Diff
Modified: trunk/JSTests/ChangeLog (267563 => 267564)
--- trunk/JSTests/ChangeLog 2020-09-25 11:48:58 UTC (rev 267563)
+++ trunk/JSTests/ChangeLog 2020-09-25 11:51:33 UTC (rev 267564)
@@ -1,5 +1,14 @@
2020-09-25 Alexey Shvayka <[email protected]>
+ DataView instances should not have own "byteLength" and "byteOffset" properties
+ https://bugs.webkit.org/show_bug.cgi?id=149906
+
+ Reviewed by Ross Kirsling.
+
+ * stress/dataview-no-own-properties.js: Added.
+
+2020-09-25 Alexey Shvayka <[email protected]>
+
REGRESSION (r267514): mozilla-tests.yaml/js1_5/Array/regress-157652.js.mozilla* timing out
https://bugs.webkit.org/show_bug.cgi?id=216955
Added: trunk/JSTests/stress/dataview-no-own-properties.js (0 => 267564)
--- trunk/JSTests/stress/dataview-no-own-properties.js (rev 0)
+++ trunk/JSTests/stress/dataview-no-own-properties.js 2020-09-25 11:51:33 UTC (rev 267564)
@@ -0,0 +1,25 @@
+"use strict";
+
+function assert(condition) {
+ if (!condition)
+ throw new Error("Bad assertion");
+}
+
+function makeDataView() {
+ var buffer = new ArrayBuffer(4);
+ return new DataView(buffer);
+}
+
+for (var i = 0; i < 1e3; ++i) {
+ assert(delete makeDataView().byteLength);
+ assert(delete makeDataView().byteOffset);
+ assert(Reflect.ownKeys(makeDataView()).length === 0);
+
+ var dv1 = makeDataView();
+ Object.defineProperty(dv1, "byteLength", {value: 1});
+ assert(dv1.byteLength === 1);
+
+ var dv2 = makeDataView();
+ Object.defineProperty(dv2, "byteOffset", {value: 2});
+ assert(dv2.byteOffset === 2);
+}
Modified: trunk/LayoutTests/ChangeLog (267563 => 267564)
--- trunk/LayoutTests/ChangeLog 2020-09-25 11:48:58 UTC (rev 267563)
+++ trunk/LayoutTests/ChangeLog 2020-09-25 11:51:33 UTC (rev 267564)
@@ -1,3 +1,12 @@
+2020-09-25 Alexey Shvayka <[email protected]>
+
+ DataView instances should not have own "byteLength" and "byteOffset" properties
+ https://bugs.webkit.org/show_bug.cgi?id=149906
+
+ Reviewed by Ross Kirsling.
+
+ * inspector/model/remote-object/object-expected.txt:
+
2020-09-25 Antti Koivisto <[email protected]>
[LFC][Integration] Enable on Apple Windows port
Modified: trunk/LayoutTests/inspector/model/remote-object/object-expected.txt (267563 => 267564)
--- trunk/LayoutTests/inspector/model/remote-object/object-expected.txt 2020-09-25 11:48:58 UTC (rev 267563)
+++ trunk/LayoutTests/inspector/model/remote-object/object-expected.txt 2020-09-25 11:51:33 UTC (rev 267564)
@@ -310,9 +310,9 @@
"_overflow": false,
"_properties": [
{
- "_name": "byteOffset",
- "_type": "number",
- "_value": "0"
+ "_name": "buffer",
+ "_type": "object",
+ "_value": "ArrayBuffer"
},
{
"_name": "byteLength",
@@ -320,9 +320,9 @@
"_value": "16"
},
{
- "_name": "buffer",
- "_type": "object",
- "_value": "ArrayBuffer"
+ "_name": "byteOffset",
+ "_type": "number",
+ "_value": "0"
}
],
"_entries": null
Modified: trunk/Source/_javascript_Core/ChangeLog (267563 => 267564)
--- trunk/Source/_javascript_Core/ChangeLog 2020-09-25 11:48:58 UTC (rev 267563)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-09-25 11:51:33 UTC (rev 267564)
@@ -1,3 +1,28 @@
+2020-09-25 Alexey Shvayka <[email protected]>
+
+ DataView instances should not have own "byteLength" and "byteOffset" properties
+ https://bugs.webkit.org/show_bug.cgi?id=149906
+
+ Reviewed by Ross Kirsling.
+
+ Following JSDataView::getOwnPropertySlot() deletion in r266529, this patch
+ removes related method overrides that incorrectly reported "byteLength" and
+ "byteOffset" as own properties of DataView instances [1].
+
+ This change brings DataView objects in compliance with invariants of internal
+ methods [2] and aligns JSC with V8 and SpiderMonkey.
+ DataView microbenchmarks are neutral.
+
+ [1]: https://tc39.es/ecma262/#sec-properties-of-dataview-instances
+ [2]: https://tc39.es/ecma262/#sec-invariants-of-the-essential-internal-methods
+
+ * runtime/JSDataView.cpp:
+ (JSC::JSDataView::put): Deleted.
+ (JSC::JSDataView::defineOwnProperty): Deleted.
+ (JSC::JSDataView::deleteProperty): Deleted.
+ (JSC::JSDataView::getOwnNonIndexPropertyNames): Deleted.
+ * runtime/JSDataView.h:
+
2020-09-25 Adrian Perez de Castro <[email protected]>
Non-unified build fixes, late September 2020 edition
Modified: trunk/Source/_javascript_Core/runtime/JSDataView.cpp (267563 => 267564)
--- trunk/Source/_javascript_Core/runtime/JSDataView.cpp 2020-09-25 11:48:58 UTC (rev 267563)
+++ trunk/Source/_javascript_Core/runtime/JSDataView.cpp 2020-09-25 11:51:33 UTC (rev 267564)
@@ -104,64 +104,6 @@
return DataView::create(unsharedBuffer(), byteOffset(), length());
}
-bool JSDataView::put(
- JSCell* cell, JSGlobalObject* globalObject, PropertyName propertyName, JSValue value,
- PutPropertySlot& slot)
-{
- VM& vm = globalObject->vm();
- auto scope = DECLARE_THROW_SCOPE(vm);
- JSDataView* thisObject = jsCast<JSDataView*>(cell);
-
- if (UNLIKELY(isThisValueAltered(slot, thisObject)))
- RELEASE_AND_RETURN(scope, ordinarySetSlow(globalObject, thisObject, propertyName, value, slot.thisValue(), slot.isStrictMode()));
-
- if (propertyName == vm.propertyNames->byteLength
- || propertyName == vm.propertyNames->byteOffset)
- return typeError(globalObject, scope, slot.isStrictMode(), "Attempting to write to read-only typed array property."_s);
-
- RELEASE_AND_RETURN(scope, Base::put(thisObject, globalObject, propertyName, value, slot));
-}
-
-bool JSDataView::defineOwnProperty(
- JSObject* object, JSGlobalObject* globalObject, PropertyName propertyName,
- const PropertyDescriptor& descriptor, bool shouldThrow)
-{
- VM& vm = globalObject->vm();
- auto scope = DECLARE_THROW_SCOPE(vm);
- JSDataView* thisObject = jsCast<JSDataView*>(object);
- if (propertyName == vm.propertyNames->byteLength
- || propertyName == vm.propertyNames->byteOffset)
- return typeError(globalObject, scope, shouldThrow, "Attempting to define read-only typed array property."_s);
-
- RELEASE_AND_RETURN(scope, Base::defineOwnProperty(thisObject, globalObject, propertyName, descriptor, shouldThrow));
-}
-
-bool JSDataView::deleteProperty(
- JSCell* cell, JSGlobalObject* globalObject, PropertyName propertyName, DeletePropertySlot& slot)
-{
- VM& vm = globalObject->vm();
- JSDataView* thisObject = jsCast<JSDataView*>(cell);
- if (propertyName == vm.propertyNames->byteLength
- || propertyName == vm.propertyNames->byteOffset)
- return false;
-
- return Base::deleteProperty(thisObject, globalObject, propertyName, slot);
-}
-
-void JSDataView::getOwnNonIndexPropertyNames(
- JSObject* object, JSGlobalObject* globalObject, PropertyNameArray& array, EnumerationMode mode)
-{
- VM& vm = globalObject->vm();
- JSDataView* thisObject = jsCast<JSDataView*>(object);
-
- if (mode.includeDontEnumProperties()) {
- array.add(vm.propertyNames->byteOffset);
- array.add(vm.propertyNames->byteLength);
- }
-
- Base::getOwnNonIndexPropertyNames(thisObject, globalObject, array, mode);
-}
-
Structure* JSDataView::createStructure(
VM& vm, JSGlobalObject* globalObject, JSValue prototype)
{
Modified: trunk/Source/_javascript_Core/runtime/JSDataView.h (267563 => 267564)
--- trunk/Source/_javascript_Core/runtime/JSDataView.h 2020-09-25 11:48:58 UTC (rev 267563)
+++ trunk/Source/_javascript_Core/runtime/JSDataView.h 2020-09-25 11:51:33 UTC (rev 267564)
@@ -33,7 +33,7 @@
class JSDataView final : public JSArrayBufferView {
public:
using Base = JSArrayBufferView;
- static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesAnyFormOfGetPropertyNames;
+ static constexpr unsigned StructureFlags = Base::StructureFlags;
static constexpr unsigned elementSize = 1;
@@ -73,12 +73,6 @@
private:
JSDataView(VM&, ConstructionContext&, ArrayBuffer*);
- static bool put(JSCell*, JSGlobalObject*, PropertyName, JSValue, PutPropertySlot&);
- static bool defineOwnProperty(JSObject*, JSGlobalObject*, PropertyName, const PropertyDescriptor&, bool shouldThrow);
- static bool deleteProperty(JSCell*, JSGlobalObject*, PropertyName, DeletePropertySlot&);
-
- static void getOwnNonIndexPropertyNames(JSObject*, JSGlobalObject*, PropertyNameArray&, EnumerationMode);
-
ArrayBuffer* m_buffer;
};
