[webkit-changes] [WebKit/WebKit] ea7efa: [JSC] Expose error messages from ShadowRealms to o...

2023-01-04 Thread caitp 
  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: ea7efa2f7f885f2dc5d0dea65d185fb9974cbf58
  
https://github.com/WebKit/WebKit/commit/ea7efa2f7f885f2dc5d0dea65d185fb9974cbf58
  Author: Caitlin Potter 
  Date:   2023-01-04 (Wed, 04 Jan 2023)

  Changed paths:
M JSTests/stress/shadow-realm-evaluate.js
M Source/JavaScriptCore/runtime/Error.cpp
M Source/JavaScriptCore/runtime/Error.h
M Source/JavaScriptCore/runtime/ShadowRealmPrototype.cpp

  Log Message:
  ---
  [JSC] Expose error messages from ShadowRealms to outer realm
https://bugs.webkit.org/show_bug.cgi?id=249324

Reviewed by Yusuke Suzuki.

This adds stuff from a yet unmerged spec change from 
https://github.com/tc39/proposal-shadowrealm/pull/382.

This particular implementation only concerns itself with converting a
primitive exception to a String and using that as the TypeError message,
or else accessing the own "message" property of an object and using
that, which is sufficient to inherit messages from a native Error.

A more robust approach could attempt to load "message" from the
prototype chain, and could incorporate some limited source information
from the source error into the new error message.

Canonical link: https://commits.webkit.org/258438@main


___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [295459] trunk/Source

2022-06-10 Thread caitp 
Title: [295459] trunk/Source








Revision 295459
Author ca...@igalia.com
Date 2022-06-10 12:01:43 -0700 (Fri, 10 Jun 2022)


Log Message
[Shadow Realms] Add feature flag to enable Exposed=* web APIs in ShadowRealms
https://bugs.webkit.org/show_bug.cgi?id=241448

Reviewed by Yusuke Suzuki.

No longer expose Web APIs to ShadowRealm by default. Instead, we
enable this with a new setting WebAPIsInShadowRealmEnabled.

Because the HTML integration aspect of the specification is still in the
air, it's prudent to disable it by default, while still providing a
feature flag for web-platform-tests.

* Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml:
* Source/WebCore/bindings/js/WebCoreBuiltinNames.h:
* Source/WebCore/bindings/scripts/preprocess-idls.pl:
(GenerateConstructorAttributes):
* Source/WebCore/bindings/scripts/test/JS/JSShadowRealmGlobalScope.cpp:
(WebCore::JSShadowRealmGlobalScope::finishCreation):
* Source/WebCore/bindings/scripts/test/ShadowRealmGlobalScopeConstructors.idl:

Canonical link: https://commits.webkit.org/251465@main

Modified Paths

trunk/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml
trunk/Source/WebCore/bindings/js/WebCoreBuiltinNames.h
trunk/Source/WebCore/bindings/scripts/preprocess-idls.pl
trunk/Source/WebCore/bindings/scripts/test/JS/JSShadowRealmGlobalScope.cpp
trunk/Source/WebCore/bindings/scripts/test/ShadowRealmGlobalScopeConstructors.idl




Diff

Modified: trunk/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml (295458 => 295459)

--- trunk/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml	2022-06-10 18:50:09 UTC (rev 295458)
+++ trunk/Source/WTF/Scripts/Preferences/WebPreferencesExperimental.yaml	2022-06-10 19:01:43 UTC (rev 295459)
@@ -1564,6 +1564,18 @@
 WebKit:
   default: true
 
+WebAPIsInShadowRealmEnabled:
+  type: bool
+  humanReadableName: "Web APIs in ShadowRealm"
+  humanReadableDescription: "Enable Web APIs to be exposed in ShadowRealm"
+  defaultValue:
+WebKitLegacy:
+  default: false
+WebKit:
+  default: false
+WebCore:
+  default: false
+
 WebAnimationsCompositeOperationsEnabled:
   type: bool
   humanReadableName: "Web Animations composite operations"


Modified: trunk/Source/WebCore/bindings/js/WebCoreBuiltinNames.h (295458 => 295459)

--- trunk/Source/WebCore/bindings/js/WebCoreBuiltinNames.h	2022-06-10 18:50:09 UTC (rev 295458)
+++ trunk/Source/WebCore/bindings/js/WebCoreBuiltinNames.h	2022-06-10 19:01:43 UTC (rev 295459)
@@ -39,6 +39,25 @@
 #define WEBCORE_ADDITIONAL_PRIVATE_IDENTIFIERS(macro)
 #endif
 
+#if !defined(WEBCORE_COMMON_PRIVATE_IDENTIFIERS_FOR_SHADOWREALM_EACH_PROPERTY_NAME)
+// Dom APIs exposed to ShadowRealm are temporarily enabled via the WebAPIsInShadowRealmEnabled
+// experimental feature. When this is resolved, these can be deleted.
+#define WEBCORE_COMMON_PRIVATE_IDENTIFIERS_FOR_SHADOWREALM_EACH_PROPERTY_NAME(macro) \
+macro(AbortController) \
+macro(ByteLengthQueuingStrategy) \
+macro(CountQueuingStrategy) \
+macro(CustomEvent) \
+macro(ErrorEvent) \
+macro(Event) \
+macro(EventTarget) \
+macro(Performance) \
+macro(PromiseRejectionEvent) \
+macro(TextDecoder) \
+macro(TextEncoder) \
+macro(URL) \
+macro(URLSearchParams)
+#endif
+
 #define WEBCORE_COMMON_PRIVATE_IDENTIFIERS_EACH_PROPERTY_NAME(macro) \
 macro(AbortSignal) \
 macro(AbstractRange) \
@@ -608,6 +627,7 @@
 macro(pendingAbortRequest) \
 macro(writeRequests) \
 WEBCORE_ADDITIONAL_PRIVATE_IDENTIFIERS(macro) \
+WEBCORE_COMMON_PRIVATE_IDENTIFIERS_FOR_SHADOWREALM_EACH_PROPERTY_NAME(macro) \
 
 class WebCoreBuiltinNames {
 public:


Modified: trunk/Source/WebCore/bindings/scripts/preprocess-idls.pl (295458 => 295459)

--- trunk/Source/WebCore/bindings/scripts/preprocess-idls.pl	2022-06-10 18:50:09 UTC (rev 295458)
+++ trunk/Source/WebCore/bindings/scripts/preprocess-idls.pl	2022-06-10 19:01:43 UTC (rev 295459)
@@ -501,6 +501,15 @@
   $extendedAttributes->{"Conditional"} = $existingConditional;
 }
 
+if ($globalContext eq "ShadowRealm" && $extendedAttributes->{"Exposed"} eq "*") {
+my $enabledBySetting = "WebAPIsInShadowRealmEnabled";
+my $existingEnabledBySetting = $extendedAttributes->{"EnabledBySetting"};
+if ($existingEnabledBySetting) {
+$enabledBySetting .= "&" . $existingEnabledBySetting;
+}
+$extendedAttributes->{"EnabledBySetting"} = $enabledBySetting;
+}
+
 my $code = "";
 my @extendedAttributesList;
 foreach my $attributeName (sort keys %{$extendedAttributes}) {


Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSShadowRealmGlobalScope.cpp (295458 => 295459)

--- trunk/Source/WebCore/bindings/scripts/test/JS/JSShadowRealmGlobalScope.cpp	2022-06-10 18:50:09 UTC (rev 295458)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSShadowRealmGlobalScope.cpp	2022-06-10 19:01:43 UTC (rev 295459)
@@ -59,22 +59,18 @@
 
 /* Hash

[webkit-changes] [292895] trunk

2022-04-14 Thread caitp 
Title: [292895] trunk








Revision 292895
Author ca...@igalia.com
Date 2022-04-14 16:39:06 -0700 (Thu, 14 Apr 2022)


Log Message
[JSC] ShadowRealm global object has a mutable prototype
https://bugs.webkit.org/show_bug.cgi?id=239332

Reviewed by Yusuke Suzuki.

JSTests:

* stress/shadow-realm-globalThis-mutable-prototype.js: Added.

Source/_javascript_Core:

This patch circumvents the `ASSERT(toThis() == this)` in JSObject::setPrototypeWithCycleCheck()
when `this` is a GlobalObject. Ordinarily, GlobalObjects have the IsImmutablePrototypeExoticObject
bit set and miss this pathway, however this is not the case for ShadowRealm Global Objects.

In addition, the JSC internal version is also modified to have a mutable prototype in the same way
as in WebCore.

* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::deriveShadowRealmGlobalObject):
(JSC::JSGlobalObject::createStructureForShadowRealm):
* runtime/JSObject.cpp:
(JSC::JSObject::setPrototypeWithCycleCheck):

Source/WebCore:

Hack: The IDL code generator now special cases ShadowRealmGlobalObject to remove the
ImmutablePrototypeExoticObject bit from the inherited JSGlobalObject structure flags.

As a result, this enables the assignment of a ShadowRealm's globalThis.__proto__, or
overwriting the prototype with [Object / Reflect].setPrototypeOf().

Test: js/ShadowRealm-globalThis.html

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
* bindings/scripts/test/JS/JSShadowRealmGlobalScope.h:

LayoutTests:

Add a new layout test to verify changes to verify that ShadowRealmGlobalObject has a properly
mutable prototype.

* js/ShadowRealm-globalThis-expected.txt: Added.
* js/ShadowRealm-globalThis.html: Added.

Modified Paths

trunk/JSTests/ChangeLog
trunk/LayoutTests/ChangeLog
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/runtime/JSGlobalObject.h
trunk/Source/_javascript_Core/runtime/JSObject.cpp
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
trunk/Source/WebCore/bindings/scripts/test/JS/JSShadowRealmGlobalScope.h


Added Paths

trunk/JSTests/stress/shadow-realm-globalThis-mutable-prototype.js
trunk/LayoutTests/js/ShadowRealm-globalThis-expected.txt
trunk/LayoutTests/js/ShadowRealm-globalThis.html




Diff

Modified: trunk/JSTests/ChangeLog (292894 => 292895)

--- trunk/JSTests/ChangeLog	2022-04-14 23:36:49 UTC (rev 292894)
+++ trunk/JSTests/ChangeLog	2022-04-14 23:39:06 UTC (rev 292895)
@@ -1,3 +1,12 @@
+2022-04-14  Caitlin Potter  
+
+[JSC] ShadowRealm global object has a mutable prototype
+https://bugs.webkit.org/show_bug.cgi?id=239332
+
+Reviewed by Yusuke Suzuki.
+
+* stress/shadow-realm-globalThis-mutable-prototype.js: Added.
+
 2022-04-14  Alexey Shvayka  
 
 InternalFunction::createSubclassStructure() should use base object's global object


Added: trunk/JSTests/stress/shadow-realm-globalThis-mutable-prototype.js (0 => 292895)

--- trunk/JSTests/stress/shadow-realm-globalThis-mutable-prototype.js	(rev 0)
+++ trunk/JSTests/stress/shadow-realm-globalThis-mutable-prototype.js	2022-04-14 23:39:06 UTC (rev 292895)
@@ -0,0 +1,39 @@
+//@ requireOptions("--useShadowRealm=1")
+
+let sr = new ShadowRealm;
+
+let install = sr.evaluate(`
+(function(name, fn) {
+  globalThis[name] = fn;
+})
+`);
+
+let log = function(...args) {
+  let string = args.join(" ");
+  print(string);
+  return string;
+};
+install("log", log);
+
+// Test that the GlobalObject prototype is not immutable, 
+let MAX_ITER = 1;
+sr.evaluate(`
+  var i = 1;
+  function test() {
+globalThis.__proto__ = { x: i++ };
+  }
+  for (let i = 0; i < ${MAX_ITER}; ++i) {
+try {
+  test();
+  if (globalThis.x !== i + 1)
+throw new Error(\`Prototype not written successfully (Expected globalThis.x === \${i + 1}, but found \${globalThis.x})\`);
+} catch (e) {
+  log(\`\${e}\`);
+  throw e;
+}
+  }
+`);
+
+if (sr.evaluate(`globalThis.x`) !== MAX_ITER)
+  throw new Error("Prototype invalid in separate eval");
+


Modified: trunk/LayoutTests/ChangeLog (292894 => 292895)

--- trunk/LayoutTests/ChangeLog	2022-04-14 23:36:49 UTC (rev 292894)
+++ trunk/LayoutTests/ChangeLog	2022-04-14 23:39:06 UTC (rev 292895)
@@ -1,3 +1,16 @@
+2022-04-14  Caitlin Potter  
+
+[JSC] ShadowRealm global object has a mutable prototype
+https://bugs.webkit.org/show_bug.cgi?id=239332
+
+Reviewed by Yusuke Suzuki.
+
+Add a new layout test to verify changes to verify that ShadowRealmGlobalObject has a properly
+mutable prototype.
+
+* js/ShadowRealm-globalThis-expected.txt: Added.
+* js/ShadowRealm-globalThis.html: Added.
+
 2022-04-14  Nikolaos Mouchtaris  
 
 calc(): Serialize top level min/max/hypot as calc()


Added: trunk/LayoutTests/js/ShadowRealm-globalThis-expected.txt (0 => 292895)

--- trunk/LayoutTests/js/ShadowRealm-globalThis-expected.txt	(rev 0)
+++

[webkit-changes] [289417] trunk

2022-02-08 Thread caitp 
Title: [289417] trunk








Revision 289417
Author ca...@igalia.com
Date 2022-02-08 12:42:04 -0800 (Tue, 08 Feb 2022)


Log Message
[JSC] move function wrapping logic to a new Function type
https://bugs.webkit.org/show_bug.cgi?id=235382

Reviewed by Yusuke Suzuki.

JSTests:

Adds a new file testing CopyNameAndLength stuff in the ShadowRealm proposal,
and fix up assertions about this in shadow-realm-evaluate.js

* stress/shadow-realm-evaluate.js:
* stress/shadow-realm-remote-function-copy-length-and-name.js: Added.

Source/_javascript_Core:

In this initial patch, there is still a lot of JS-builtin machinery,
including some duplicated functionality. Additionally, JIT support
has not been incorporated yet.

Broadly, the idea is that there are custom hooks for calling a
JSRemoteFunction, which perform the wrapping functionality. This avoids
the need for allocating closures which contain the wrapping logic.

TODO:
- JIT/DFG/FTL support
- structure caching (unnecessary since these are not constructors?)
- improved baseline perf

* CMakeLists.txt:
* _javascript_Core.xcodeproj/project.pbxproj:
* Sources.txt:
* assembler/LinkBuffer.h:
* builtins/BuiltinNames.h:
* builtins/ShadowRealmPrototype.js:
* bytecode/LinkTimeConstant.h:
* dfg/DFGSpeculativeJIT.cpp:
* ftl/FTLLowerDFGToB3.cpp:
* heap/Heap.cpp:
* heap/Heap.h:
* inspector/JSInjectedScriptHost.cpp:
* interpreter/Interpreter.cpp:
* jit/AssemblyHelpers.h:
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* jit/ThunkGenerators.cpp:
* jit/ThunkGenerators.h:
* jsc.cpp:
* runtime/ErrorInstance.cpp:
* runtime/FunctionPrototype.cpp:
* runtime/InternalFunction.cpp:
* runtime/Intrinsic.cpp:
* runtime/Intrinsic.h:
* runtime/JSCast.h:
* runtime/JSFunction.cpp:
* runtime/JSFunction.h:
* runtime/JSFunctionInlines.h:
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h:
* runtime/JSRemoteFunction.cpp: Added.
* runtime/JSRemoteFunction.h: Added.
* runtime/VM.cpp:
* runtime/VM.h:

Modified Paths

trunk/JSTests/ChangeLog
trunk/JSTests/stress/shadow-realm-evaluate.js
trunk/Source/_javascript_Core/CMakeLists.txt
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj
trunk/Source/_javascript_Core/Sources.txt
trunk/Source/_javascript_Core/assembler/LinkBuffer.h
trunk/Source/_javascript_Core/builtins/BuiltinNames.h
trunk/Source/_javascript_Core/builtins/ShadowRealmPrototype.js
trunk/Source/_javascript_Core/bytecode/LinkTimeConstant.h
trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp
trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp
trunk/Source/_javascript_Core/heap/Heap.cpp
trunk/Source/_javascript_Core/heap/Heap.h
trunk/Source/_javascript_Core/inspector/JSInjectedScriptHost.cpp
trunk/Source/_javascript_Core/interpreter/Interpreter.cpp
trunk/Source/_javascript_Core/jit/AssemblyHelpers.h
trunk/Source/_javascript_Core/jit/JITOperations.cpp
trunk/Source/_javascript_Core/jit/JITOperations.h
trunk/Source/_javascript_Core/jit/ThunkGenerators.cpp
trunk/Source/_javascript_Core/jit/ThunkGenerators.h
trunk/Source/_javascript_Core/jsc.cpp
trunk/Source/_javascript_Core/runtime/ErrorInstance.cpp
trunk/Source/_javascript_Core/runtime/FunctionPrototype.cpp
trunk/Source/_javascript_Core/runtime/InternalFunction.cpp
trunk/Source/_javascript_Core/runtime/Intrinsic.cpp
trunk/Source/_javascript_Core/runtime/Intrinsic.h
trunk/Source/_javascript_Core/runtime/JSCast.h
trunk/Source/_javascript_Core/runtime/JSFunction.cpp
trunk/Source/_javascript_Core/runtime/JSFunction.h
trunk/Source/_javascript_Core/runtime/JSFunctionInlines.h
trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp
trunk/Source/_javascript_Core/runtime/JSGlobalObject.h
trunk/Source/_javascript_Core/runtime/VM.cpp
trunk/Source/_javascript_Core/runtime/VM.h


Added Paths

trunk/JSTests/stress/shadow-realm-remote-function-copy-length-and-name.js
trunk/Source/_javascript_Core/runtime/JSRemoteFunction.cpp
trunk/Source/_javascript_Core/runtime/JSRemoteFunction.h




Diff

Modified: trunk/JSTests/ChangeLog (289416 => 289417)

--- trunk/JSTests/ChangeLog	2022-02-08 20:25:39 UTC (rev 289416)
+++ trunk/JSTests/ChangeLog	2022-02-08 20:42:04 UTC (rev 289417)
@@ -1,3 +1,16 @@
+2022-02-08  Caitlin Potter  
+
+[JSC] move function wrapping logic to a new Function type
+https://bugs.webkit.org/show_bug.cgi?id=235382
+
+Reviewed by Yusuke Suzuki.
+
+Adds a new file testing CopyNameAndLength stuff in the ShadowRealm proposal,
+and fix up assertions about this in shadow-realm-evaluate.js
+
+* stress/shadow-realm-evaluate.js:
+* stress/shadow-realm-remote-function-copy-length-and-name.js: Added.
+
 2022-02-06  Yusuke Suzuki  
 
 [Wasm] ref.null check should be done first in B3 call_ref


Modified: trunk/JSTests/stress/shadow-realm-evaluate.js (289416 => 289417)

--- trunk/JSTests/stress/shadow-realm-evaluate.js	2022-02-08 20:25:39 UTC (rev 289416)
+++ trunk/JSTests/stress/shadow-realm-evaluate.js	2022-02-08 20:42:04 UTC (rev

[webkit-changes] [287154] trunk/Source/JavaScriptCore

2021-12-16 Thread caitp 
Title: [287154] trunk/Source/_javascript_Core








Revision 287154
Author ca...@igalia.com
Date 2021-12-16 13:05:43 -0800 (Thu, 16 Dec 2021)


Log Message
[JSC] only emit pointer validation for ARM64E
https://bugs.webkit.org/show_bug.cgi?id=234402

Reviewed by Yusuke Suzuki and Mark Lam.

JIT thunks no longer emit `push ; pop ;` on
non-ARM64E arches with the emitPointerValidation macro.

* jit/ThunkGenerators.cpp:
(JSC::emitPointerValidation):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/jit/ThunkGenerators.cpp




Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (287153 => 287154)

--- trunk/Source/_javascript_Core/ChangeLog	2021-12-16 21:02:07 UTC (rev 287153)
+++ trunk/Source/_javascript_Core/ChangeLog	2021-12-16 21:05:43 UTC (rev 287154)
@@ -1,3 +1,16 @@
+2021-12-16  Caitlin Potter  
+
+[JSC] only emit pointer validation for ARM64E
+https://bugs.webkit.org/show_bug.cgi?id=234402
+
+Reviewed by Yusuke Suzuki and Mark Lam.
+
+JIT thunks no longer emit `push ; pop ;` on
+non-ARM64E arches with the emitPointerValidation macro.
+
+* jit/ThunkGenerators.cpp:
+(JSC::emitPointerValidation):
+
 2021-12-16  Michael Saboff  
 
 Create symlinks pointing to alternate root framework locations


Modified: trunk/Source/_javascript_Core/jit/ThunkGenerators.cpp (287153 => 287154)

--- trunk/Source/_javascript_Core/jit/ThunkGenerators.cpp	2021-12-16 21:02:07 UTC (rev 287153)
+++ trunk/Source/_javascript_Core/jit/ThunkGenerators.cpp	2021-12-16 21:05:43 UTC (rev 287154)
@@ -148,6 +148,7 @@
 template
 inline void emitPointerValidation(CCallHelpers& jit, GPRReg pointerGPR, TagType tag)
 {
+#if CPU(ARM64E)
 if (!ASSERT_ENABLED)
 return;
 if (!Options::useJITCage()) {
@@ -159,6 +160,11 @@
 jit.validateUntaggedPtr(pointerGPR);
 jit.popToRestore(pointerGPR);
 }
+#else
+UNUSED_PARAM(jit);
+UNUSED_PARAM(pointerGPR);
+UNUSED_PARAM(tag);
+#endif
 }
 
 // We will jump here if the JIT code tries to make a call, but the






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [285196] trunk/Source/WebCore

2021-11-02 Thread caitp 
Title: [285196] trunk/Source/WebCore








Revision 285196
Author ca...@igalia.com
Date 2021-11-02 20:08:11 -0700 (Tue, 02 Nov 2021)


Log Message
[WebIDL] Support [Exposed=*] extended attribute
https://bugs.webkit.org/show_bug.cgi?id=231082

Reviewed by Chris Dumez.

Adds a shorthand to expose interfaces/attributes on Window, Workers*,
and the forthcoming ShadowRealm global object.

See https://github.com/heycam/webidl/issues/468 and
https://github.com/heycam/webidl/pull/526 for details.

* bindings/scripts/CodeGenerator.pm:
(shouldPropertyBeExposed):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateRuntimeEnableConditionalStringForExposed):
* bindings/scripts/IDLParser.pm:
(parseExtendedAttributeRest2):
* bindings/scripts/preprocess-idls.pl:
* bindings/scripts/test/AudioWorkletGlobalScopeConstructors.idl:
* bindings/scripts/test/DOMWindowConstructors.idl:
* bindings/scripts/test/DedicatedWorkerGlobalScopeConstructors.idl:
* bindings/scripts/test/ExposedStar.idl: Added.
* bindings/scripts/test/JS/JSDOMWindow.cpp:
(WebCore::jsDOMWindow_ExposedStarConstructorGetter):
(WebCore::JSC_DEFINE_CUSTOM_GETTER):
* bindings/scripts/test/JS/JSDedicatedWorkerGlobalScope.cpp:
(WebCore::jsDedicatedWorkerGlobalScope_ExposedStarConstructorGetter):
(WebCore::JSC_DEFINE_CUSTOM_GETTER):
* bindings/scripts/test/JS/JSExposedStar.cpp: Added.
(WebCore::JSExposedStarDOMConstructor::prototypeForStructure):
(WebCore::JSExposedStarDOMConstructor::initializeProperties):
(WebCore::JSExposedStarPrototype::finishCreation):
(WebCore::JSExposedStar::JSExposedStar):
(WebCore::JSExposedStar::finishCreation):
(WebCore::JSExposedStar::createPrototype):
(WebCore::JSExposedStar::prototype):
(WebCore::JSExposedStar::getConstructor):
(WebCore::JSC_DEFINE_CUSTOM_GETTER):
(WebCore::jsExposedStarPrototypeFunction_operationForAllContextsBody):
(WebCore::JSC_DEFINE_HOST_FUNCTION):
(WebCore::jsExposedStarPrototypeFunction_operationJustForWindowContextsBody):
(WebCore::jsExposedStarPrototypeFunction_operationJustForWorkerContextsBody):
(WebCore::JSExposedStar::subspaceForImpl):
(WebCore::JSExposedStar::analyzeHeap):
(WebCore::toJSNewlyCreated):
(WebCore::toJS):
(WebCore::JSExposedStar::toWrapped):
* bindings/scripts/test/JS/JSExposedStar.h: Added.
(WebCore::JSExposedStar::create):
(WebCore::JSExposedStar::createStructure):
(WebCore::JSExposedStar::subspaceFor):
(WebCore::JSExposedStar::wrapped const):
(WebCore::toJS):
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSPaintWorkletGlobalScope.cpp:
(WebCore::jsPaintWorkletGlobalScope_ExposedStarConstructorGetter):
(WebCore::JSC_DEFINE_CUSTOM_GETTER):
* bindings/scripts/test/JS/JSServiceWorkerGlobalScope.cpp:
(WebCore::jsServiceWorkerGlobalScope_ExposedStarConstructorGetter):
(WebCore::JSC_DEFINE_CUSTOM_GETTER):
* bindings/scripts/test/PaintWorkletGlobalScopeConstructors.idl:
* bindings/scripts/test/ServiceWorkerGlobalScopeConstructors.idl:
* bindings/scripts/test/SupplementalDependencies.dep:

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/bindings/scripts/CodeGenerator.pm
trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
trunk/Source/WebCore/bindings/scripts/IDLParser.pm
trunk/Source/WebCore/bindings/scripts/preprocess-idls.pl
trunk/Source/WebCore/bindings/scripts/test/AudioWorkletGlobalScopeConstructors.idl
trunk/Source/WebCore/bindings/scripts/test/DOMWindowConstructors.idl
trunk/Source/WebCore/bindings/scripts/test/DedicatedWorkerGlobalScopeConstructors.idl
trunk/Source/WebCore/bindings/scripts/test/JS/JSDOMWindow.cpp
trunk/Source/WebCore/bindings/scripts/test/JS/JSDedicatedWorkerGlobalScope.cpp
trunk/Source/WebCore/bindings/scripts/test/JS/JSPaintWorkletGlobalScope.cpp
trunk/Source/WebCore/bindings/scripts/test/JS/JSServiceWorkerGlobalScope.cpp
trunk/Source/WebCore/bindings/scripts/test/PaintWorkletGlobalScopeConstructors.idl
trunk/Source/WebCore/bindings/scripts/test/ServiceWorkerGlobalScopeConstructors.idl
trunk/Source/WebCore/bindings/scripts/test/SupplementalDependencies.dep


Added Paths

trunk/Source/WebCore/bindings/scripts/test/ExposedStar.idl
trunk/Source/WebCore/bindings/scripts/test/JS/JSExposedStar.cpp
trunk/Source/WebCore/bindings/scripts/test/JS/JSExposedStar.h




Diff

Modified: trunk/Source/WebCore/ChangeLog (285195 => 285196)

--- trunk/Source/WebCore/ChangeLog	2021-11-03 02:26:54 UTC (rev 285195)
+++ trunk/Source/WebCore/ChangeLog	2021-11-03 03:08:11 UTC (rev 285196)
@@ -1,3 +1,69 @@
+2021-11-02  Caitln Potter  
+
+[WebIDL] Support [Exposed=*] extended attribute
+https://bugs.webkit.org/show_bug.cgi?id=231082
+
+Reviewed by Chris Dumez.
+
+Adds a shorthand to expose interfaces/attributes on Window, Workers*,
+and the forthcoming ShadowRealm global object.
+
+See https://github.com/heycam/webidl/issues/468 and
+https://github.com/heycam/webidl/pull/526 for details.
+
+* bindings/scripts/CodeGenerator.pm:
+(shouldPropertyBeExposed):
+*

[webkit-changes] [284310] trunk

2021-10-16 Thread caitp 
Title: [284310] trunk








Revision 284310
Author ca...@igalia.com
Date 2021-10-16 01:22:59 -0700 (Sat, 16 Oct 2021)


Log Message
Add github username for myself
https://bugs.webkit.org/show_bug.cgi?id=231857

Reviewed by Yusuke Suzuki.

* metadata/contributors.json:

Modified Paths

trunk/ChangeLog
trunk/metadata/contributors.json




Diff

Modified: trunk/ChangeLog (284309 => 284310)

--- trunk/ChangeLog	2021-10-16 07:58:04 UTC (rev 284309)
+++ trunk/ChangeLog	2021-10-16 08:22:59 UTC (rev 284310)
@@ -1,3 +1,12 @@
+2021-10-16  Caitlin Potter  
+
+Add github username for myself
+https://bugs.webkit.org/show_bug.cgi?id=231857
+
+Reviewed by Yusuke Suzuki.
+
+* metadata/contributors.json:
+
 2021-10-15  Basuke Suzuki  
 
 Add flag to turn off Iso heap


Modified: trunk/metadata/contributors.json (284309 => 284310)

--- trunk/metadata/contributors.json	2021-10-16 07:58:04 UTC (rev 284309)
+++ trunk/metadata/contributors.json	2021-10-16 08:22:59 UTC (rev 284310)
@@ -1227,6 +1227,7 @@
   "emails" : [
  "ca...@igalia.com"
   ],
+  "github" : "caitp",
   "name" : "Caitlin Potter",
   "nicks" : [
  "caitp"






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [268794] trunk

2020-10-21 Thread caitp 
Title: [268794] trunk








Revision 268794
Author ca...@igalia.com
Date 2020-10-21 07:06:02 -0700 (Wed, 21 Oct 2020)


Log Message
[JSC] support op_get_private_name in DFG and FTL
https://bugs.webkit.org/show_bug.cgi?id=214861

Reviewed by Filip Pizlo.

JSTests:

* microbenchmarks/class-fields-private/monomorphic-get-private-field.js: Added.
* microbenchmarks/class-fields-private/polymorphic-get-private-field.js: Added.
* stress/dfg-get-private-name-by-id-generic.js: Added.
* stress/dfg-get-private-name-by-id-osr-bad-identifier.js: Added.
* stress/dfg-get-private-name-by-id.js: Added.
* stress/dfg-get-private-name-by-offset-osr-bad-identifier.js: Added.
* stress/dfg-get-private-name-by-offset-osr-bad-structure.js: Added.
* stress/dfg-get-private-name-by-offset.js: Added.
* stress/dfg-get-private-name-by-val-generic.js: Added.
* stress/ftl-get-private-name-by-id.js: Added.
* stress/ftl-get-private-name-by-offset-multi.js: Added.
* stress/get-private-name-with-constant-ident.js: Added.
* stress/get-private-name-with-constant-symbol.js: Added.
* stress/get-private-name-with-different-symbol.js: Added.

Source/_javascript_Core:

Adds DFG/FTL support for op_get_private_name.

During DFG bytecode parsing, we will attempt, if deemed possible by
the information available, to output a GetByOffset operation. If a
single private field identifier is used in all cases (the common case),
but there are too many structure variants, a GetPrivateNameById
operation is emitted instead. Failing that, the GetPrivateName
operation is produced, which produces a GetByVal IC like in the
baseline JIT.

In FTL, GetPrivateNameByID can be reduced to [Multi]GetByOffset in the
DFGConstantFoldingPhase, or a GetByID IC when lowering to B3.

* bytecode/GetByStatus.cpp:
(JSC::GetByStatus::computeFromLLInt):
* bytecode/StructureStubInfo.h:
(JSC::appropriateOptimizingGetByIdFunction):
(JSC::appropriateGenericGetByIdFunction):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::simplifyGetByStatus):
(JSC::DFG::ByteCodeParser::handleGetById):
(JSC::DFG::ByteCodeParser::handleGetPrivateNameById):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNode.h:
(JSC::DFG::Node::convertToGetByOffset):
(JSC::DFG::Node::convertToMultiGetByOffset):
(JSC::DFG::Node::hasCacheableIdentifier):
(JSC::DFG::Node::hasHeapPrediction):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetPrivateName):
(JSC::DFG::SpeculativeJIT::compileGetPrivateNameByVal):
(JSC::DFG::SpeculativeJIT::compileGetPrivateNameById):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::getPrivateName):
(JSC::FTL::DFG::LowerDFGToB3::compileGetPrivateName):
(JSC::FTL::DFG::LowerDFGToB3::compileGetPrivateNameById):
* jit/ICStats.h:
* jit/JITOperations.cpp:
(JSC::getPrivateName):
(JSC::JSC_DEFINE_JIT_OPERATION):
* jit/JITOperations.h:
* jit/Repatch.cpp:
(JSC::appropriateOptimizingGetByFunction):
(JSC::appropriateGetByFunction):
(JSC::tryCacheGetBy):
* jit/Repatch.h:
* runtime/OptionsList.h:

Modified Paths

trunk/JSTests/ChangeLog
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/bytecode/GetByStatus.cpp
trunk/Source/_javascript_Core/bytecode/StructureStubInfo.h
trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h
trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp
trunk/Source/_javascript_Core/dfg/DFGClobberize.h
trunk/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp
trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp
trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp
trunk/Source/_javascript_Core/dfg/DFGNode.h
trunk/Source/_javascript_Core/dfg/DFGNodeType.h
trunk/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp
trunk/Source/_javascript_Core/dfg/DFGSafeToExecute.h
trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp
trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h
trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp
trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp
trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp
trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp
trunk/Source/_javascript_Core/jit/ICStats.h
trunk/Source/_javascript_Core/jit/JITOperations.cpp
trunk/Source/_javascript_Core/jit/JITOperations.h
trunk/Source/_javascript_Core/jit/Repatch.cpp
trunk/Source/_javascript_Core/jit/Repatch.h

[webkit-changes] [265000] trunk

2020-07-28 Thread caitp 
Title: [265000] trunk








Revision 265000
Author ca...@igalia.com
Date 2020-07-28 12:28:16 -0700 (Tue, 28 Jul 2020)


Log Message
[JSC] add IC support for op_get_private_name
https://bugs.webkit.org/show_bug.cgi?id=213545

Reviewed by Saam Barati.

JSTests:

Add a crashtest for a crash in an earlier edition of the GPN IC patch.

* stress/get-private-name-cache-failure.js: Added.

Source/_javascript_Core:

The baseline JIT now supports a fast path for op_private_name,
using a variant of GetByVal IC.

The generated AccessCase has the following qualities:
  - Always "direct", relying only on the current structure for cachebility
  - Never impure (DOM properties are not supported at this time, ProxyObjects are treated as JSObjects)

Based on the microbenchmark reviewed on https://bugs.webkit.org/show_bug.cgi?id=213544, this sees
an improvement of roughly 50% on average.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finishCreation):
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::reset):
* bytecode/StructureStubInfo.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileGetByVal):
* jit/ICStats.h:
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
* jit/JIT.h:
* jit/JITInlineCacheGenerator.cpp:
(JSC::JITGetByValGenerator::JITGetByValGenerator):
* jit/JITInlineCacheGenerator.h:
* jit/JITOperations.cpp:
(JSC::getPrivateName):
* jit/JITOperations.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::emit_op_get_private_name):
(JSC::JIT::emitSlow_op_get_private_name):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::emit_op_get_private_name):
(JSC::JIT::emitSlow_op_get_private_name):
* jit/Repatch.cpp:
(JSC::appropriateOptimizingGetByFunction):
(JSC::appropriateGetByFunction):
(JSC::tryCacheGetBy):
* jit/Repatch.h:

Modified Paths

trunk/JSTests/ChangeLog
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp
trunk/Source/_javascript_Core/bytecode/StructureStubInfo.cpp
trunk/Source/_javascript_Core/bytecode/StructureStubInfo.h
trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp
trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp
trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp
trunk/Source/_javascript_Core/jit/ICStats.h
trunk/Source/_javascript_Core/jit/JIT.cpp
trunk/Source/_javascript_Core/jit/JIT.h
trunk/Source/_javascript_Core/jit/JITInlineCacheGenerator.cpp
trunk/Source/_javascript_Core/jit/JITInlineCacheGenerator.h
trunk/Source/_javascript_Core/jit/JITOperations.cpp
trunk/Source/_javascript_Core/jit/JITOperations.h
trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp
trunk/Source/_javascript_Core/jit/JITPropertyAccess32_64.cpp
trunk/Source/_javascript_Core/jit/Repatch.cpp
trunk/Source/_javascript_Core/jit/Repatch.h


Added Paths

trunk/JSTests/stress/get-private-name-cache-failure.js




Diff

Modified: trunk/JSTests/ChangeLog (264999 => 265000)

--- trunk/JSTests/ChangeLog	2020-07-28 19:21:35 UTC (rev 264999)
+++ trunk/JSTests/ChangeLog	2020-07-28 19:28:16 UTC (rev 265000)
@@ -1,3 +1,14 @@
+2020-07-28  Caitlin Potter  
+
+[JSC] add IC support for op_get_private_name
+https://bugs.webkit.org/show_bug.cgi?id=213545
+
+Reviewed by Saam Barati.
+
+Add a crashtest for a crash in an earlier edition of the GPN IC patch.
+
+* stress/get-private-name-cache-failure.js: Added.
+
 2020-07-27  Yusuke Suzuki  
 
 [JSC][wasm] Truncating slightly less than INT32_MIN is incorrect


Added: trunk/JSTests/stress/get-private-name-cache-failure.js (0 => 265000)

--- trunk/JSTests/stress/get-private-name-cache-failure.js	(rev 0)
+++ trunk/JSTests/stress/get-private-name-cache-failure.js	2020-07-28 19:28:16 UTC (rev 265000)
@@ -0,0 +1,42 @@
+//@requireOptions("--usePrivateClassFields=true", "--useLLInt=false", "--forceICFailure=true")
+// Regression test: Ensure that we don't crash when op_get_private_field caching results in
+// giving up on caching.`
+
+function assert(expr, message) {
+  if (!expr)
+throw new Error(`Assertion Failed: ${message}`);
+}
+Object.assign(assert, {
+  equals(actual, expected) {
+assert(actual === expected, `expected ${expected} but found ${actual}`);
+  },
+  throws(fn, errorType) {
+try {
+  fn();
+} catch (e) {
+  if (typeof errorType === "function")
+assert(e instanceof errorType, `expected to throw ${errorType.name} but threw ${e}`);
+  return;
+}
+assert(false, `expected to throw, but no exception was thrown.`);
+  }
+});
+
+class C {
+  #x = 5;
+  get(o) { return o.#x; }
+}
+let get = C.prototype.get;
+function testAccess() {
+  assert.equals(get(new C), 5);
+}
+noInline(testAccess);
+function testThrows() {
+  assert.throws(() => get(globalThis), TypeError);
+}

[webkit-changes] [264369] trunk/Source/JavaScriptCore

2020-07-14 Thread caitp 
Title: [264369] trunk/Source/_javascript_Core








Revision 264369
Author ca...@igalia.com
Date 2020-07-14 12:50:03 -0700 (Tue, 14 Jul 2020)


Log Message
[JSC] fixup LLInt fast path in op_get_private_name
https://bugs.webkit.org/show_bug.cgi?id=214311

Reviewed by Tadeu Zagallo.

The LLInt slow path would previously always be taken in op_get_private_name,
due to not comparing the operand field name's JSValue payload with the cached
field name, but the register index itself.

This fixup can't really be verified by tests, as it is primarily a
minor performance improvement.

* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm
trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm




Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (264368 => 264369)

--- trunk/Source/_javascript_Core/ChangeLog	2020-07-14 19:27:34 UTC (rev 264368)
+++ trunk/Source/_javascript_Core/ChangeLog	2020-07-14 19:50:03 UTC (rev 264369)
@@ -1,3 +1,20 @@
+2020-07-14  Caitlin Potter  
+
+[JSC] fixup LLInt fast path in op_get_private_name
+https://bugs.webkit.org/show_bug.cgi?id=214311
+
+Reviewed by Tadeu Zagallo.
+
+The LLInt slow path would previously always be taken in op_get_private_name,
+due to not comparing the operand field name's JSValue payload with the cached
+field name, but the register index itself.
+
+This fixup can't really be verified by tests, as it is primarily a
+minor performance improvement.
+
+* llint/LowLevelInterpreter32_64.asm:
+* llint/LowLevelInterpreter64.asm:
+
 2020-07-14  Xan Lopez  
 
 [JSC] Remove compiler warning in JSBigInt


Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm (264368 => 264369)

--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm	2020-07-14 19:27:34 UTC (rev 264368)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm	2020-07-14 19:50:03 UTC (rev 264369)
@@ -1601,7 +1601,8 @@
 metadata(t5, t0)
 
 # Slow path if the private field is stale
-get(m_property, t0)
+get(m_property, t1)
+loadConstantOrVariablePayloadUnchecked(size, t1, t0)
 loadp OpGetPrivateName::Metadata::m_property[t5], t1
 bpneq t1, t0, .opGetPrivateNameSlow
 


Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm (264368 => 264369)

--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm	2020-07-14 19:27:34 UTC (rev 264368)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm	2020-07-14 19:50:03 UTC (rev 264369)
@@ -1699,7 +1699,8 @@
 metadata(t2, t0)
 
 # Slow path if the private field is stale
-get(m_property, t0)
+get(m_property, t1)
+loadConstantOrVariable(size, t1, t0)
 loadp OpGetPrivateName::Metadata::m_property[t2], t1
 bpneq t1, t0, .opGetPrivateNameSlow
 






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [263491] trunk/Source/JavaScriptCore

2020-06-24 Thread caitp 
Title: [263491] trunk/Source/_javascript_Core








Revision 263491
Author ca...@igalia.com
Date 2020-06-24 19:05:51 -0700 (Wed, 24 Jun 2020)


Log Message
[JSC] handle Put/DefinePrivateField in resetPutByID
https://bugs.webkit.org/show_bug.cgi?id=213583

Reviewed by Yusuke Suzuki.

r262613 extends and uses PutByValDirect to support updating and defining private fields, in order to reuse
the IC machinery. The necessary resetPutByID change was erroneously omitted, and is presented here.

* jit/Repatch.cpp:
(JSC::resetPutByID):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/jit/Repatch.cpp




Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (263490 => 263491)

--- trunk/Source/_javascript_Core/ChangeLog	2020-06-25 01:43:05 UTC (rev 263490)
+++ trunk/Source/_javascript_Core/ChangeLog	2020-06-25 02:05:51 UTC (rev 263491)
@@ -1,3 +1,16 @@
+2020-06-24  Caitlin Potter  
+
+[JSC] handle Put/DefinePrivateField in resetPutByID
+https://bugs.webkit.org/show_bug.cgi?id=213583
+
+Reviewed by Yusuke Suzuki.
+
+r262613 extends and uses PutByValDirect to support updating and defining private fields, in order to reuse
+the IC machinery. The necessary resetPutByID change was erroneously omitted, and is presented here.
+
+* jit/Repatch.cpp:
+(JSC::resetPutByID):
+
 2020-06-24  Yusuke Suzuki  
 
 [JSC] llintTrue / jitTrue can encounter native functions


Modified: trunk/Source/_javascript_Core/jit/Repatch.cpp (263490 => 263491)

--- trunk/Source/_javascript_Core/jit/Repatch.cpp	2020-06-25 01:43:05 UTC (rev 263490)
+++ trunk/Source/_javascript_Core/jit/Repatch.cpp	2020-06-25 02:05:51 UTC (rev 263491)
@@ -1483,6 +1483,10 @@
 optimizedFunction = operationPutByIdNonStrictOptimize;
 else if (unoptimizedFunction == operationPutByIdDirectStrict || unoptimizedFunction == operationPutByIdDirectStrictOptimize)
 optimizedFunction = operationPutByIdDirectStrictOptimize;
+else if (unoptimizedFunction == operationPutByIdPutPrivateFieldStrict || unoptimizedFunction == operationPutByIdPutPrivateFieldStrictOptimize)
+optimizedFunction = operationPutByIdPutPrivateFieldStrictOptimize;
+else if (unoptimizedFunction == operationPutByIdDefinePrivateFieldStrict || unoptimizedFunction == operationPutByIdDefinePrivateFieldStrictOptimize)
+optimizedFunction = operationPutByIdDefinePrivateFieldStrictOptimize;
 else {
 ASSERT(unoptimizedFunction == operationPutByIdDirectNonStrict || unoptimizedFunction == operationPutByIdDirectNonStrictOptimize);
 optimizedFunction = operationPutByIdDirectNonStrictOptimize;






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [263454] trunk

2020-06-24 Thread caitp 
Title: [263454] trunk








Revision 263454
Author ca...@igalia.com
Date 2020-06-24 07:48:34 -0700 (Wed, 24 Jun 2020)


Log Message
[JSC] add microbenchmark for op_get_private_name
https://bugs.webkit.org/show_bug.cgi?id=213544

Reviewed by Yusuke Suzuki.

Add machinery to add --usePrivateClassFields flag in a family of
microbenchmarks.

* Scripts/run-jsc-benchmarks:

Modified Paths

trunk/Tools/ChangeLog
trunk/Tools/Scripts/run-jsc-benchmarks


Added Paths

trunk/JSTests/microbenchmarks/class-fields-private/
trunk/JSTests/microbenchmarks/class-fields-private/get-private-name.js




Diff

Added: trunk/JSTests/microbenchmarks/class-fields-private/get-private-name.js (0 => 263454)

--- trunk/JSTests/microbenchmarks/class-fields-private/get-private-name.js	(rev 0)
+++ trunk/JSTests/microbenchmarks/class-fields-private/get-private-name.js	2020-06-24 14:48:34 UTC (rev 263454)
@@ -0,0 +1,29 @@
+//@ requireOptions("--usePrivateClassFields=true")
+
+function assert(b, m = "Assertion failed") {
+if (!b)
+throw new Error(m);
+}
+
+function test1() {
+function factory(i) {
+return new class {
+#x = i;
+get() { return this.#x; }
+};
+}
+
+function foo(o, i) {
+return o.get();
+}
+noInline(foo);
+
+let a = factory(42);
+let b = factory(43);
+let start = Date.now();
+for (let i = 0; i < 1000; ++i) {
+assert(foo(a, "a") === 42);
+assert(foo(b, "b") === 43);
+}
+}
+test1();


Modified: trunk/Tools/ChangeLog (263453 => 263454)

--- trunk/Tools/ChangeLog	2020-06-24 14:07:32 UTC (rev 263453)
+++ trunk/Tools/ChangeLog	2020-06-24 14:48:34 UTC (rev 263454)
@@ -1,3 +1,15 @@
+2020-06-24  Caitlin Potter  
+
+[JSC] add microbenchmark for op_get_private_name
+https://bugs.webkit.org/show_bug.cgi?id=213544
+
+Reviewed by Yusuke Suzuki.
+
+Add machinery to add --usePrivateClassFields flag in a family of
+microbenchmarks.
+ 
+* Scripts/run-jsc-benchmarks:
+
 2020-06-24  Carlos Garcia Campos  
 
 [GTK][WPE] Add API to allow applications to handle the HTTP authentication credential storage


Modified: trunk/Tools/Scripts/run-jsc-benchmarks (263453 => 263454)

--- trunk/Tools/Scripts/run-jsc-benchmarks	2020-06-24 14:07:32 UTC (rev 263453)
+++ trunk/Tools/Scripts/run-jsc-benchmarks	2020-06-24 14:48:34 UTC (rev 263454)
@@ -51,6 +51,7 @@
 TAILBENCH_PATH = PERFORMANCETESTS_PATH + "TailBench9000"
 BIGINTBENCH_PATH = PERFORMANCETESTS_PATH + "BigIntBench"
 MICROBENCHMARKS_PATH = OPENSOURCE_PATH + "JSTests" + "microbenchmarks"
+PRIVATEFIELDSBENCH_PATH = MICROBENCHMARKS_PATH + "class-fields-private"
 SLOW_MICROBENCHMARKS_PATH = OPENSOURCE_PATH + "JSTests" + "slowMicrobenchmarks"
 OPENSOURCE_OCTANE_PATH = PERFORMANCETESTS_PATH + "Octane"
 OCTANE_WRAPPER_PATH = OPENSOURCE_OCTANE_PATH + "wrappers"
@@ -235,6 +236,7 @@
 $includeSixSpeed = false
 $includeTailBench = true
 $includeBigIntBench = false
+$includePrivateFieldsBench = false
 $measureGC=false
 $benchmarkPattern=nil
 $verbosity=0
@@ -1767,7 +1769,22 @@
   end
 end
 
+class PrivateFieldsBenchmark
+include Benchmark
 
+def initialize(name)
+@name = name
+end
+
+def emitRunCode(plan)
+emitBenchRunCode(fullname, plan, SingleFileTimedBenchmarkParameters.new(ensureFile("PrivateFieldsBench-#{@name}", "#{PRIVATEFIELDSBENCH_PATH}/#{@name}.js")))
+end
+
+def environment
+{"JSC_usePrivateClassFields" => "true"}
+end
+end
+
 class MicrobenchmarksBenchmark
   include Benchmark
   
@@ -2866,6 +2883,7 @@
  ['--six-speed', GetoptLong::NO_ARGUMENT],
  ['--tail-bench', GetoptLong::NO_ARGUMENT],
  ['--big-int-bench', GetoptLong::NO_ARGUMENT],
+ ['--private-fields-bench', GetoptLong::NO_ARGUMENT],
  ['--benchmarks', GetoptLong::REQUIRED_ARGUMENT],
  ['--measure-gc', GetoptLong::OPTIONAL_ARGUMENT],
  ['--force-vm-kind', GetoptLong::REQUIRED_ARGUMENT],
@@ -2984,6 +3002,9 @@
 when '--big-int-bench'
   resetBenchOptionsIfNecessary
   $includeBigIntBench = true
+when '--private-fields-bench'
+  resetBenchOptionsIfNecessary
+  $includePrivateFieldsBench = true
 when '--benchmarks'
   $benchmarkPattern = Regexp.new(arg)
 when '--measure-gc'
@@ -3221,6 +3242,15 @@
 end
   }
 
+  PRIVATEFIELDSBENCH = BenchmarkSuite.new("PrivateFieldsBench", :geometricMean, 0)
+  Dir.foreach(PRIVATEFIELDSBENCH_PATH) {
+| filename |
+if filename =~ /\.js$/
+name = $~.pre_match
+PRIVATEFIELDSBENCH.add PrivateFieldsBenchmark.new(name)
+end
+  }
+
   MICROBENCHMARKS = BenchmarkSuite.new("Microbenchmarks", :geometricMean, 0)
   Dir.foreach(MICROBENCHMARKS_PATH) {
 | filename |
@@ -3392,6 +3422,10 @@
 $suites << BIGINTBENCH
   end
 
+  if $includePrivateFieldsBench and not PRIVATEFIELDSBENCH.empty?
+$suites

[webkit-changes] [263046] trunk

2020-06-15 Thread caitp 
Title: [263046] trunk








Revision 263046
Author ca...@igalia.com
Date 2020-06-15 11:35:28 -0700 (Mon, 15 Jun 2020)


Log Message
[JSC] add machinery to disable JIT tiers when experimental features are enabled
https://bugs.webkit.org/show_bug.cgi?id=213193

Reviewed by Mark Lam.

JSTests:

* stress/get-private-name.js:
* stress/put-by-val-direct-addprivate.js:
* stress/put-by-val-direct-putprivate.js:

Source/_javascript_Core:

A new macro FOR_EACH_JSC_EXPERIMENTAL_OPTION() supplies flags indicating the supported
JIT tiers (or, in the future, other options) of a particular feature,
in an easy to understand format. These flags are then used to
recompute dependent feature flags.

This should simplify the incremental development of language features.

* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
* runtime/Options.cpp:
(JSC::recomputeDependentOptions):
* runtime/OptionsList.h:

Modified Paths

trunk/JSTests/ChangeLog
trunk/JSTests/stress/get-private-name.js
trunk/JSTests/stress/put-by-val-direct-addprivate.js
trunk/JSTests/stress/put-by-val-direct-putprivate.js
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/dfg/DFGCapabilities.cpp
trunk/Source/_javascript_Core/runtime/Options.cpp
trunk/Source/_javascript_Core/runtime/OptionsList.h




Diff

Modified: trunk/JSTests/ChangeLog (263045 => 263046)

--- trunk/JSTests/ChangeLog	2020-06-15 18:29:58 UTC (rev 263045)
+++ trunk/JSTests/ChangeLog	2020-06-15 18:35:28 UTC (rev 263046)
@@ -1,3 +1,14 @@
+2020-06-15  Caitlin Potter  
+
+[JSC] add machinery to disable JIT tiers when experimental features are enabled
+https://bugs.webkit.org/show_bug.cgi?id=213193
+
+Reviewed by Mark Lam.
+
+* stress/get-private-name.js:
+* stress/put-by-val-direct-addprivate.js:
+* stress/put-by-val-direct-putprivate.js:
+
 2020-06-15  Alexey Shvayka  
 
 super should not depend on __proto__


Modified: trunk/JSTests/stress/get-private-name.js (263045 => 263046)

--- trunk/JSTests/stress/get-private-name.js	2020-06-15 18:29:58 UTC (rev 263045)
+++ trunk/JSTests/stress/get-private-name.js	2020-06-15 18:35:28 UTC (rev 263046)
@@ -1,6 +1,4 @@
-// FIXME: //@ requireOptions("--usePrivateClassFields=1") --- Run this in all variants once https://bugs.webkit.org/show_bug.cgi?id=212781 is fixed
-//@ runNoJIT("--usePrivateClassFields=1")
-//@ runNoLLInt("--usePrivateClassFields=1")
+//@ requireOptions("--usePrivateClassFields=1")
 
 // GetPrivateName should throw when the receiver does not have the requested private property
 let i, threw = false;


Modified: trunk/JSTests/stress/put-by-val-direct-addprivate.js (263045 => 263046)

--- trunk/JSTests/stress/put-by-val-direct-addprivate.js	2020-06-15 18:29:58 UTC (rev 263045)
+++ trunk/JSTests/stress/put-by-val-direct-addprivate.js	2020-06-15 18:35:28 UTC (rev 263046)
@@ -1,7 +1,4 @@
-// TODO: //@ requireOptions("--usePrivateClassFields=1") -- Currently, eager JIT is not supported for private field access.
-//@ runDefault("--usePrivateClassFields=1")
-//@ runNoJIT("--usePrivateClassFields=1")
-//@ runNoLLInt("--usePrivateClassFields=1")
+//@ requireOptions("--usePrivateClassFields=1")
 
 // PrivateField "Create" access should throw if writing to a non-existent PrivateName.
 let c, i = 0, threw = false;


Modified: trunk/JSTests/stress/put-by-val-direct-putprivate.js (263045 => 263046)

--- trunk/JSTests/stress/put-by-val-direct-putprivate.js	2020-06-15 18:29:58 UTC (rev 263045)
+++ trunk/JSTests/stress/put-by-val-direct-putprivate.js	2020-06-15 18:35:28 UTC (rev 263046)
@@ -1,7 +1,4 @@
-// FIXME: //@ requireOptions("--usePrivateClassFields=1") -- Currently, eager JIT is not supported for private field access. https://bugs.webkit.org/show_bug.cgi?id=212784
-//@ runDefault("--usePrivateClassFields=1")
-//@ runNoJIT("--usePrivateClassFields=1")
-//@ runNoLLInt("--usePrivateClassFields=1")
+//@ requireOptions("--usePrivateClassFields=1")
 
 // PrivateField "Put" access should throw if writing to a non-existent PrivateName.
 let c, i = 0, threw = false;


Modified: trunk/Source/_javascript_Core/ChangeLog (263045 => 263046)

--- trunk/Source/_javascript_Core/ChangeLog	2020-06-15 18:29:58 UTC (rev 263045)
+++ trunk/Source/_javascript_Core/ChangeLog	2020-06-15 18:35:28 UTC (rev 263046)
@@ -1,3 +1,23 @@
+2020-06-15  Caitlin Potter  
+
+[JSC] add machinery to disable JIT tiers when experimental features are enabled
+https://bugs.webkit.org/show_bug.cgi?id=213193
+
+Reviewed by Mark Lam.
+
+A new macro FOR_EACH_JSC_EXPERIMENTAL_OPTION() supplies flags indicating the supported
+JIT tiers (or, in the future, other options) of a particular feature,
+in an easy to understand format. These flags are then used to
+recompute dependent feature flags.
+
+This should simplify the incremental development of language features.
+
+* dfg/DFGCapabilities.cpp:
+(JSC::DFG::capabilityLevel):
+*

[webkit-changes] [262847] trunk/JSTests

2020-06-10 Thread caitp 
Title: [262847] trunk/JSTests








Revision 262847
Author ca...@igalia.com
Date 2020-06-10 12:08:32 -0700 (Wed, 10 Jun 2020)


Log Message
[JSC] add stress test for op_get_private_name
https://bugs.webkit.org/show_bug.cgi?id=213024

Reviewed by Mark Lam.

* stress/get-private-name.js: Added.

Modified Paths

trunk/JSTests/ChangeLog


Added Paths

trunk/JSTests/stress/get-private-name.js




Diff

Modified: trunk/JSTests/ChangeLog (262846 => 262847)

--- trunk/JSTests/ChangeLog	2020-06-10 19:04:56 UTC (rev 262846)
+++ trunk/JSTests/ChangeLog	2020-06-10 19:08:32 UTC (rev 262847)
@@ -1,3 +1,12 @@
+2020-06-10  Caitlin Potter  
+
+[JSC] add stress test for op_get_private_name
+https://bugs.webkit.org/show_bug.cgi?id=213024
+
+Reviewed by Mark Lam.
+
+* stress/get-private-name.js: Added.
+
 2020-06-09  Mark Lam  
 
 Stringifier::appendStringifiedValue() should not assume it is always safe to recurse.


Added: trunk/JSTests/stress/get-private-name.js (0 => 262847)

--- trunk/JSTests/stress/get-private-name.js	(rev 0)
+++ trunk/JSTests/stress/get-private-name.js	2020-06-10 19:08:32 UTC (rev 262847)
@@ -0,0 +1,29 @@
+// FIXME: //@ requireOptions("--usePrivateClassFields=1") --- Run this in all variants once https://bugs.webkit.org/show_bug.cgi?id=212781 is fixed
+//@ runNoJIT("--usePrivateClassFields=1")
+//@ runNoLLInt("--usePrivateClassFields=1")
+
+// GetPrivateName should throw when the receiver does not have the requested private property
+let i, threw = false;
+class C {
+#x = i;
+constructor() { if (i === 30) return { [Symbol.toStringTag]: "without #x"}; }
+static x(obj) { return obj.#x; }
+get [Symbol.toStringTag]() { return "with #x"; }
+}
+
+try {
+for (i = 0; i < 50; ++i) {
+let c = new C;
+let result = C.x(c);
+if (result !== i)
+throw new Error(`Expected C.x(${c}) to be ${i}, but found ${result}`);
+}
+} catch (e) {
+threw = true;
+if (i !== 30 || e.constructor !== TypeError) {
+throw e;
+}
+}
+
+if (!threw)
+throw new Error("Expected TypeError, but no exception was thrown");






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [254801] trunk

2020-01-18 Thread caitp 
Title: [254801] trunk








Revision 254801
Author ca...@igalia.com
Date 2020-01-18 15:14:31 -0800 (Sat, 18 Jan 2020)


Log Message
[JSC] add DFG/FTL support for op_to_property_key
https://bugs.webkit.org/show_bug.cgi?id=206368

JSTests:

Reviewed by Saam Barati.

* stress/class-fields-to-property-key-const-string-ftl.js: Added.
* stress/class-fields-to-property-key-const-symbol-ftl.js: Added.
* stress/class-fields-to-property-key-slow-object-tostring-ftl.js: Added.
* stress/class-fields-to-property-key-slow-object-valueof-ftl.js: Added.
* stress/class-fields-to-property-key-string-object-ftl.js: Added.
* stress/class-fields-to-property-key-string-or-string-object-ftl.js: Added.

Source/_javascript_Core:

Reviewed by Saam Barati.

Implement DFG/FTL support for the op_to_property_key opcode. This operates
similar to the LLInt and base JIT implementations, in which we avoid invoking
the full ToPropertyKey operation if the source operand is already a String or
Symbol at runtime.

If DFG/FTL are confident the value will be a String or Symbol at compile time,
the operation is omitted entirely in the final graph.

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNode.h:
(JSC::DFG::Node::convertToToString):
* dfg/DFGNodeType.h:
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileToPrimitive):
(JSC::DFG::SpeculativeJIT::compileToPropertyKey):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileToPropertyKey):

Modified Paths

trunk/JSTests/ChangeLog
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h
trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp
trunk/Source/_javascript_Core/dfg/DFGCapabilities.cpp
trunk/Source/_javascript_Core/dfg/DFGClobberize.h
trunk/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp
trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp
trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp
trunk/Source/_javascript_Core/dfg/DFGNode.h
trunk/Source/_javascript_Core/dfg/DFGNodeType.h
trunk/Source/_javascript_Core/dfg/DFGOperations.cpp
trunk/Source/_javascript_Core/dfg/DFGOperations.h
trunk/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp
trunk/Source/_javascript_Core/dfg/DFGSafeToExecute.h
trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp
trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h
trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp
trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp
trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp
trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp


Added Paths

trunk/JSTests/stress/class-fields-to-property-key-const-string-ftl.js
trunk/JSTests/stress/class-fields-to-property-key-const-symbol-ftl.js
trunk/JSTests/stress/class-fields-to-property-key-slow-object-tostring-ftl.js
trunk/JSTests/stress/class-fields-to-property-key-slow-object-valueof-ftl.js
trunk/JSTests/stress/class-fields-to-property-key-string-object-ftl.js
trunk/JSTests/stress/class-fields-to-property-key-string-or-string-object-ftl.js




Diff

Modified: trunk/JSTests/ChangeLog (254800 => 254801)

--- trunk/JSTests/ChangeLog	2020-01-18 20:35:11 UTC (rev 254800)
+++ trunk/JSTests/ChangeLog	2020-01-18 23:14:31 UTC (rev 254801)
@@ -1,3 +1,17 @@
+2020-01-18  Caitlin Potter  
+
+[JSC] add DFG/FTL support for op_to_property_key
+https://bugs.webkit.org/show_bug.cgi?id=206368
+
+Reviewed by Saam Barati.
+
+* stress/class-fields-to-property-key-const-string-ftl.js: Added.
+* stress/class-fields-to-property-key-const-symbol-ftl.js: Added.
+* stress/class-fields-to-property-key-slow-object-tostring-ftl.js: Added.
+* stress/class-fields-to-property-key-slow-object-valueof-ftl.js: Added.
+* stress/class-fields-to-property-key-string-object-ftl.js: Added.
+* stress/class-fields-to-property-key-string-or-string-object-ftl.js: Added.
+
 2020-01-17  Saam Barati  
 
 Air O0 should have better stack allocation


Added: trunk/JSTests/stress/class-fields-to-property-key-const-string-ftl.js (0 => 254801)

--- trunk/JSTests/stress/class-fields-to-property-key-const-string-ftl.js	(rev 0)

[webkit-changes] [244330] trunk

2019-04-16 Thread caitp 
Title: [244330] trunk








Revision 244330
Author ca...@igalia.com
Date 2019-04-16 08:58:59 -0700 (Tue, 16 Apr 2019)


Log Message
[JSC] Filter DontEnum properties in ProxyObject::getOwnPropertyNames()
https://bugs.webkit.org/show_bug.cgi?id=176810

Reviewed by Saam Barati.

JSTests:

Add tests for the DontEnum filtering, and variations of other tests
take the DontEnum-filtering path.

* stress/proxy-own-keys.js:
(i.catch):
(set assert):
(set add):
(let.set new):
(get let):

Source/_javascript_Core:

This adds conditional logic following the invariant checks, to perform
filtering in common uses of getOwnPropertyNames.

While this would ideally only be done in JSPropertyNameEnumerator, adding
the filtering to ProxyObject::performGetOwnPropertyNames maintains the
invariant that the EnumerationMode is properly followed.

This was originally rolled out in r244020, as DontEnum filtering code
in ObjectConstructor.cpp's ownPropertyKeys() had not been removed. It's
now redundant due to being handled in ProxyObject::getOwnPropertyNames().

* runtime/PropertyNameArray.h:
(JSC::PropertyNameArray::reset):
* runtime/ProxyObject.cpp:
(JSC::ProxyObject::performGetOwnPropertyNames):

Source/WebCore:

Previously, there was a comment here indicating uncertainty of whether it
was necessary to filter DontEnum properties explicitly or not. It turns
out that it was necessary in the case of JSC ProxyObjects.

This patch adds DontEnum filtering for ProxyObjects, however we continue
to explicitly filter them in JSDOMConvertRecord, which needs to use the
property descriptor after filtering. This change prevents observably
fetching the property descriptor twice per property.

* bindings/js/JSDOMConvertRecord.h:

Modified Paths

trunk/JSTests/ChangeLog
trunk/JSTests/stress/proxy-own-keys.js
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/runtime/ObjectConstructor.cpp
trunk/Source/_javascript_Core/runtime/PropertyNameArray.h
trunk/Source/_javascript_Core/runtime/ProxyObject.cpp
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/bindings/js/JSDOMConvertRecord.h




Diff

Modified: trunk/JSTests/ChangeLog (244329 => 244330)

--- trunk/JSTests/ChangeLog	2019-04-16 09:41:00 UTC (rev 244329)
+++ trunk/JSTests/ChangeLog	2019-04-16 15:58:59 UTC (rev 244330)
@@ -1,3 +1,20 @@
+2019-04-16  Caitlin Potter  
+
+[JSC] Filter DontEnum properties in ProxyObject::getOwnPropertyNames()
+https://bugs.webkit.org/show_bug.cgi?id=176810
+
+Reviewed by Saam Barati.
+
+Add tests for the DontEnum filtering, and variations of other tests
+take the DontEnum-filtering path.
+
+* stress/proxy-own-keys.js:
+(i.catch):
+(set assert):
+(set add):
+(let.set new):
+(get let):
+
 2019-04-15  Saam barati  
 
 Modify how we do SetArgument when we inline varargs calls


Modified: trunk/JSTests/stress/proxy-own-keys.js (244329 => 244330)

--- trunk/JSTests/stress/proxy-own-keys.js	2019-04-16 09:41:00 UTC (rev 244329)
+++ trunk/JSTests/stress/proxy-own-keys.js	2019-04-16 15:58:59 UTC (rev 244330)
@@ -135,6 +135,22 @@
 assert(called);
 called = false;
 }
+
+for (let i = 0; i < 500; i++) {
+let threw = false;
+let foundKey = false;
+try {
+for (let k in proxy)
+foundKey = true;
+} catch(e) {
+threw = true;
+assert(e.toString() === "TypeError: Proxy object's non-extensible 'target' has configurable property 'x' that was not in the result from the 'ownKeys' trap");
+assert(!foundKey);
+}
+assert(threw);
+assert(called);
+called = false;
+}
 }
 
 {
@@ -166,6 +182,22 @@
 assert(called);
 called = false;
 }
+
+for (let i = 0; i < 500; i++) {
+let threw = false;
+let reached = false;
+try {
+for (let k in proxy)
+reached = true;
+} catch (e) {
+threw = true;
+assert(e.toString() === "TypeError: Proxy handler's 'ownKeys' method returned a key that was not present in its non-extensible target");
+}
+assert(threw);
+assert(called);
+assert(!reached);
+called = false;
+}
 }
 
 {
@@ -667,3 +699,68 @@
 error = null;
 }
 }
+
+{
+let error = null;
+let s1 = Symbol();
+let s2 = Symbol();
+let target = Object.defineProperties({}, {
+x: {
+value: "X",
+enumerable: true,
+configurable: true,
+},
+dontEnum1: {
+value: "dont-enum",
+enumerable: false,
+configurable: true,
+},
+y: {
+get() { return "Y"; },
+enumerable: true,
+configurable: true,
+},
+dontEnum2: {
+get() { return "dont-enum-accessor" },
+enumerable: false,
+configurable: true
+

[webkit-changes] [243943] trunk

2019-04-05 Thread caitp 
Title: [243943] trunk








Revision 243943
Author ca...@igalia.com
Date 2019-04-05 14:28:10 -0700 (Fri, 05 Apr 2019)


Log Message
[JSC] Filter DontEnum properties in ProxyObject::getOwnPropertyNames()
https://bugs.webkit.org/show_bug.cgi?id=176810

Reviewed by Saam Barati.

JSTests:

Add tests for the DontEnum filtering, and variations of other tests
take the DontEnum-filtering path.

* stress/proxy-own-keys.js:
(i.catch):
(set assert):
(set add):
(let.set new):
(get let):

Source/_javascript_Core:

This adds conditional logic following the invariant checks, to perform
filtering in common uses of getOwnPropertyNames.

While this would ideally only be done in JSPropertyNameEnumerator, adding
the filtering to ProxyObject::performGetOwnPropertyNames maintains the
invariant that the EnumerationMode is properly followed.

* runtime/PropertyNameArray.h:
(JSC::PropertyNameArray::reset):
* runtime/ProxyObject.cpp:
(JSC::ProxyObject::performGetOwnPropertyNames):

Source/WebCore:

Previously, there was a comment here indicating uncertainty of whether it
was necessary to filter DontEnum properties explicitly or not. It turns
out that it was necessary in the case of JSC ProxyObjects.

This patch adds DontEnum filtering for ProxyObjects, however we continue
to explicitly filter them in JSDOMConvertRecord, which needs to use the
property descriptor after filtering. This change prevents observably
fetching the property descriptor twice per property.

* bindings/js/JSDOMConvertRecord.h:

Modified Paths

trunk/JSTests/ChangeLog
trunk/JSTests/stress/proxy-own-keys.js
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/runtime/PropertyNameArray.h
trunk/Source/_javascript_Core/runtime/ProxyObject.cpp
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/bindings/js/JSDOMConvertRecord.h




Diff

Modified: trunk/JSTests/ChangeLog (243942 => 243943)

--- trunk/JSTests/ChangeLog	2019-04-05 21:13:47 UTC (rev 243942)
+++ trunk/JSTests/ChangeLog	2019-04-05 21:28:10 UTC (rev 243943)
@@ -1,5 +1,22 @@
 2019-04-05  Caitlin Potter  
 
+[JSC] Filter DontEnum properties in ProxyObject::getOwnPropertyNames()
+https://bugs.webkit.org/show_bug.cgi?id=176810
+
+Reviewed by Saam Barati.
+
+Add tests for the DontEnum filtering, and variations of other tests
+take the DontEnum-filtering path.
+
+* stress/proxy-own-keys.js:
+(i.catch):
+(set assert):
+(set add):
+(let.set new):
+(get let):
+
+2019-04-05  Caitlin Potter  
+
 [JSC] throw if 'ownKeys' Proxy trap result contains duplicate keys
 https://bugs.webkit.org/show_bug.cgi?id=185211
 


Modified: trunk/JSTests/stress/proxy-own-keys.js (243942 => 243943)

--- trunk/JSTests/stress/proxy-own-keys.js	2019-04-05 21:13:47 UTC (rev 243942)
+++ trunk/JSTests/stress/proxy-own-keys.js	2019-04-05 21:28:10 UTC (rev 243943)
@@ -135,6 +135,22 @@
 assert(called);
 called = false;
 }
+
+for (let i = 0; i < 500; i++) {
+let threw = false;
+let foundKey = false;
+try {
+for (let k in proxy)
+foundKey = true;
+} catch(e) {
+threw = true;
+assert(e.toString() === "TypeError: Proxy object's non-extensible 'target' has configurable property 'x' that was not in the result from the 'ownKeys' trap");
+assert(!foundKey);
+}
+assert(threw);
+assert(called);
+called = false;
+}
 }
 
 {
@@ -166,6 +182,22 @@
 assert(called);
 called = false;
 }
+
+for (let i = 0; i < 500; i++) {
+let threw = false;
+let reached = false;
+try {
+for (let k in proxy)
+reached = true;
+} catch (e) {
+threw = true;
+assert(e.toString() === "TypeError: Proxy handler's 'ownKeys' method returned a key that was not present in its non-extensible target");
+}
+assert(threw);
+assert(called);
+assert(!reached);
+called = false;
+}
 }
 
 {
@@ -667,3 +699,68 @@
 error = null;
 }
 }
+
+{
+let error = null;
+let s1 = Symbol();
+let s2 = Symbol();
+let target = Object.defineProperties({}, {
+x: {
+value: "X",
+enumerable: true,
+configurable: true,
+},
+dontEnum1: {
+value: "dont-enum",
+enumerable: false,
+configurable: true,
+},
+y: {
+get() { return "Y"; },
+enumerable: true,
+configurable: true,
+},
+dontEnum2: {
+get() { return "dont-enum-accessor" },
+enumerable: false,
+configurable: true
+},
+[s1]: {
+value: "s1",
+enumerable: true,
+configurable: true,
+},
+[s2]: {
+value: "dont-enum-symbol",
+enumerable:

[webkit-changes] [243933] trunk

2019-04-05 Thread caitp 
Title: [243933] trunk








Revision 243933
Author ca...@igalia.com
Date 2019-04-05 06:45:08 -0700 (Fri, 05 Apr 2019)


Log Message
JSTests:
[JSC] throw if 'ownKeys' Proxy trap result contains duplicate keys
https://bugs.webkit.org/show_bug.cgi?id=185211

Reviewed by Saam Barati.

This is for the normative spec change in https://github.com/tc39/ecma262/pull/833

This changes several assertions to expect a TypeError to be thrown (in some cases,
changing thee expected message).

* es6/Proxy_ownKeys_duplicates.js:
(handler):
(shouldThrow):
(test):
* stress/Object_static_methods_Object.getOwnPropertyDescriptors-proxy.js:
(shouldThrow):
* stress/proxy-own-keys.js:
(i.catch):
(assert):

LayoutTests/imported/w3c:
[JSC] throw if 'ownKeys' Proxy trap result contains duplicate keys
https://bugs.webkit.org/show_bug.cgi?id=185211

Reviewed by Saam Barati.

This is for the normative spec change in https://github.com/tc39/ecma262/pull/833

Change some test expectations which were previously expected to fail.

* web-platform-tests/fetch/api/headers/headers-record-expected.txt:

Source/_javascript_Core:
[JSC] throw if ownKeys Proxy trap result contains duplicate keys
https://bugs.webkit.org/show_bug.cgi?id=185211

Reviewed by Saam Barati.

Implements the normative spec change in https://github.com/tc39/ecma262/pull/833

This involves tracking duplicate keys returned from the ownKeys trap in yet
another HashTable, and may incur a minor performance penalty in some cases. This
is not expected to significantly affect web performance.

* runtime/ProxyObject.cpp:
(JSC::ProxyObject::performGetOwnPropertyNames):

Modified Paths

trunk/JSTests/ChangeLog
trunk/JSTests/es6/Proxy_ownKeys_duplicates.js
trunk/JSTests/stress/Object_static_methods_Object.getOwnPropertyDescriptors-proxy.js
trunk/JSTests/stress/proxy-own-keys.js
trunk/LayoutTests/imported/w3c/ChangeLog
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/headers/headers-record-expected.txt
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/runtime/ProxyObject.cpp




Diff

Modified: trunk/JSTests/ChangeLog (243932 => 243933)

--- trunk/JSTests/ChangeLog	2019-04-05 12:42:44 UTC (rev 243932)
+++ trunk/JSTests/ChangeLog	2019-04-05 13:45:08 UTC (rev 243933)
@@ -1,3 +1,25 @@
+2019-04-05  Caitlin Potter  
+
+[JSC] throw if 'ownKeys' Proxy trap result contains duplicate keys
+https://bugs.webkit.org/show_bug.cgi?id=185211
+
+Reviewed by Saam Barati.
+
+This is for the normative spec change in https://github.com/tc39/ecma262/pull/833
+
+This changes several assertions to expect a TypeError to be thrown (in some cases,
+changing thee expected message).
+
+* es6/Proxy_ownKeys_duplicates.js:
+(handler):
+(shouldThrow):
+(test):
+* stress/Object_static_methods_Object.getOwnPropertyDescriptors-proxy.js:
+(shouldThrow):
+* stress/proxy-own-keys.js:
+(i.catch):
+(assert):
+
 2019-04-04  Yusuke Suzuki  
 
 [JSC] makeBoundFunction should not assume incoming "length" value is Int32 because it performs some calculation in bytecode


Modified: trunk/JSTests/es6/Proxy_ownKeys_duplicates.js (243932 => 243933)

--- trunk/JSTests/es6/Proxy_ownKeys_duplicates.js	2019-04-05 12:42:44 UTC (rev 243932)
+++ trunk/JSTests/es6/Proxy_ownKeys_duplicates.js	2019-04-05 13:45:08 UTC (rev 243933)
@@ -1,30 +1,51 @@
+function handler(key) {
+return {
+getOwnPropertyDescriptor(t, n) {
+// Required to prevent Object.keys() from discarding results
+return {
+enumerable: true,
+configurable: true,
+};
+},
+ownKeys(t) {
+return [key, key];
+}
+};
+}
+
+function shouldThrow(op, errorConstructor, desc) {
+try {
+op();
+} catch (e) {
+if (!(e instanceof errorConstructor)) {
+throw new Error(`threw ${e}, but should have thrown ${errorConstructor.name}`);
+}
+return;
+}
+throw new Error(`Expected ${desc || 'operation'} to throw ${errorConstructor.name}, but no exception thrown`);
+}
+
 function test() {
 
 var symbol = Symbol("test");
-var proxy = new Proxy({}, {
-getOwnPropertyDescriptor(t, n) {
-// Required to prevent Object.keys() from discarding results
-return {
-enumerable: true,
-configurable: true
-};
-},
-ownKeys: function (t) {
-return ["A", "A", "0", "0", symbol, symbol];
-}
-});
-var keys = Object.keys(proxy);
-var names = Object.getOwnPropertyNames(proxy);
-var symbols = Object.getOwnPropertySymbols(proxy);
+var proxyNamed = new Proxy({}, handler("A"));
+var proxyIndexed = new Proxy({}, handler(0));
+var proxySymbol = new Proxy({}, handler(symbol));
 
-if (keys.length === 4 && keys[0] === keys[1] && keys[2] === keys[3] &&
-keys[0] === "A" && keys[2] === "0" &&
-names.length === 4 && names[0] ===

[webkit-changes] [233037] trunk/Tools

2018-06-21 Thread caitp 
Title: [233037] trunk/Tools








Revision 233037
Author ca...@igalia.com
Date 2018-06-21 06:57:50 -0700 (Thu, 21 Jun 2018)


Log Message
[Tools] add a --debug option to test262/Runner.pm for buildbots
https://bugs.webkit.org/show_bug.cgi?id=186113

Reviewed by Michael Saboff.

test262-runner runs Debug builds by default, but this allows us to be
explicit about it in buildbots.

* Scripts/test262/Runner.pm:
(processCLI):

Modified Paths

trunk/Tools/ChangeLog
trunk/Tools/Scripts/test262/Runner.pm




Diff

Modified: trunk/Tools/ChangeLog (233036 => 233037)

--- trunk/Tools/ChangeLog	2018-06-21 13:37:05 UTC (rev 233036)
+++ trunk/Tools/ChangeLog	2018-06-21 13:57:50 UTC (rev 233037)
@@ -1,3 +1,16 @@
+2018-06-21  Caitlin Potter  
+
+[Tools] add a --debug option to test262/Runner.pm for buildbots
+https://bugs.webkit.org/show_bug.cgi?id=186113
+
+Reviewed by Michael Saboff.
+
+test262-runner runs Debug builds by default, but this allows us to be
+explicit about it in buildbots.
+
+* Scripts/test262/Runner.pm:
+(processCLI):
+
 2018-06-21  Carlos Garcia Campos  
 
 run-gtk-tests (glib/common.py) cannot determine build directory when webKitBranchBuild=true


Modified: trunk/Tools/Scripts/test262/Runner.pm (233036 => 233037)

--- trunk/Tools/Scripts/test262/Runner.pm	2018-06-21 13:37:05 UTC (rev 233036)
+++ trunk/Tools/Scripts/test262/Runner.pm	2018-06-21 13:57:50 UTC (rev 233037)
@@ -131,6 +131,7 @@
 'p|child-processes=i' => \$maxProcesses,
 'h|help' => \$help,
 'release' => \$release,
+'debug' => sub { $release = 0; },
 'v|verbose' => \$verbose,
 'f|features=s@' => \@features,
 'c|config=s' => \$configFile,
@@ -1229,6 +1230,10 @@
 
 Use the Release build of JSC. Can only use if --jsc  is not provided. The Debug build of JSC is used by default.
 
+=item B<--debug>
+
+Use the Debug build of JSC. Can only use if --jsc  is not provided. Negates the --release option.
+
 =item B<--verbose, -v>
 
 Verbose output for test results. Includes error message for test.






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [232816] trunk/Source/JavaScriptCore

2018-06-13 Thread caitp 
Title: [232816] trunk/Source/_javascript_Core








Revision 232816
Author ca...@igalia.com
Date 2018-06-13 15:51:29 -0700 (Wed, 13 Jun 2018)


Log Message
[LLInt] use loadp consistently for get_from_scope/put_to_scope
https://bugs.webkit.org/show_bug.cgi?id=132333

Reviewed by Mark Lam.

Using `loadis` for register indexes and `loadp` for constant scopes /
symboltables makes sense, but is problematic for big-endian
architectures.

Consistently treating the operand as a pointer simplifies determining
how to access the operand, and helps avoid bad accesses and crashes on
big-endian ports.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finishCreation):
* bytecode/Instruction.h:
* jit/JITOperations.cpp:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/CommonSlowPaths.h:
(JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
(JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp
trunk/Source/_javascript_Core/bytecode/Instruction.h
trunk/Source/_javascript_Core/jit/JITOperations.cpp
trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp
trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm
trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm
trunk/Source/_javascript_Core/runtime/CommonSlowPaths.h




Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (232815 => 232816)

--- trunk/Source/_javascript_Core/ChangeLog	2018-06-13 22:22:07 UTC (rev 232815)
+++ trunk/Source/_javascript_Core/ChangeLog	2018-06-13 22:51:29 UTC (rev 232816)
@@ -1,3 +1,30 @@
+2018-06-13  Caitlin Potter  
+
+[LLInt] use loadp consistently for get_from_scope/put_to_scope
+https://bugs.webkit.org/show_bug.cgi?id=132333
+
+Reviewed by Mark Lam.
+
+Using `loadis` for register indexes and `loadp` for constant scopes /
+symboltables makes sense, but is problematic for big-endian
+architectures.
+
+Consistently treating the operand as a pointer simplifies determining
+how to access the operand, and helps avoid bad accesses and crashes on
+big-endian ports.
+
+* bytecode/CodeBlock.cpp:
+(JSC::CodeBlock::finishCreation):
+* bytecode/Instruction.h:
+* jit/JITOperations.cpp:
+* llint/LLIntSlowPaths.cpp:
+(JSC::LLInt::LLINT_SLOW_PATH_DECL):
+* llint/LowLevelInterpreter32_64.asm:
+* llint/LowLevelInterpreter64.asm:
+* runtime/CommonSlowPaths.h:
+(JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
+(JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
+
 2018-06-13  Keith Miller  
 
 AutomaticThread should have a way to provide a thread name


Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (232815 => 232816)

--- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp	2018-06-13 22:22:07 UTC (rev 232815)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp	2018-06-13 22:51:29 UTC (rev 232816)
@@ -694,7 +694,7 @@
 instructions[i + 5].u.watchpointSet = op.watchpointSet;
 else if (op.structure)
 instructions[i + 5].u.structure.set(vm, this, op.structure);
-instructions[i + 6].u.pointer = reinterpret_cast(op.operand);
+instructions[i + 6].u.operandPointer = op.operand;
 break;
 }
 
@@ -731,7 +731,7 @@
 op.watchpointSet->invalidate(vm, PutToScopeFireDetail(this, ident));
 } else if (op.structure)
 instructions[i + 5].u.structure.set(vm, this, op.structure);
-instructions[i + 6].u.pointer = reinterpret_cast(op.operand);
+instructions[i + 6].u.operandPointer = op.operand;
 
 break;
 }


Modified: trunk/Source/_javascript_Core/bytecode/Instruction.h (232815 => 232816)

--- trunk/Source/_javascript_Core/bytecode/Instruction.h	2018-06-13 22:22:07 UTC (rev 232815)
+++ trunk/Source/_javascript_Core/bytecode/Instruction.h	2018-06-13 22:51:29 UTC (rev 232816)
@@ -123,6 +123,7 @@
 Opcode opcode;
 int operand;
 unsigned unsignedValue;
+intptr_t operandPointer;
 WriteBarrierBase structure;
 StructureID structureID;
 WriteBarrierBase symbolTable;


Modified: trunk/Source/_javascript_Core/jit/JITOperations.cpp (232815 => 232816)

--- trunk/Source/_javascript_Core/jit/JITOperations.cpp	2018-06-13 22:22:07 UTC (rev 232815)
+++ trunk/Source/_javascript_Core/jit/JITOperations.cpp	2018-06-13 22:51:29 UTC (rev 232816)
@@ -2381,7 +2381,7 @@
 
 if (getPutInfo.resolveType() == LocalClosureVar) {
 JSLexicalEnvironment* environment = jsCast(scope);
-environment->variableAt(ScopeOffset(pc[6].u.operand)).set(vm, environment, value);
+environment->variableAt(ScopeOffset(pc[6].u.operandPointer)).set(vm, environment, value);

[webkit-changes] [232282] trunk/JSTests

2018-05-29 Thread caitp 
Title: [232282] trunk/JSTests








Revision 232282
Author ca...@igalia.com
Date 2018-05-29 17:40:28 -0700 (Tue, 29 May 2018)


Log Message
[JSTests] update test262 expectations after r232261
https://bugs.webkit.org/show_bug.cgi?id=184267

Reviewed by Saam Barati.

* test262/expectations.yaml:

Modified Paths

trunk/JSTests/ChangeLog
trunk/JSTests/test262/expectations.yaml




Diff

Modified: trunk/JSTests/ChangeLog (232281 => 232282)

--- trunk/JSTests/ChangeLog	2018-05-30 00:18:39 UTC (rev 232281)
+++ trunk/JSTests/ChangeLog	2018-05-30 00:40:28 UTC (rev 232282)
@@ -1,3 +1,12 @@
+2018-05-29  Caitlin Potter  
+
+[JSTests] update test262 expectations after r232261
+https://bugs.webkit.org/show_bug.cgi?id=184267
+
+Reviewed by Saam Barati.
+
+* test262/expectations.yaml:
+
 2018-05-29  Caio Lima  
 
 [ESNext][BigInt] Implement support for "<" and ">" relational operation


Modified: trunk/JSTests/test262/expectations.yaml (232281 => 232282)

--- trunk/JSTests/test262/expectations.yaml	2018-05-30 00:18:39 UTC (rev 232281)
+++ trunk/JSTests/test262/expectations.yaml	2018-05-30 00:40:28 UTC (rev 232282)
@@ -624,12 +624,6 @@
 test/built-ins/Array/proto-from-ctor-realm.js:
   default: 'Test262Error: Expected SameValue(«», «») to be true'
   strict mode: 'Test262Error: Expected SameValue(«», «») to be true'
-test/built-ins/Array/prototype/concat/is-concat-spreadable-is-array-proxy-revoked.js:
-  default: 'Test262Error: Expected a TypeError to be thrown but no exception was thrown at all'
-  strict mode: 'Test262Error: Expected a TypeError to be thrown but no exception was thrown at all'
-test/built-ins/Array/prototype/concat/is-concat-spreadable-proxy.js:
-  default: 'Test262Error: Proxy for an array Expected SameValue(«1», «0») to be true'
-  strict mode: 'Test262Error: Proxy for an array Expected SameValue(«1», «0») to be true'
 test/built-ins/Array/prototype/filter/target-array-with-non-writable-property.js:
   default: 'TypeError: Attempted to assign to readonly property.'
   strict mode: 'TypeError: Attempted to assign to readonly property.'






___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [232261] trunk

2018-05-29 Thread caitp 
Title: [232261] trunk








Revision 232261
Author ca...@igalia.com
Date 2018-05-29 09:56:29 -0700 (Tue, 29 May 2018)


Log Message
[JSC] Fix Array.prototype.concat fast case when single argument is Proxy
https://bugs.webkit.org/show_bug.cgi?id=184267

Reviewed by Saam Barati.

JSTests:

* stress/array-concat-fast-spread-proxy.js: Copied from JSTests/stress/array-concat-spread-proxy.js.
(arrayEq):
(catch):
* stress/array-concat-spread-proxy.js:

Source/_javascript_Core:

Before this patch, the fast case for Array.prototype.concat was taken if
there was a single argument passed to the function, which is either a
non-JSCell, or an ObjectType JSCell not marked as concat-spreadable.
This incorrectly prevented Proxy objects from being spread when
they were the only argument passed to A.prototype.concat(), violating ECMA-262.

* builtins/ArrayPrototype.js:
(concat):

Modified Paths

trunk/JSTests/ChangeLog
trunk/JSTests/stress/array-concat-spread-proxy.js
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/builtins/ArrayPrototype.js


Added Paths

trunk/JSTests/stress/array-concat-fast-spread-proxy.js




Diff

Modified: trunk/JSTests/ChangeLog (232260 => 232261)

--- trunk/JSTests/ChangeLog	2018-05-29 16:50:12 UTC (rev 232260)
+++ trunk/JSTests/ChangeLog	2018-05-29 16:56:29 UTC (rev 232261)
@@ -1,3 +1,15 @@
+2018-05-29  Caitlin Potter  
+
+[JSC] Fix Array.prototype.concat fast case when single argument is Proxy
+https://bugs.webkit.org/show_bug.cgi?id=184267
+
+Reviewed by Saam Barati.
+
+* stress/array-concat-fast-spread-proxy.js: Copied from JSTests/stress/array-concat-spread-proxy.js.
+(arrayEq):
+(catch):
+* stress/array-concat-spread-proxy.js:
+
 2018-05-27  Caio Lima  
 
 [ESNext][BigInt] Implement "+" and "-" unary operation


Copied: trunk/JSTests/stress/array-concat-fast-spread-proxy.js (from rev 232260, trunk/JSTests/stress/array-concat-spread-proxy.js) (0 => 232261)

--- trunk/JSTests/stress/array-concat-fast-spread-proxy.js	(rev 0)
+++ trunk/JSTests/stress/array-concat-fast-spread-proxy.js	2018-05-29 16:56:29 UTC (rev 232261)
@@ -0,0 +1,41 @@
+// This file tests is concat spreadable when taking the fast path
+// (single argument, JSArray receiver)
+
+function arrayEq(a, b) {
+if (a.length !== b.length)
+return false;
+for (let i = 0; i < a.length; i++) {
+if (a[i] !== b[i])
+return false;
+}
+return true;
+}
+
+
+{
+let array = [1,2,3];
+let {proxy:p, revoke} = Proxy.revocable([4, 5], {});
+
+// Test it works with proxies by default
+for (let i = 0; i < 1; i++) {
+if (!arrayEq(Array.prototype.concat.call(array, p), [1,2,3,4,5]))
+throw "failed normally with a proxy"
+}
+
+// Test it works with spreadable false.
+p[Symbol.isConcatSpreadable] = false;
+for (let i = 0; i < 1; i++) {
+if (!arrayEq(Array.prototype.concat.call(array,p), [1,2,3,p]))
+throw "failed with no spread"
+}
+
+p[Symbol.isConcatSpreadable] = undefined;
+revoke();
+passed = true;
+try {
+Array.prototype.concat.call(array,p);
+passed = false;
+} catch (e) { }
+if (!passed)
+throw "failed to throw spreading revoked proxy";
+}


Modified: trunk/JSTests/stress/array-concat-spread-proxy.js (232260 => 232261)

--- trunk/JSTests/stress/array-concat-spread-proxy.js	2018-05-29 16:50:12 UTC (rev 232260)
+++ trunk/JSTests/stress/array-concat-spread-proxy.js	2018-05-29 16:56:29 UTC (rev 232261)
@@ -35,5 +35,6 @@
 Array.prototype.concat.call(p,[]);
 passed = false;
 } catch (e) { }
-
+if (!passed)
+throw "failed to throw spreading revoked proxy";
 }


Modified: trunk/Source/_javascript_Core/ChangeLog (232260 => 232261)

--- trunk/Source/_javascript_Core/ChangeLog	2018-05-29 16:50:12 UTC (rev 232260)
+++ trunk/Source/_javascript_Core/ChangeLog	2018-05-29 16:56:29 UTC (rev 232261)
@@ -1,3 +1,19 @@
+2018-05-29  Caitlin Potter  
+
+[JSC] Fix Array.prototype.concat fast case when single argument is Proxy
+https://bugs.webkit.org/show_bug.cgi?id=184267
+
+Reviewed by Saam Barati.
+
+Before this patch, the fast case for Array.prototype.concat was taken if
+there was a single argument passed to the function, which is either a
+non-JSCell, or an ObjectType JSCell not marked as concat-spreadable.
+This incorrectly prevented Proxy objects from being spread when
+they were the only argument passed to A.prototype.concat(), violating ECMA-262.
+
+* builtins/ArrayPrototype.js:
+(concat):
+
 2018-05-27  Yusuke Suzuki  
 
 [JSC] JSBigInt::digitDiv has undefined behavior which causes test failures


Modified: trunk/Source/_javascript_Core/builtins/ArrayPrototype.js (232260 => 232261)

--- trunk/Source/_javascript_Core/builtins/ArrayPrototype.js	2018-05-29 16:50:12

[webkit-changes] [229608] trunk

2018-03-14 Thread caitp 
Title: [229608] trunk








Revision 229608
Author ca...@igalia.com
Date 2018-03-14 13:00:21 -0700 (Wed, 14 Mar 2018)


Log Message
[JSC] fix order of evaluation for ClassDefinitionEvaluation
https://bugs.webkit.org/show_bug.cgi?id=183523

Reviewed by Keith Miller.

Computed property names need to be evaluated in source order during class
definition evaluation, as it's observable (and specified to work this way).

This change improves compatibility with Chromium.

JSTests:

* stress/class_elements.js: Added.
(test):
(test.C.prototype.effect):
(test.C.effect):
(test.C.prototype.get effect):
(test.C.prototype.set effect):
(test.C):

Source/_javascript_Core:

* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::emitDefineClassElements):
* bytecompiler/NodesCodegen.cpp:
(JSC::PropertyListNode::emitBytecode):
(JSC::ClassExprNode::emitBytecode):
* parser/ASTBuilder.h:
(JSC::ASTBuilder::createClassExpr):
(JSC::ASTBuilder::createGetterOrSetterProperty):
(JSC::ASTBuilder::createProperty):
* parser/NodeConstructors.h:
(JSC::PropertyNode::PropertyNode):
(JSC::ClassExprNode::ClassExprNode):
* parser/Nodes.cpp:
(JSC::PropertyListNode::hasStaticallyNamedProperty):
* parser/Nodes.h:
(JSC::PropertyNode::isClassProperty const):
(JSC::PropertyNode::isStaticClassProperty const):
(JSC::PropertyNode::isInstanceClassProperty const):
* parser/Parser.cpp:
(JSC::Parser::parseClass):
(JSC::Parser::parseProperty):
(JSC::Parser::parseGetterSetter):
* parser/Parser.h:
* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::createClassExpr):
(JSC::SyntaxChecker::createProperty):
(JSC::SyntaxChecker::createGetterOrSetterProperty):

Modified Paths

trunk/JSTests/ChangeLog
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.h
trunk/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp
trunk/Source/_javascript_Core/parser/ASTBuilder.h
trunk/Source/_javascript_Core/parser/NodeConstructors.h
trunk/Source/_javascript_Core/parser/Nodes.cpp
trunk/Source/_javascript_Core/parser/Nodes.h
trunk/Source/_javascript_Core/parser/Parser.cpp
trunk/Source/_javascript_Core/parser/Parser.h
trunk/Source/_javascript_Core/parser/SyntaxChecker.h


Added Paths

trunk/JSTests/stress/class_elements.js




Diff

Modified: trunk/JSTests/ChangeLog (229607 => 229608)

--- trunk/JSTests/ChangeLog	2018-03-14 19:54:28 UTC (rev 229607)
+++ trunk/JSTests/ChangeLog	2018-03-14 20:00:21 UTC (rev 229608)
@@ -1,3 +1,23 @@
+2018-03-14  Caitlin Potter  
+
+[JSC] fix order of evaluation for ClassDefinitionEvaluation
+https://bugs.webkit.org/show_bug.cgi?id=183523
+
+Reviewed by Keith Miller.
+
+Computed property names need to be evaluated in source order during class
+definition evaluation, as it's observable (and specified to work this way).
+
+This change improves compatibility with Chromium.
+
+* stress/class_elements.js: Added.
+(test):
+(test.C.prototype.effect):
+(test.C.effect):
+(test.C.prototype.get effect):
+(test.C.prototype.set effect):
+(test.C):
+
 2018-03-11  Yusuke Suzuki  
 
 [DFG] AI should convert CreateThis to NewObject if the prototype object is proved


Added: trunk/JSTests/stress/class_elements.js (0 => 229608)

--- trunk/JSTests/stress/class_elements.js	(rev 0)
+++ trunk/JSTests/stress/class_elements.js	2018-03-14 20:00:21 UTC (rev 229608)
@@ -0,0 +1,24 @@
+function test() {
+
+let log = [];
+function effect(desc) { log.push(desc); return desc; }
+
+class C {
+  [effect("instance#1")]() {}
+  static [effect("static#2")]() {}
+  get [effect("instanceGetter#3")]() {}
+  static get [effect("staticGetter#4")]() {}
+  set [effect("instanceSetter#5")](v) {}
+  static [effect("staticSetter#6")](v) {}
+}
+
+return log[0] === "instance#1" &&
+   log[1] === "static#2" &&
+   log[2] === "instanceGetter#3" &&
+   log[3] === "staticGetter#4" &&
+   log[4] === "instanceSetter#5" &&
+   log[5] === "staticSetter#6";
+}
+
+if (!test())
+throw new Error("Test failed");
\ No newline at end of file


Modified: trunk/Source/_javascript_Core/ChangeLog (229607 => 229608)

--- trunk/Source/_javascript_Core/ChangeLog	2018-03-14 19:54:28 UTC (rev 229607)
+++ trunk/Source/_javascript_Core/ChangeLog	2018-03-14 20:00:21 UTC (rev 229608)
@@ -1,3 +1,43 @@
+2018-03-14  Caitlin Potter  
+
+[JSC] fix order of evaluation for ClassDefinitionEvaluation
+https://bugs.webkit.org/show_bug.cgi?id=183523
+
+Reviewed by Keith Miller.
+
+Computed property names need to be evaluated in source order during class
+definition evaluation, as it's observable (and specified to work this way).
+
+This change improves compatibility with Chromium.
+
+* bytecompiler/BytecodeGenerator.h:
+(JSC::BytecodeGenerator::emitDefineClassElements):
+* bytecompiler/NodesCodegen.cpp:
+