> , propertyNames(nullptr)
</span><span class="cx"> , emptyList(new MarkedArgumentBuffer)
</span><ins>+ , customGetterSetterFunctionMap(*this)
</ins><span class="cx"> , stringCache(*this)
</span><span class="cx"> , prototypeMap(*this)
</span><span class="cx"> , interpreter(0)
</span></span></pre></div>
<a id="tagsSafari6021186SourceJavaScriptCoreruntimeVMh"></a>
<div class="modfile"><h4>Modified: tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/VM.h (196317 => 196318)</h4>
<pre class="diff"><span>
<span class="info">--- tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/VM.h 2016-02-09 18:28:30 UTC (rev 196317)
+++ tags/Safari-602.1.18.6/Source/JavaScriptCore/runtime/VM.h 2016-02-09 18:31:39 UTC (rev 196318)
</span><span class="lines">@@ -80,6 +80,7 @@
</span><span class="cx"> class CodeBlock;
</span><span class="cx"> class CodeCache;
</span><span class="cx"> class CommonIdentifiers;
</span><ins>+class CustomGetterSetter;
</ins><span class="cx"> class ExecState;
</span><span class="cx"> class Exception;
</span><span class="cx"> class HandleStack;
</span><span class="lines">@@ -87,6 +88,7 @@
</span><span class="cx"> class TypeProfilerLog;
</span><span class="cx"> class Identifier;
</span><span class="cx"> class Interpreter;
</span><ins>+class JSBoundSlotBaseFunction;
</ins><span class="cx"> class JSGlobalObject;
</span><span class="cx"> class JSObject;
</span><span class="cx"> class LLIntOffsetsExtractor;
</span><span class="lines">@@ -334,6 +336,7 @@
</span><span class="cx"> NumericStrings numericStrings;
</span><span class="cx"> DateInstanceCache dateInstanceCache;
</span><span class="cx"> WTF::SimpleStats machineCodeBytesPerBytecodeWordForBaselineJIT;
</span><ins>+ WeakGCMap<std::pair<CustomGetterSetter*, int>, JSBoundSlotBaseFunction> customGetterSetterFunctionMap;
</ins><span class="cx"> WeakGCMap<StringImpl*, JSString, PtrHash<StringImpl*>> stringCache;
</span><span class="cx"> Strong<JSString> lastCachedString;
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>