Diff
Modified: branches/safari-605-branch/JSTests/ChangeLog (230731 => 230732)
--- branches/safari-605-branch/JSTests/ChangeLog 2018-04-17 22:14:58 UTC (rev 230731)
+++ branches/safari-605-branch/JSTests/ChangeLog 2018-04-17 22:15:03 UTC (rev 230732)
@@ -1,3 +1,55 @@
+2018-04-17 Kocsen Chung <kocsen_ch...@apple.com>
+
+ Cherry-pick r230662. rdar://problem/39496355
+
+ Function.prototype.caller shouldn't return generator bodies
+ https://bugs.webkit.org/show_bug.cgi?id=184630
+
+ Reviewed by Yusuke Suzuki.
+ JSTests:
+
+
+ * stress/function-caller-async-arrow-function-body.js: Added.
+ * stress/function-caller-async-function-body.js: Added.
+ * stress/function-caller-async-generator-body.js: Added.
+ * stress/function-caller-generator-body.js: Added.
+ * stress/function-caller-generator-method-body.js: Added.
+
+ Source/_javascript_Core:
+
+
+ Function.prototype.caller no longer returns generator bodies. Those are meant to be
+ private.
+
+ Also added some builtin debugging tools so that it's easier to do the investigation that I
+ did.
+
+ * builtins/BuiltinNames.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::callerGetter):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::init):
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncBuiltinDescribe):
+ * runtime/JSGlobalObjectFunctions.h:
+
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230662 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2018-04-14 Filip Pizlo <fpi...@apple.com>
+
+ Function.prototype.caller shouldn't return generator bodies
+ https://bugs.webkit.org/show_bug.cgi?id=184630
+
+ Reviewed by Yusuke Suzuki.
+
+ * stress/function-caller-async-arrow-function-body.js: Added.
+ * stress/function-caller-async-function-body.js: Added.
+ * stress/function-caller-async-generator-body.js: Added.
+ * stress/function-caller-generator-body.js: Added.
+ * stress/function-caller-generator-method-body.js: Added.
+
2018-04-10 Kocsen Chung <kocsen_ch...@apple.com>
Cherry-pick r230376. rdar://problem/39317885
Added: branches/safari-605-branch/JSTests/stress/function-caller-async-arrow-function-body.js (0 => 230732)
--- branches/safari-605-branch/JSTests/stress/function-caller-async-arrow-function-body.js (rev 0)
+++ branches/safari-605-branch/JSTests/stress/function-caller-async-arrow-function-body.js 2018-04-17 22:15:03 UTC (rev 230732)
@@ -0,0 +1,26 @@
+//@ runDefault
+
+(function thingy() {
+ function bar()
+ {
+ return bar.caller;
+ }
+
+ var ok = false;
+ var badError = null;
+ var foo = async () => {
+ try {
+ bar();
+ ok = true;
+ } catch (e) {
+ if (e.toString() != "TypeError: Function.caller used to retrieve async function body")
+ badError = e;
+ }
+ }
+
+ foo();
+ if (ok)
+ throw "Error: did not throw error";
+ if (badError)
+ throw "Bad error: " + badError;
+})();
Added: branches/safari-605-branch/JSTests/stress/function-caller-async-function-body.js (0 => 230732)
--- branches/safari-605-branch/JSTests/stress/function-caller-async-function-body.js (rev 0)
+++ branches/safari-605-branch/JSTests/stress/function-caller-async-function-body.js 2018-04-17 22:15:03 UTC (rev 230732)
@@ -0,0 +1,27 @@
+//@ runDefault
+
+(function thingy() {
+ function bar()
+ {
+ return bar.caller;
+ }
+
+ var ok = false;
+ var badError = null;
+ async function foo()
+ {
+ try {
+ bar();
+ ok = true;
+ } catch (e) {
+ if (e.toString() != "TypeError: Function.caller used to retrieve async function body")
+ badError = e;
+ }
+ }
+
+ foo();
+ if (ok)
+ throw "Error: did not throw error";
+ if (badError)
+ throw "Bad error: " + badError;
+})();
Added: branches/safari-605-branch/JSTests/stress/function-caller-async-generator-body.js (0 => 230732)
--- branches/safari-605-branch/JSTests/stress/function-caller-async-generator-body.js (rev 0)
+++ branches/safari-605-branch/JSTests/stress/function-caller-async-generator-body.js 2018-04-17 22:15:03 UTC (rev 230732)
@@ -0,0 +1,27 @@
+//@ runDefault
+
+(function thingy() {
+ function bar()
+ {
+ return bar.caller;
+ }
+
+ var ok = false;
+ var badError = null;
+ async function* foo()
+ {
+ try {
+ bar();
+ ok = true;
+ } catch (e) {
+ if (e.toString() != "TypeError: Function.caller used to retrieve generator body")
+ badError = e;
+ }
+ }
+
+ foo().next();
+ if (ok)
+ throw "Error: did not throw error";
+ if (badError)
+ throw "Bad error: " + badError;
+})();
Added: branches/safari-605-branch/JSTests/stress/function-caller-generator-body.js (0 => 230732)
--- branches/safari-605-branch/JSTests/stress/function-caller-generator-body.js (rev 0)
+++ branches/safari-605-branch/JSTests/stress/function-caller-generator-body.js 2018-04-17 22:15:03 UTC (rev 230732)
@@ -0,0 +1,24 @@
+//@ runDefault
+
+(function thingy() {
+ function bar()
+ {
+ return bar.caller;
+ }
+
+ function* foo()
+ {
+ bar();
+ }
+
+ var ok = false;
+ try {
+ foo().next();
+ ok = true;
+ } catch (e) {
+ if (e.toString() != "TypeError: Function.caller used to retrieve generator body")
+ throw "Error: bad error: " + e;
+ }
+ if (ok)
+ throw "Error: did not throw error";
+})();
Added: branches/safari-605-branch/JSTests/stress/function-caller-generator-method-body.js (0 => 230732)
--- branches/safari-605-branch/JSTests/stress/function-caller-generator-method-body.js (rev 0)
+++ branches/safari-605-branch/JSTests/stress/function-caller-generator-method-body.js 2018-04-17 22:15:03 UTC (rev 230732)
@@ -0,0 +1,26 @@
+//@ runDefault
+
+(function thingy() {
+ function bar()
+ {
+ return bar.caller;
+ }
+
+ class C {
+ *foo()
+ {
+ bar();
+ }
+ }
+
+ var ok = false;
+ try {
+ new C().foo().next();
+ ok = true;
+ } catch (e) {
+ if (e.toString() != "TypeError: Function.caller used to retrieve generator body")
+ throw "Error: bad error: " + e;
+ }
+ if (ok)
+ throw "Error: did not throw error";
+})();
Modified: branches/safari-605-branch/Source/_javascript_Core/ChangeLog (230731 => 230732)
--- branches/safari-605-branch/Source/_javascript_Core/ChangeLog 2018-04-17 22:14:58 UTC (rev 230731)
+++ branches/safari-605-branch/Source/_javascript_Core/ChangeLog 2018-04-17 22:15:03 UTC (rev 230732)
@@ -1,3 +1,64 @@
+2018-04-17 Kocsen Chung <kocsen_ch...@apple.com>
+
+ Cherry-pick r230662. rdar://problem/39496355
+
+ Function.prototype.caller shouldn't return generator bodies
+ https://bugs.webkit.org/show_bug.cgi?id=184630
+
+ Reviewed by Yusuke Suzuki.
+ JSTests:
+
+
+ * stress/function-caller-async-arrow-function-body.js: Added.
+ * stress/function-caller-async-function-body.js: Added.
+ * stress/function-caller-async-generator-body.js: Added.
+ * stress/function-caller-generator-body.js: Added.
+ * stress/function-caller-generator-method-body.js: Added.
+
+ Source/_javascript_Core:
+
+
+ Function.prototype.caller no longer returns generator bodies. Those are meant to be
+ private.
+
+ Also added some builtin debugging tools so that it's easier to do the investigation that I
+ did.
+
+ * builtins/BuiltinNames.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::callerGetter):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::init):
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncBuiltinDescribe):
+ * runtime/JSGlobalObjectFunctions.h:
+
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230662 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2018-04-14 Filip Pizlo <fpi...@apple.com>
+
+ Function.prototype.caller shouldn't return generator bodies
+ https://bugs.webkit.org/show_bug.cgi?id=184630
+
+ Reviewed by Yusuke Suzuki.
+
+ Function.prototype.caller no longer returns generator bodies. Those are meant to be
+ private.
+
+ Also added some builtin debugging tools so that it's easier to do the investigation that I
+ did.
+
+ * builtins/BuiltinNames.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::callerGetter):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::init):
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncBuiltinDescribe):
+ * runtime/JSGlobalObjectFunctions.h:
+
2018-04-11 Kocsen Chung <kocsen_ch...@apple.com>
Cherry-pick r230494. rdar://problem/39337455
Modified: branches/safari-605-branch/Source/_javascript_Core/builtins/BuiltinNames.h (230731 => 230732)
--- branches/safari-605-branch/Source/_javascript_Core/builtins/BuiltinNames.h 2018-04-17 22:14:58 UTC (rev 230731)
+++ branches/safari-605-branch/Source/_javascript_Core/builtins/BuiltinNames.h 2018-04-17 22:15:03 UTC (rev 230732)
@@ -83,6 +83,7 @@
macro(typedArrayGetOriginalConstructor) \
macro(typedArraySubarrayCreate) \
macro(BuiltinLog) \
+ macro(BuiltinDescribe) \
macro(homeObject) \
macro(templateRegistryKey) \
macro(enqueueJob) \
Modified: branches/safari-605-branch/Source/_javascript_Core/runtime/JSFunction.cpp (230731 => 230732)
--- branches/safari-605-branch/Source/_javascript_Core/runtime/JSFunction.cpp 2018-04-17 22:14:58 UTC (rev 230731)
+++ branches/safari-605-branch/Source/_javascript_Core/runtime/JSFunction.cpp 2018-04-17 22:15:03 UTC (rev 230732)
@@ -364,9 +364,34 @@
// Firefox returns null for native code callers, so we match that behavior.
if (function->isHostOrBuiltinFunction())
return JSValue::encode(jsNull());
- if (!function->jsExecutable()->isStrictMode())
- return JSValue::encode(caller);
- return JSValue::encode(throwTypeError(exec, scope, ASCIILiteral("Function.caller used to retrieve strict caller")));
+ SourceParseMode parseMode = function->jsExecutable()->parseMode();
+ switch (parseMode) {
+ case SourceParseMode::GeneratorBodyMode:
+ case SourceParseMode::AsyncGeneratorBodyMode:
+ return JSValue::encode(throwTypeError(exec, scope, ASCIILiteral("Function.caller used to retrieve generator body")));
+ case SourceParseMode::AsyncFunctionBodyMode:
+ case SourceParseMode::AsyncArrowFunctionBodyMode:
+ return JSValue::encode(throwTypeError(exec, scope, ASCIILiteral("Function.caller used to retrieve async function body")));
+ case SourceParseMode::NormalFunctionMode:
+ case SourceParseMode::GeneratorWrapperFunctionMode:
+ case SourceParseMode::GetterMode:
+ case SourceParseMode::SetterMode:
+ case SourceParseMode::MethodMode:
+ case SourceParseMode::ArrowFunctionMode:
+ case SourceParseMode::AsyncFunctionMode:
+ case SourceParseMode::AsyncMethodMode:
+ case SourceParseMode::AsyncArrowFunctionMode:
+ case SourceParseMode::ProgramMode:
+ case SourceParseMode::ModuleAnalyzeMode:
+ case SourceParseMode::ModuleEvaluateMode:
+ case SourceParseMode::AsyncGeneratorWrapperFunctionMode:
+ case SourceParseMode::AsyncGeneratorWrapperMethodMode:
+ case SourceParseMode::GeneratorWrapperMethodMode:
+ if (!function->jsExecutable()->isStrictMode())
+ return JSValue::encode(caller);
+ return JSValue::encode(throwTypeError(exec, scope, ASCIILiteral("Function.caller used to retrieve strict caller")));
+ }
+ RELEASE_ASSERT_NOT_REACHED();
}
bool JSFunction::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
Modified: branches/safari-605-branch/Source/_javascript_Core/runtime/JSGlobalObject.cpp (230731 => 230732)
--- branches/safari-605-branch/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2018-04-17 22:14:58 UTC (rev 230731)
+++ branches/safari-605-branch/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2018-04-17 22:15:03 UTC (rev 230732)
@@ -774,6 +774,7 @@
putDirectWithoutTransition(vm, vm.propertyNames->Loader, m_moduleLoader.get(), static_cast<unsigned>(PropertyAttribute::DontEnum));
JSFunction* builtinLog = JSFunction::create(vm, this, 1, vm.propertyNames->emptyIdentifier.string(), globalFuncBuiltinLog);
+ JSFunction* builtinDescribe = JSFunction::create(vm, this, 1, vm.propertyNames->emptyIdentifier.string(), globalFuncBuiltinDescribe);
JSFunction* privateFuncAbs = JSFunction::create(vm, this, 0, String(), mathProtoFuncAbs, AbsIntrinsic);
JSFunction* privateFuncFloor = JSFunction::create(vm, this, 0, String(), mathProtoFuncFloor, FloorIntrinsic);
@@ -864,6 +865,7 @@
GlobalPropertyInfo(vm.propertyNames->builtinNames().hasInstanceBoundFunctionPrivateName(), privateFuncHasInstanceBoundFunction, PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly),
GlobalPropertyInfo(vm.propertyNames->builtinNames().instanceOfPrivateName(), privateFuncInstanceOf, PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly),
GlobalPropertyInfo(vm.propertyNames->builtinNames().BuiltinLogPrivateName(), builtinLog, PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly),
+ GlobalPropertyInfo(vm.propertyNames->builtinNames().BuiltinDescribePrivateName(), builtinDescribe, PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly),
GlobalPropertyInfo(vm.propertyNames->builtinNames().NumberPrivateName(), numberConstructor, PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly),
GlobalPropertyInfo(vm.propertyNames->builtinNames().RegExpPrivateName(), m_regExpConstructor.get(), PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly),
GlobalPropertyInfo(vm.propertyNames->builtinNames().StringPrivateName(), stringConstructor, PropertyAttribute::DontEnum | PropertyAttribute::DontDelete | PropertyAttribute::ReadOnly),
Modified: branches/safari-605-branch/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.cpp (230731 => 230732)
--- branches/safari-605-branch/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.cpp 2018-04-17 22:14:58 UTC (rev 230731)
+++ branches/safari-605-branch/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.cpp 2018-04-17 22:15:03 UTC (rev 230732)
@@ -774,6 +774,11 @@
return JSValue::encode(jsUndefined());
}
+EncodedJSValue JSC_HOST_CALL globalFuncBuiltinDescribe(ExecState* exec)
+{
+ return JSValue::encode(jsString(exec, toString(exec->argument(0))));
+}
+
EncodedJSValue JSC_HOST_CALL globalFuncImportModule(ExecState* exec)
{
VM& vm = exec->vm();
Modified: branches/safari-605-branch/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.h (230731 => 230732)
--- branches/safari-605-branch/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.h 2018-04-17 22:14:58 UTC (rev 230731)
+++ branches/safari-605-branch/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.h 2018-04-17 22:15:03 UTC (rev 230732)
@@ -52,6 +52,7 @@
EncodedJSValue JSC_HOST_CALL globalFuncProtoSetter(ExecState*);
EncodedJSValue JSC_HOST_CALL globalFuncHostPromiseRejectionTracker(ExecState*);
EncodedJSValue JSC_HOST_CALL globalFuncBuiltinLog(ExecState*);
+EncodedJSValue JSC_HOST_CALL globalFuncBuiltinDescribe(ExecState*);
EncodedJSValue JSC_HOST_CALL globalFuncImportModule(ExecState*);
EncodedJSValue JSC_HOST_CALL globalFuncPropertyIsEnumerable(ExecState*);
