<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[203937] trunk/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/203937">203937</a></dd>
<dt>Author</dt> <dd>keith_miller@apple.com</dd>
<dt>Date</dt> <dd>2016-07-29 19:02:48 -0700 (Fri, 29 Jul 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>TypedArray super constructor has some incompatabilities
https://bugs.webkit.org/show_bug.cgi?id=160369
Reviewed by Filip Pizlo.
This patch fixes the length proprety of the TypedArray super constructor.
Additionally, the TypedArray super constructor should no longer be callable.
Also, this patch fixes the expected result of some test262 tests.
* runtime/JSTypedArrayViewConstructor.cpp:
(JSC::JSTypedArrayViewConstructor::finishCreation):
(JSC::constructTypedArrayView):
(JSC::JSTypedArrayViewConstructor::getCallData):
* tests/test262.yaml:</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSTypedArrayViewConstructorcpp">trunk/Source/JavaScriptCore/runtime/JSTypedArrayViewConstructor.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreteststest262yaml">trunk/Source/JavaScriptCore/tests/test262.yaml</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (203936 => 203937)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2016-07-30 01:25:31 UTC (rev 203936)
+++ trunk/Source/JavaScriptCore/ChangeLog 2016-07-30 02:02:48 UTC (rev 203937)
</span><span class="lines">@@ -1,3 +1,21 @@
</span><ins>+2016-07-29 Keith Miller <keith_miller@apple.com>
+
+ TypedArray super constructor has some incompatabilities
+ https://bugs.webkit.org/show_bug.cgi?id=160369
+
+ Reviewed by Filip Pizlo.
+
+ This patch fixes the length proprety of the TypedArray super constructor.
+ Additionally, the TypedArray super constructor should no longer be callable.
+
+ Also, this patch fixes the expected result of some test262 tests.
+
+ * runtime/JSTypedArrayViewConstructor.cpp:
+ (JSC::JSTypedArrayViewConstructor::finishCreation):
+ (JSC::constructTypedArrayView):
+ (JSC::JSTypedArrayViewConstructor::getCallData):
+ * tests/test262.yaml:
+
</ins><span class="cx"> 2016-07-29 Jonathan Bedard <jbedard@apple.com>
</span><span class="cx">
</span><span class="cx"> Undefined Behavior in JSValue cast from NaN
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSTypedArrayViewConstructorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSTypedArrayViewConstructor.cpp (203936 => 203937)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSTypedArrayViewConstructor.cpp 2016-07-30 01:25:31 UTC (rev 203936)
+++ trunk/Source/JavaScriptCore/runtime/JSTypedArrayViewConstructor.cpp 2016-07-30 02:02:48 UTC (rev 203937)
</span><span class="lines">@@ -49,7 +49,7 @@
</span><span class="cx"> {
</span><span class="cx"> Base::finishCreation(vm, "TypedArray");
</span><span class="cx"> putDirectWithoutTransition(vm, vm.propertyNames->prototype, prototype, DontEnum | DontDelete | ReadOnly);
</span><del>- putDirectWithoutTransition(vm, vm.propertyNames->length, jsNumber(3), DontEnum | DontDelete | ReadOnly);
</del><ins>+ putDirectWithoutTransition(vm, vm.propertyNames->length, jsNumber(0), DontEnum | ReadOnly);
</ins><span class="cx"> putDirectNonIndexAccessor(vm, vm.propertyNames->speciesSymbol, speciesSymbol, Accessor | ReadOnly | DontEnum);
</span><span class="cx">
</span><span class="cx"> JSC_BUILTIN_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->of, typedArrayConstructorOfCodeGenerator, DontEnum);
</span><span class="lines">@@ -63,44 +63,10 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx">
</span><del>-// The only way we can call this function is through Reflect.construct or if they mucked with the TypedArray prototype chain.
-// In either case we are ok with this being slow.
</del><ins>+
</ins><span class="cx"> static EncodedJSValue JSC_HOST_CALL constructTypedArrayView(ExecState* exec)
</span><span class="cx"> {
</span><del>- JSValue value = exec->newTarget();
-
- JSObject* object = jsDynamicCast<JSObject*>(value);
- if (!object)
- return JSValue::encode(throwTypeError(exec, ASCIILiteral("new.target passed to TypedArray is not an object.")));
-
- ConstructData data;
- if (object->methodTable()->getConstructData(object, data) == ConstructType::None)
- return JSValue::encode(throwTypeError(exec, ASCIILiteral("new.target passed to TypedArray is not a valid constructor.")));
-
- for (; !value.isNull(); value = jsCast<JSObject*>(value)->getPrototypeDirect()) {
- if (jsDynamicCast<JSTypedArrayViewConstructor*>(value))
- return JSValue::encode(throwTypeError(exec, ASCIILiteral("Unable to find TypedArray constructor that inherits from TypedArray.")));
- if (jsDynamicCast<JSGenericTypedArrayViewConstructor<JSInt8Array>*>(value))
- return constructGenericTypedArrayView<JSInt8Array>(exec);
- if (jsDynamicCast<JSGenericTypedArrayViewConstructor<JSInt16Array>*>(value))
- return constructGenericTypedArrayView<JSInt16Array>(exec);
- if (jsDynamicCast<JSGenericTypedArrayViewConstructor<JSInt32Array>*>(value))
- return constructGenericTypedArrayView<JSInt32Array>(exec);
- if (jsDynamicCast<JSGenericTypedArrayViewConstructor<JSUint8Array>*>(value))
- return constructGenericTypedArrayView<JSUint8Array>(exec);
- if (jsDynamicCast<JSGenericTypedArrayViewConstructor<JSUint16Array>*>(value))
- return constructGenericTypedArrayView<JSUint16Array>(exec);
- if (jsDynamicCast<JSGenericTypedArrayViewConstructor<JSUint32Array>*>(value))
- return constructGenericTypedArrayView<JSUint32Array>(exec);
- if (jsDynamicCast<JSGenericTypedArrayViewConstructor<JSUint8ClampedArray>*>(value))
- return constructGenericTypedArrayView<JSUint8ClampedArray>(exec);
- if (jsDynamicCast<JSGenericTypedArrayViewConstructor<JSFloat32Array>*>(value))
- return constructGenericTypedArrayView<JSFloat32Array>(exec);
- if (jsDynamicCast<JSGenericTypedArrayViewConstructor<JSFloat64Array>*>(value))
- return constructGenericTypedArrayView<JSFloat64Array>(exec);
- }
-
- return JSValue::encode(throwTypeError(exec, ASCIILiteral("Unable to find TypedArray constructor in prototype-chain, hit null.")));
</del><ins>+ return throwVMTypeError(exec, ASCIILiteral("%TypedArray% should not be called directly"));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> ConstructType JSTypedArrayViewConstructor::getConstructData(JSCell*, ConstructData& constructData)
</span><span class="lines">@@ -111,8 +77,8 @@
</span><span class="cx">
</span><span class="cx"> CallType JSTypedArrayViewConstructor::getCallData(JSCell*, CallData& callData)
</span><span class="cx"> {
</span><del>- callData.native.function = nullptr;
- return CallType::None;
</del><ins>+ callData.native.function = constructTypedArrayView;
+ return CallType::Host;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreteststest262yaml"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/tests/test262.yaml (203936 => 203937)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/test262.yaml 2016-07-30 01:25:31 UTC (rev 203936)
+++ trunk/Source/JavaScriptCore/tests/test262.yaml 2016-07-30 02:02:48 UTC (rev 203937)
</span><span class="lines">@@ -45256,9 +45256,9 @@
</span><span class="cx"> - path: test262/test/built-ins/TypedArray/invoked.js
</span><span class="cx"> cmd: runTest262 :normal, "NoException", ["../../../harness/assert.js", "../../../harness/sta.js", "../../../harness/testTypedArray.js"], [:strict]
</span><span class="cx"> - path: test262/test/built-ins/TypedArray/length.js
</span><del>- cmd: runTest262 :fail, "NoException", ["../../../harness/assert.js", "../../../harness/sta.js", "../../../harness/propertyHelper.js", "../../../harness/testTypedArray.js"], []
</del><ins>+ cmd: runTest262 :normal, "NoException", ["../../../harness/assert.js", "../../../harness/sta.js", "../../../harness/propertyHelper.js", "../../../harness/testTypedArray.js"], []
</ins><span class="cx"> - path: test262/test/built-ins/TypedArray/length.js
</span><del>- cmd: runTest262 :fail, "NoException", ["../../../harness/assert.js", "../../../harness/sta.js", "../../../harness/propertyHelper.js", "../../../harness/testTypedArray.js"], [:strict]
</del><ins>+ cmd: runTest262 :normal, "NoException", ["../../../harness/assert.js", "../../../harness/sta.js", "../../../harness/propertyHelper.js", "../../../harness/testTypedArray.js"], [:strict]
</ins><span class="cx"> - path: test262/test/built-ins/TypedArray/name.js
</span><span class="cx"> cmd: runTest262 :normal, "NoException", ["../../../harness/assert.js", "../../../harness/sta.js", "../../../harness/propertyHelper.js", "../../../harness/testTypedArray.js"], []
</span><span class="cx"> - path: test262/test/built-ins/TypedArray/name.js
</span><span class="lines">@@ -46312,9 +46312,9 @@
</span><span class="cx"> - path: test262/test/built-ins/TypedArray/prototype/indexOf/search-not-found-returns-minus-one.js
</span><span class="cx"> cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js", "../../../../../harness/testTypedArray.js"], [:strict]
</span><span class="cx"> - path: test262/test/built-ins/TypedArray/prototype/indexOf/strict-comparison.js
</span><del>- cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js", "../../../../../harness/testTypedArray.js"], []
</del><ins>+ cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js", "../../../../../harness/testTypedArray.js"], []
</ins><span class="cx"> - path: test262/test/built-ins/TypedArray/prototype/indexOf/strict-comparison.js
</span><del>- cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js", "../../../../../harness/testTypedArray.js"], [:strict]
</del><ins>+ cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js", "../../../../../harness/testTypedArray.js"], [:strict]
</ins><span class="cx"> - path: test262/test/built-ins/TypedArray/prototype/indexOf/this-is-not-object.js
</span><span class="cx"> cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js", "../../../../../harness/testTypedArray.js"], []
</span><span class="cx"> - path: test262/test/built-ins/TypedArray/prototype/indexOf/this-is-not-object.js
</span><span class="lines">@@ -46488,9 +46488,9 @@
</span><span class="cx"> - path: test262/test/built-ins/TypedArray/prototype/lastIndexOf/search-not-found-returns-minus-one.js
</span><span class="cx"> cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js", "../../../../../harness/testTypedArray.js"], [:strict]
</span><span class="cx"> - path: test262/test/built-ins/TypedArray/prototype/lastIndexOf/strict-comparison.js
</span><del>- cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js", "../../../../../harness/testTypedArray.js"], []
</del><ins>+ cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js", "../../../../../harness/testTypedArray.js"], []
</ins><span class="cx"> - path: test262/test/built-ins/TypedArray/prototype/lastIndexOf/strict-comparison.js
</span><del>- cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js", "../../../../../harness/testTypedArray.js"], [:strict]
</del><ins>+ cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js", "../../../../../harness/testTypedArray.js"], [:strict]
</ins><span class="cx"> - path: test262/test/built-ins/TypedArray/prototype/lastIndexOf/this-is-not-object.js
</span><span class="cx"> cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js", "../../../../../harness/testTypedArray.js"], []
</span><span class="cx"> - path: test262/test/built-ins/TypedArray/prototype/lastIndexOf/this-is-not-object.js
</span></span></pre>
</div>
</div>
</body>
</html>