<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[207652] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/207652">207652</a></dd>
<dt>Author</dt> <dd>utatane.tea@gmail.com</dd>
<dt>Date</dt> <dd>2016-10-20 18:33:14 -0700 (Thu, 20 Oct 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>[JSC] Drop isEnvironmentRecord type info flag and use JSType information instead
https://bugs.webkit.org/show_bug.cgi?id=163761
Reviewed by Keith Miller.
JSTests:
* modules/string-prototype-module-scope.js: Added.
(shouldBe):
(catch):
(refer):
* stress/string-prototype-scopes-global-lexical-environment-strict.js: Added.
(shouldBe):
(catch):
* stress/string-prototype-scopes-global-lexical-environment.js: Added.
(shouldBe):
(catch):
* stress/string-prototype-scopes-strict.js: Added.
(shouldBe):
(catch):
(try.refer):
(refer):
* stress/string-prototype-scopes.js: Added.
(shouldBe):
(catch):
(try.refer):
(refer):
(object.toString):
(with):
Source/JavaScriptCore:
When we call a function in the following form,
var charAt = String.prototype.charAt;
charAt(); // |this| becomes the global object.
we should see |this| as undefined/null. In StringPrototype.cpp,
we use IsEnvironmentRecord type info flag to check whther the
given |this| is an environment record.
However, type info flag is precious thing and only StringPrototype.cpp
uses IsEnvironmentRecord. In addition to that, JSType should
already knows whether the given object is an environment record.
So IsEnvironmentRecord type info flag should be dropped.
This patch adds a new JSType, StrictEvalActivation. And we add a new
method JSObject::isEnvironmentRecord(). This method uses JSType to
return the result. And we drop IsEnvironmentRecord type info flag.
This patch makes a room for putting one bit flag to the out of line
type info flag. Previously, it is already exhausted.
* llint/LLIntData.cpp:
(JSC::LLInt::Data::performAssertions):
* llint/LowLevelInterpreter.asm:
* runtime/JSObject.h:
(JSC::JSObject::isStrictEvalActivation):
(JSC::JSObject::isEnvironmentRecord):
* runtime/JSSymbolTableObject.h:
* runtime/JSType.h:
* runtime/JSTypeInfo.h:
(JSC::TypeInfo::newImpurePropertyFiresWatchpoints):
(JSC::TypeInfo::isEnvironmentRecord): Deleted.
* runtime/StrictEvalActivation.h:
(JSC::StrictEvalActivation::createStructure):
* runtime/StringPrototype.cpp:
(JSC::checkObjectCoercible):
LayoutTests:
* js/dom/script-tests/string-prototype-scopes-in-workers.js: Added.
(catch):
* js/dom/script-tests/string-prototype-scopes.js: Added.
(catch):
* js/dom/string-prototype-scopes-expected.txt: Added.
* js/dom/string-prototype-scopes-in-workers-expected.txt: Added.
* js/dom/string-prototype-scopes-in-workers.html: Added.
* js/dom/string-prototype-scopes.html: Added.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkJSTestsChangeLog">trunk/JSTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCorellintLLIntDatacpp">trunk/Source/JavaScriptCore/llint/LLIntData.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorellintLowLevelInterpreterasm">trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSObjecth">trunk/Source/JavaScriptCore/runtime/JSObject.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSSymbolTableObjecth">trunk/Source/JavaScriptCore/runtime/JSSymbolTableObject.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSTypeh">trunk/Source/JavaScriptCore/runtime/JSType.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSTypeInfoh">trunk/Source/JavaScriptCore/runtime/JSTypeInfo.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeStrictEvalActivationh">trunk/Source/JavaScriptCore/runtime/StrictEvalActivation.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeStringPrototypecpp">trunk/Source/JavaScriptCore/runtime/StringPrototype.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkJSTestsmodulesstringprototypemodulescopejs">trunk/JSTests/modules/string-prototype-module-scope.js</a></li>
<li><a href="#trunkJSTestsstressstringprototypescopesgloballexicalenvironmentstrictjs">trunk/JSTests/stress/string-prototype-scopes-global-lexical-environment-strict.js</a></li>
<li><a href="#trunkJSTestsstressstringprototypescopesgloballexicalenvironmentjs">trunk/JSTests/stress/string-prototype-scopes-global-lexical-environment.js</a></li>
<li><a href="#trunkJSTestsstressstringprototypescopesstrictjs">trunk/JSTests/stress/string-prototype-scopes-strict.js</a></li>
<li><a href="#trunkJSTestsstressstringprototypescopesjs">trunk/JSTests/stress/string-prototype-scopes.js</a></li>
<li><a href="#trunkLayoutTestsjsdomscripttestsstringprototypescopesinworkersjs">trunk/LayoutTests/js/dom/script-tests/string-prototype-scopes-in-workers.js</a></li>
<li><a href="#trunkLayoutTestsjsdomscripttestsstringprototypescopesjs">trunk/LayoutTests/js/dom/script-tests/string-prototype-scopes.js</a></li>
<li><a href="#trunkLayoutTestsjsdomstringprototypescopesexpectedtxt">trunk/LayoutTests/js/dom/string-prototype-scopes-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsdomstringprototypescopesinworkersexpectedtxt">trunk/LayoutTests/js/dom/string-prototype-scopes-in-workers-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsdomstringprototypescopesinworkershtml">trunk/LayoutTests/js/dom/string-prototype-scopes-in-workers.html</a></li>
<li><a href="#trunkLayoutTestsjsdomstringprototypescopeshtml">trunk/LayoutTests/js/dom/string-prototype-scopes.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkJSTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/JSTests/ChangeLog (207651 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/ChangeLog 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/JSTests/ChangeLog 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -1,3 +1,33 @@
</span><ins>+2016-10-20 Yusuke Suzuki <utatane.tea@gmail.com>
+
+ [JSC] Drop isEnvironmentRecord type info flag and use JSType information instead
+ https://bugs.webkit.org/show_bug.cgi?id=163761
+
+ Reviewed by Keith Miller.
+
+ * modules/string-prototype-module-scope.js: Added.
+ (shouldBe):
+ (catch):
+ (refer):
+ * stress/string-prototype-scopes-global-lexical-environment-strict.js: Added.
+ (shouldBe):
+ (catch):
+ * stress/string-prototype-scopes-global-lexical-environment.js: Added.
+ (shouldBe):
+ (catch):
+ * stress/string-prototype-scopes-strict.js: Added.
+ (shouldBe):
+ (catch):
+ (try.refer):
+ (refer):
+ * stress/string-prototype-scopes.js: Added.
+ (shouldBe):
+ (catch):
+ (try.refer):
+ (refer):
+ (object.toString):
+ (with):
+
</ins><span class="cx"> 2016-10-20 JF Bastien <jfbastien@apple.com>
</span><span class="cx">
</span><span class="cx"> WebAssembly API: implement exception constructors properly
</span></span></pre></div>
<a id="trunkJSTestsmodulesstringprototypemodulescopejs"></a>
<div class="addfile"><h4>Added: trunk/JSTests/modules/string-prototype-module-scope.js (0 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/modules/string-prototype-module-scope.js (rev 0)
+++ trunk/JSTests/modules/string-prototype-module-scope.js 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -0,0 +1,15 @@
</span><ins>+function shouldBe(actual, expected) {
+ if (actual !== expected)
+ throw new Error('bad value: ' + actual);
+}
+
+var error = null;
+try {
+ var charAt = String.prototype.charAt;
+ charAt();
+} catch (e) {
+ error = e;
+}
+shouldBe(String(error), `TypeError: Type error`);
+
+function refer() { charAt; }
</ins></span></pre></div>
<a id="trunkJSTestsstressstringprototypescopesgloballexicalenvironmentstrictjs"></a>
<div class="addfile"><h4>Added: trunk/JSTests/stress/string-prototype-scopes-global-lexical-environment-strict.js (0 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/stress/string-prototype-scopes-global-lexical-environment-strict.js (rev 0)
+++ trunk/JSTests/stress/string-prototype-scopes-global-lexical-environment-strict.js 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -0,0 +1,15 @@
</span><ins>+"use strict";
+
+function shouldBe(actual, expected) {
+ if (actual !== expected)
+ throw new Error('bad value: ' + actual);
+}
+
+var error = null;
+let charAt = String.prototype.charAt;
+try {
+ charAt();
+} catch (e) {
+ error = e;
+}
+shouldBe(String(error), `TypeError: Type error`);
</ins></span></pre></div>
<a id="trunkJSTestsstressstringprototypescopesgloballexicalenvironmentjs"></a>
<div class="addfile"><h4>Added: trunk/JSTests/stress/string-prototype-scopes-global-lexical-environment.js (0 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/stress/string-prototype-scopes-global-lexical-environment.js (rev 0)
+++ trunk/JSTests/stress/string-prototype-scopes-global-lexical-environment.js 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -0,0 +1,13 @@
</span><ins>+function shouldBe(actual, expected) {
+ if (actual !== expected)
+ throw new Error('bad value: ' + actual);
+}
+
+var error = null;
+let charAt = String.prototype.charAt;
+try {
+ charAt();
+} catch (e) {
+ error = e;
+}
+shouldBe(String(error), `TypeError: Type error`);
</ins></span></pre></div>
<a id="trunkJSTestsstressstringprototypescopesstrictjs"></a>
<div class="addfile"><h4>Added: trunk/JSTests/stress/string-prototype-scopes-strict.js (0 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/stress/string-prototype-scopes-strict.js (rev 0)
+++ trunk/JSTests/stress/string-prototype-scopes-strict.js 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -0,0 +1,51 @@
</span><ins>+"use strict";
+
+function shouldBe(actual, expected) {
+ if (actual !== expected)
+ throw new Error('bad value: ' + actual);
+}
+
+var error = null;
+try {
+ eval(`
+ var charAt = String.prototype.charAt;
+ charAt();
+ `);
+} catch (e) {
+ error = e;
+}
+shouldBe(String(error), `TypeError: Type error`);
+
+var error = null;
+try {
+ var charAt = String.prototype.charAt;
+ charAt();
+} catch (e) {
+ error = e;
+}
+shouldBe(String(error), `TypeError: Type error`);
+
+var error = null;
+try {
+ let charAt = String.prototype.charAt;
+ charAt();
+ function refer() { charAt; }
+} catch (e) {
+ error = e;
+}
+shouldBe(String(error), `TypeError: Type error`);
+
+(function () {
+ var error = null;
+ var ok = 42;
+ try {
+ var charAt = String.prototype.charAt;
+ charAt();
+ } catch (e) {
+ error = e;
+ }
+
+ function refer() { charAt; } // Refer the charAt variable.
+ shouldBe(String(error), `TypeError: Type error`);
+ return ok;
+}());
</ins></span></pre></div>
<a id="trunkJSTestsstressstringprototypescopesjs"></a>
<div class="addfile"><h4>Added: trunk/JSTests/stress/string-prototype-scopes.js (0 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/stress/string-prototype-scopes.js (rev 0)
+++ trunk/JSTests/stress/string-prototype-scopes.js 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -0,0 +1,54 @@
</span><ins>+function shouldBe(actual, expected) {
+ if (actual !== expected)
+ throw new Error('bad value: ' + actual);
+}
+
+var error = null;
+try {
+ eval(`
+ var charAt = String.prototype.charAt;
+ charAt();
+ `);
+} catch (e) {
+ error = e;
+}
+shouldBe(String(error), `TypeError: Type error`);
+
+var error = null;
+try {
+ var charAt = String.prototype.charAt;
+ charAt();
+} catch (e) {
+ error = e;
+}
+shouldBe(String(error), `TypeError: Type error`);
+
+var error = null;
+try {
+ let charAt = String.prototype.charAt;
+ charAt();
+ function refer() { charAt; }
+} catch (e) {
+ error = e;
+}
+shouldBe(String(error), `TypeError: Type error`);
+
+(function () {
+ var error = null;
+ var ok = 42;
+ try {
+ var charAt = String.prototype.charAt;
+ charAt();
+ } catch (e) {
+ error = e;
+ }
+
+ function refer() { charAt; } // Refer the charAt variable.
+ shouldBe(String(error), `TypeError: Type error`);
+ return ok;
+}());
+
+var object = { __proto__: String.prototype, toString() { return "Cocoa"; } };
+with (object) {
+ shouldBe(charAt(0), `C`);
+}
</ins></span></pre></div>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (207651 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/LayoutTests/ChangeLog 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -1,3 +1,19 @@
</span><ins>+2016-10-20 Yusuke Suzuki <utatane.tea@gmail.com>
+
+ [JSC] Drop isEnvironmentRecord type info flag and use JSType information instead
+ https://bugs.webkit.org/show_bug.cgi?id=163761
+
+ Reviewed by Keith Miller.
+
+ * js/dom/script-tests/string-prototype-scopes-in-workers.js: Added.
+ (catch):
+ * js/dom/script-tests/string-prototype-scopes.js: Added.
+ (catch):
+ * js/dom/string-prototype-scopes-expected.txt: Added.
+ * js/dom/string-prototype-scopes-in-workers-expected.txt: Added.
+ * js/dom/string-prototype-scopes-in-workers.html: Added.
+ * js/dom/string-prototype-scopes.html: Added.
+
</ins><span class="cx"> 2016-10-20 Myles C. Maxfield <mmaxfield@apple.com>
</span><span class="cx">
</span><span class="cx"> Implement WebGL2 bufferData() and bufferSubData() methods
</span></span></pre></div>
<a id="trunkLayoutTestsjsdomscripttestsstringprototypescopesinworkersjs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/dom/script-tests/string-prototype-scopes-in-workers.js (0 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/script-tests/string-prototype-scopes-in-workers.js (rev 0)
+++ trunk/LayoutTests/js/dom/script-tests/string-prototype-scopes-in-workers.js 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -0,0 +1,16 @@
</span><ins>+importScripts('../../../resources/js-test-pre.js');
+
+description("This test checks whether String.prototype methods correctly handle |this| if |this| becomes worker global scope.");
+
+var global = this;
+global.jsTestIsAsync = true;
+
+var error = null;
+try {
+ var charAt = String.prototype.charAt;
+ charAt();
+} catch (e) {
+ error = e;
+}
+shouldBe(`String(error)`, `"TypeError: Type error"`);
+finishJSTest();
</ins></span></pre></div>
<a id="trunkLayoutTestsjsdomscripttestsstringprototypescopesjs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/dom/script-tests/string-prototype-scopes.js (0 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/script-tests/string-prototype-scopes.js (rev 0)
+++ trunk/LayoutTests/js/dom/script-tests/string-prototype-scopes.js 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+description("This test checks whether String.prototype methods correctly handle |this| if |this| becomes window.");
+
+var error = null;
+try {
+ var charAt = String.prototype.charAt;
+ charAt();
+} catch (e) {
+ error = e;
+}
+shouldBe(`String(error)`, `"TypeError: Type error"`);
</ins></span></pre></div>
<a id="trunkLayoutTestsjsdomstringprototypescopesexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/dom/string-prototype-scopes-expected.txt (0 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/string-prototype-scopes-expected.txt (rev 0)
+++ trunk/LayoutTests/js/dom/string-prototype-scopes-expected.txt 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+This test checks whether String.prototype methods correctly handle |this| if |this| becomes window.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS String(error) is "TypeError: Type error"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsdomstringprototypescopesinworkersexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/dom/string-prototype-scopes-in-workers-expected.txt (0 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/string-prototype-scopes-in-workers-expected.txt (rev 0)
+++ trunk/LayoutTests/js/dom/string-prototype-scopes-in-workers-expected.txt 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+[Worker] This test checks whether String.prototype methods correctly handle |this| if |this| becomes worker global scope.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+Starting worker: ./script-tests/string-prototype-scopes-in-workers.js
+PASS [Worker] String(error) is "TypeError: Type error"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsdomstringprototypescopesinworkershtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/dom/string-prototype-scopes-in-workers.html (0 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/string-prototype-scopes-in-workers.html (rev 0)
+++ trunk/LayoutTests/js/dom/string-prototype-scopes-in-workers.html 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -0,0 +1,14 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script>
+worker = startWorker('./script-tests/string-prototype-scopes-in-workers.js');
+</script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsdomstringprototypescopeshtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/dom/string-prototype-scopes.html (0 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/string-prototype-scopes.html (rev 0)
+++ trunk/LayoutTests/js/dom/string-prototype-scopes.html 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="script-tests/string-prototype-scopes.js"></script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (207651 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/Source/JavaScriptCore/ChangeLog 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -1,3 +1,45 @@
</span><ins>+2016-10-20 Yusuke Suzuki <utatane.tea@gmail.com>
+
+ [JSC] Drop isEnvironmentRecord type info flag and use JSType information instead
+ https://bugs.webkit.org/show_bug.cgi?id=163761
+
+ Reviewed by Keith Miller.
+
+ When we call a function in the following form,
+
+ var charAt = String.prototype.charAt;
+ charAt(); // |this| becomes the global object.
+
+ we should see |this| as undefined/null. In StringPrototype.cpp,
+ we use IsEnvironmentRecord type info flag to check whther the
+ given |this| is an environment record.
+ However, type info flag is precious thing and only StringPrototype.cpp
+ uses IsEnvironmentRecord. In addition to that, JSType should
+ already knows whether the given object is an environment record.
+ So IsEnvironmentRecord type info flag should be dropped.
+
+ This patch adds a new JSType, StrictEvalActivation. And we add a new
+ method JSObject::isEnvironmentRecord(). This method uses JSType to
+ return the result. And we drop IsEnvironmentRecord type info flag.
+ This patch makes a room for putting one bit flag to the out of line
+ type info flag. Previously, it is already exhausted.
+
+ * llint/LLIntData.cpp:
+ (JSC::LLInt::Data::performAssertions):
+ * llint/LowLevelInterpreter.asm:
+ * runtime/JSObject.h:
+ (JSC::JSObject::isStrictEvalActivation):
+ (JSC::JSObject::isEnvironmentRecord):
+ * runtime/JSSymbolTableObject.h:
+ * runtime/JSType.h:
+ * runtime/JSTypeInfo.h:
+ (JSC::TypeInfo::newImpurePropertyFiresWatchpoints):
+ (JSC::TypeInfo::isEnvironmentRecord): Deleted.
+ * runtime/StrictEvalActivation.h:
+ (JSC::StrictEvalActivation::createStructure):
+ * runtime/StringPrototype.cpp:
+ (JSC::checkObjectCoercible):
+
</ins><span class="cx"> 2016-10-20 JF Bastien <jfbastien@apple.com>
</span><span class="cx">
</span><span class="cx"> WebAssembly API: implement exception constructors properly
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorellintLLIntDatacpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/llint/LLIntData.cpp (207651 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/llint/LLIntData.cpp 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/Source/JavaScriptCore/llint/LLIntData.cpp 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -161,7 +161,7 @@
</span><span class="cx"> STATIC_ASSERT(JSFunctionType == 23);
</span><span class="cx"> STATIC_ASSERT(ArrayType == 31);
</span><span class="cx"> STATIC_ASSERT(DerivedArrayType == 32);
</span><del>- STATIC_ASSERT(ProxyObjectType == 49);
</del><ins>+ STATIC_ASSERT(ProxyObjectType == 50);
</ins><span class="cx"> STATIC_ASSERT(Int8ArrayType == 33);
</span><span class="cx"> STATIC_ASSERT(Int16ArrayType == 34);
</span><span class="cx"> STATIC_ASSERT(Int32ArrayType == 35);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorellintLowLevelInterpreterasm"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm (207651 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -350,7 +350,7 @@
</span><span class="cx"> const JSFunctionType = 23
</span><span class="cx"> const ArrayType = 31
</span><span class="cx"> const DerivedArrayType = 32
</span><del>-const ProxyObjectType = 49
</del><ins>+const ProxyObjectType = 50
</ins><span class="cx">
</span><span class="cx"> # The typed array types need to be numbered in a particular order because of the manually written
</span><span class="cx"> # switch statement in get_by_val and put_by_val.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSObjecth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSObject.h (207651 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSObject.h 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/Source/JavaScriptCore/runtime/JSObject.h 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -706,12 +706,15 @@
</span><span class="cx">
</span><span class="cx"> JS_EXPORT_PRIVATE static bool defineOwnProperty(JSObject*, ExecState*, PropertyName, const PropertyDescriptor&, bool shouldThrow);
</span><span class="cx">
</span><ins>+ bool isEnvironmentRecord() const;
</ins><span class="cx"> bool isGlobalObject() const;
</span><span class="cx"> bool isJSLexicalEnvironment() const;
</span><span class="cx"> bool isGlobalLexicalEnvironment() const;
</span><del>- bool isErrorInstance() const;
</del><ins>+ bool isStrictEvalActivation() const;
</ins><span class="cx"> bool isWithScope() const;
</span><span class="cx">
</span><ins>+ bool isErrorInstance() const;
+
</ins><span class="cx"> JS_EXPORT_PRIVATE void seal(VM&);
</span><span class="cx"> JS_EXPORT_PRIVATE void freeze(VM&);
</span><span class="cx"> JS_EXPORT_PRIVATE static bool preventExtensions(JSObject*, ExecState*);
</span><span class="lines">@@ -1175,6 +1178,18 @@
</span><span class="cx"> return type() == GlobalLexicalEnvironmentType;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+inline bool JSObject::isStrictEvalActivation() const
+{
+ return type() == StrictEvalActivationType;
+}
+
+inline bool JSObject::isEnvironmentRecord() const
+{
+ bool result = GlobalObjectType <= type() && type() <= StrictEvalActivationType;
+ ASSERT((isGlobalObject() || isJSLexicalEnvironment() || isGlobalLexicalEnvironment() || isStrictEvalActivation()) == result);
+ return result;
+}
+
</ins><span class="cx"> inline bool JSObject::isErrorInstance() const
</span><span class="cx"> {
</span><span class="cx"> return type() == ErrorInstanceType;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSSymbolTableObjecth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSSymbolTableObject.h (207651 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSSymbolTableObject.h 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/Source/JavaScriptCore/runtime/JSSymbolTableObject.h 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -39,7 +39,7 @@
</span><span class="cx"> class JSSymbolTableObject : public JSScope {
</span><span class="cx"> public:
</span><span class="cx"> typedef JSScope Base;
</span><del>- static const unsigned StructureFlags = Base::StructureFlags | IsEnvironmentRecord | OverridesGetPropertyNames;
</del><ins>+ static const unsigned StructureFlags = Base::StructureFlags | OverridesGetPropertyNames;
</ins><span class="cx">
</span><span class="cx"> SymbolTable* symbolTable() const { return m_symbolTable.get(); }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSTypeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSType.h (207651 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSType.h 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/Source/JavaScriptCore/runtime/JSType.h 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -77,10 +77,15 @@
</span><span class="cx"> DataViewType,
</span><span class="cx">
</span><span class="cx"> GetterSetterType,
</span><ins>+
+ // Start environment record types.
</ins><span class="cx"> GlobalObjectType,
</span><span class="cx"> LexicalEnvironmentType,
</span><span class="cx"> GlobalLexicalEnvironmentType,
</span><span class="cx"> ModuleEnvironmentType,
</span><ins>+ StrictEvalActivationType,
+ // End environment record types.
+
</ins><span class="cx"> RegExpObjectType,
</span><span class="cx"> ProxyObjectType,
</span><span class="cx"> JSMapType,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSTypeInfoh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSTypeInfo.h (207651 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSTypeInfo.h 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/Source/JavaScriptCore/runtime/JSTypeInfo.h 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -48,7 +48,6 @@
</span><span class="cx"> static const unsigned ProhibitsPropertyCaching = 1 << 10;
</span><span class="cx"> static const unsigned GetOwnPropertySlotIsImpure = 1 << 11;
</span><span class="cx"> static const unsigned NewImpurePropertyFiresWatchpoints = 1 << 12;
</span><del>-static const unsigned IsEnvironmentRecord = 1 << 13;
</del><span class="cx"> static const unsigned GetOwnPropertySlotIsImpureForPropertyAbsence = 1 << 14;
</span><span class="cx"> static const unsigned InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero = 1 << 15;
</span><span class="cx">
</span><span class="lines">@@ -90,7 +89,6 @@
</span><span class="cx"> bool getOwnPropertySlotIsImpure() const { return isSetOnFlags2(GetOwnPropertySlotIsImpure); }
</span><span class="cx"> bool getOwnPropertySlotIsImpureForPropertyAbsence() const { return isSetOnFlags2(GetOwnPropertySlotIsImpureForPropertyAbsence); }
</span><span class="cx"> bool newImpurePropertyFiresWatchpoints() const { return isSetOnFlags2(NewImpurePropertyFiresWatchpoints); }
</span><del>- bool isEnvironmentRecord() const { return isSetOnFlags2(IsEnvironmentRecord); }
</del><span class="cx"> bool interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero() const { return isSetOnFlags2(InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero); }
</span><span class="cx">
</span><span class="cx"> static ptrdiff_t flagsOffset()
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeStrictEvalActivationh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/StrictEvalActivation.h (207651 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/StrictEvalActivation.h 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/Source/JavaScriptCore/runtime/StrictEvalActivation.h 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -32,7 +32,7 @@
</span><span class="cx"> class StrictEvalActivation : public JSScope {
</span><span class="cx"> public:
</span><span class="cx"> typedef JSScope Base;
</span><del>- static const unsigned StructureFlags = Base::StructureFlags | IsEnvironmentRecord | OverridesToThis;
</del><ins>+ static const unsigned StructureFlags = Base::StructureFlags | OverridesToThis;
</ins><span class="cx">
</span><span class="cx"> static StrictEvalActivation* create(ExecState* exec, JSScope* currentScope)
</span><span class="cx"> {
</span><span class="lines">@@ -46,7 +46,7 @@
</span><span class="cx">
</span><span class="cx"> static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
</span><span class="cx"> {
</span><del>- return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
</del><ins>+ return Structure::create(vm, globalObject, prototype, TypeInfo(StrictEvalActivationType, StructureFlags), info());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> DECLARE_INFO;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeStringPrototypecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/StringPrototype.cpp (207651 => 207652)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/StringPrototype.cpp 2016-10-21 01:27:02 UTC (rev 207651)
+++ trunk/Source/JavaScriptCore/runtime/StringPrototype.cpp 2016-10-21 01:33:14 UTC (rev 207652)
</span><span class="lines">@@ -746,7 +746,7 @@
</span><span class="cx"> if (thisValue.isUndefinedOrNull())
</span><span class="cx"> return false;
</span><span class="cx">
</span><del>- if (thisValue.isCell() && thisValue.asCell()->structure()->typeInfo().isEnvironmentRecord())
</del><ins>+ if (thisValue.isObject() && asObject(thisValue)->isEnvironmentRecord())
</ins><span class="cx"> return false;
</span><span class="cx">
</span><span class="cx"> return true;
</span></span></pre>
</div>
</div>
</body>
</html>