Diff
Modified: trunk/JSTests/ChangeLog (268322 => 268323)
--- trunk/JSTests/ChangeLog 2020-10-11 18:14:28 UTC (rev 268322)
+++ trunk/JSTests/ChangeLog 2020-10-11 18:21:10 UTC (rev 268323)
@@ -1,5 +1,37 @@
2020-10-11 Yusuke Suzuki <ysuz...@apple.com>
+ [JSC] arguments.callee should become ThrowTypeError if function has non simple parameter list
+ https://bugs.webkit.org/show_bug.cgi?id=217574
+
+ Reviewed by Darin Adler.
+
+ * stress/arguments-and-non-simple-parameters.js: Added.
+ (shouldBe):
+ (ThrowTypeError.Object.getOwnPropertyDescriptor):
+ (testUnmappedArguments):
+ (testMappedArguments):
+ (argumentGenerator2.inner):
+ (argumentGenerator2):
+ (argumentGenerator3.inner):
+ (argumentGenerator3):
+ (argumentGenerator4):
+ (argumentGenerator5.inner.inner2):
+ (argumentGenerator5.inner):
+ (argumentGenerator5):
+ (argumentGenerator6):
+ (argumentGenerator7.inner):
+ (argumentGenerator7):
+ (argumentGenerator8.inner):
+ (argumentGenerator8):
+ (argumentGenerator9.inner):
+ (argumentGenerator9):
+ (argumentGenerator10.inner.inner2):
+ (argumentGenerator10.inner):
+ (argumentGenerator10):
+ * test262/expectations.yaml:
+
+2020-10-11 Yusuke Suzuki <ysuz...@apple.com>
+
[JSC] BigInt constructor should be constructible while it always throws an error
https://bugs.webkit.org/show_bug.cgi?id=217575
Added: trunk/JSTests/stress/arguments-and-non-simple-parameters.js (0 => 268323)
--- trunk/JSTests/stress/arguments-and-non-simple-parameters.js (rev 0)
+++ trunk/JSTests/stress/arguments-and-non-simple-parameters.js 2020-10-11 18:21:10 UTC (rev 268323)
@@ -0,0 +1,124 @@
+// Copyright (C) 2012-2013 Ecma International
+// Copyright (C) 2016 André Bargull. All rights reserved.
+// Copyright (C) 2020 Apple Inc. All rights reserved.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification, are permitted provided that the
+// following conditions are met:
+// 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following
+// disclaimer.
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
+// following disclaimer in the documentation and/or other materials provided with the distribution.
+// 3. Neither the name of the authors nor Ecma International may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE ECMA INTERNATIONAL "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+// SHALL ECMA INTERNATIONAL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+// DAMAGE.
+
+function shouldBe(actual, expected) {
+ if (actual !== expected)
+ throw new Error('bad value: ' + actual);
+}
+
+var ThrowTypeError = Object.getOwnPropertyDescriptor(function() {
+ "use strict";
+ return arguments;
+}(), "callee").get;
+
+function testUnmappedArguments(args)
+{
+ var unmappedCalleeDesc = Object.getOwnPropertyDescriptor(args, "callee");
+ shouldBe(ThrowTypeError, unmappedCalleeDesc.get);
+ shouldBe(ThrowTypeError, unmappedCalleeDesc.set);
+}
+
+function testMappedArguments(args)
+{
+ var unmappedCalleeDesc = Object.getOwnPropertyDescriptor(args, "callee");
+ shouldBe(unmappedCalleeDesc.value !== undefined, true);
+}
+
+function argumentGenerator1(a = 0) {
+ return arguments;
+}
+testUnmappedArguments(argumentGenerator1());
+
+function argumentGenerator2() {
+ function inner(a = 0) {
+ return arguments;
+ }
+ return inner();
+}
+testUnmappedArguments(argumentGenerator2());
+
+function argumentGenerator3() {
+ function inner(a = 0) {
+ return arguments;
+ }
+ return arguments;
+}
+testMappedArguments(argumentGenerator3());
+
+function argumentGenerator4(a = 0) {
+ function inner() {
+ return arguments;
+ }
+ return inner();
+}
+testMappedArguments(argumentGenerator4());
+
+function argumentGenerator5() {
+ function inner() {
+ function inner2(a = 0) {
+ return arguments;
+ }
+ return inner2();
+ }
+ return inner();
+}
+testUnmappedArguments(argumentGenerator5());
+
+function argumentGenerator6(...a) {
+ return arguments;
+}
+testUnmappedArguments(argumentGenerator6());
+
+function argumentGenerator7() {
+ function inner(...a) {
+ return arguments;
+ }
+ return inner();
+}
+testUnmappedArguments(argumentGenerator7());
+
+function argumentGenerator8() {
+ function inner(...a) {
+ return arguments;
+ }
+ return arguments;
+}
+testMappedArguments(argumentGenerator8());
+
+function argumentGenerator9(...a) {
+ function inner() {
+ return arguments;
+ }
+ return inner();
+}
+testMappedArguments(argumentGenerator9());
+
+function argumentGenerator10() {
+ function inner() {
+ function inner2(...a) {
+ return arguments;
+ }
+ return inner2();
+ }
+ return inner();
+}
+testUnmappedArguments(argumentGenerator10());
Modified: trunk/JSTests/test262/expectations.yaml (268322 => 268323)
--- trunk/JSTests/test262/expectations.yaml 2020-10-11 18:14:28 UTC (rev 268322)
+++ trunk/JSTests/test262/expectations.yaml 2020-10-11 18:21:10 UTC (rev 268323)
@@ -1246,8 +1246,6 @@
test/built-ins/RegExp/quantifier-integer-limit.js:
default: 'SyntaxError: Invalid regular _expression_: number too large in {} quantifier'
strict mode: 'SyntaxError: Invalid regular _expression_: number too large in {} quantifier'
-test/built-ins/ThrowTypeError/unique-per-realm-non-simple.js:
- default: 'Test262Error: callee.get Expected SameValue(«function () {'
test/built-ins/TypedArray/prototype/slice/detached-buffer-zero-count-custom-ctor-other-targettype.js:
default: 'TypeError: Underlying ArrayBuffer has been detached from the view (Testing with Float64Array.)'
strict mode: 'TypeError: Underlying ArrayBuffer has been detached from the view (Testing with Float64Array.)'
Modified: trunk/Source/_javascript_Core/ChangeLog (268322 => 268323)
--- trunk/Source/_javascript_Core/ChangeLog 2020-10-11 18:14:28 UTC (rev 268322)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-10-11 18:21:10 UTC (rev 268323)
@@ -1,5 +1,31 @@
2020-10-11 Yusuke Suzuki <ysuz...@apple.com>
+ [JSC] arguments.callee should become ThrowTypeError if function has non simple parameter list
+ https://bugs.webkit.org/show_bug.cgi?id=217574
+
+ Reviewed by Darin Adler.
+
+ We should set ThrowTypeError in ClonedArguments when the callee is strict mode or callee has non simple parameter list[1].
+ We propagate NonSimpleParameterList information from parser and use it when materializing "callee" property of ClonedArguments.
+
+ [1]: https://tc39.es/ecma262/#sec-functiondeclarationinstantiation
+
+ * parser/Nodes.h:
+ (JSC::ScopeNode::isStrictMode const):
+ (JSC::ScopeNode::usesNonSimpleParameterList const):
+ (JSC::ScopeNode::setFeatures): Deleted.
+ (JSC::ScopeNode::setUsesArguments): Deleted.
+ * parser/Parser.cpp:
+ (JSC::Parser<LexerType>::parseInner):
+ * parser/ParserModes.h:
+ * runtime/ClonedArguments.cpp:
+ (JSC::ClonedArguments::getOwnPropertySlot):
+ (JSC::ClonedArguments::materializeSpecials):
+ * runtime/ScriptExecutable.h:
+ (JSC::ScriptExecutable::usesNonSimpleParameterList const):
+
+2020-10-11 Yusuke Suzuki <ysuz...@apple.com>
+
[JSC] BigInt constructor should be constructible while it always throws an error
https://bugs.webkit.org/show_bug.cgi?id=217575
Modified: trunk/Source/_javascript_Core/parser/Nodes.h (268322 => 268323)
--- trunk/Source/_javascript_Core/parser/Nodes.h 2020-10-11 18:14:28 UTC (rev 268322)
+++ trunk/Source/_javascript_Core/parser/Nodes.h 2020-10-11 18:21:10 UTC (rev 268323)
@@ -1870,7 +1870,6 @@
int startStartOffset() const { return m_startStartOffset; }
int startLineStartOffset() const { return m_startLineStartOffset; }
- void setFeatures(CodeFeatures features) { m_features = features; }
CodeFeatures features() { return m_features; }
InnerArrowFunctionCodeFeatures innerArrowFunctionCodeFeatures() { return m_innerArrowFunctionCodeFeatures; }
bool doAnyInnerArrowFunctionsUseAnyFeature() { return m_innerArrowFunctionCodeFeatures != NoInnerArrowFunctionFeatures; }
@@ -1885,7 +1884,6 @@
bool usesArguments() const { return (m_features & ArgumentsFeature) && !(m_features & ShadowsArgumentsFeature); }
bool usesArrowFunction() const { return m_features & ArrowFunctionFeature; }
bool isStrictMode() const { return m_features & StrictModeFeature; }
- void setUsesArguments() { m_features |= ArgumentsFeature; }
bool usesThis() const { return m_features & ThisFeature; }
bool usesSuperCall() const { return m_features & SuperCallFeature; }
bool usesSuperProperty() const { return m_features & SuperPropertyFeature; }
@@ -1895,6 +1893,7 @@
bool captures(UniquedStringImpl* uid) { return m_varDeclarations.captures(uid); }
bool captures(const Identifier& ident) { return captures(ident.impl()); }
bool hasSloppyModeHoistedFunction(UniquedStringImpl* uid) const { return m_sloppyModeHoistedFunctions.contains(uid); }
+ bool usesNonSimpleParameterList() const { return m_features & NonSimpleParameterListFeature; }
bool needsNewTargetRegisterForThisScope() const
{
Modified: trunk/Source/_javascript_Core/parser/Parser.cpp (268322 => 268323)
--- trunk/Source/_javascript_Core/parser/Parser.cpp 2020-10-11 18:14:28 UTC (rev 268322)
+++ trunk/Source/_javascript_Core/parser/Parser.cpp 2020-10-11 18:21:10 UTC (rev 268323)
@@ -288,6 +288,8 @@
features |= ShadowsArgumentsFeature;
if (m_seenTaggedTemplate)
features |= NoEvalCacheFeature;
+ if (scope->hasNonSimpleParameterList())
+ features |= NonSimpleParameterListFeature;
#if ASSERT_ENABLED
if (m_parsingBuiltin && isProgramParseMode(parseMode)) {
Modified: trunk/Source/_javascript_Core/parser/ParserModes.h (268322 => 268323)
--- trunk/Source/_javascript_Core/parser/ParserModes.h 2020-10-11 18:14:28 UTC (rev 268322)
+++ trunk/Source/_javascript_Core/parser/ParserModes.h 2020-10-11 18:21:10 UTC (rev 268323)
@@ -306,22 +306,22 @@
typedef uint16_t CodeFeatures;
-const CodeFeatures NoFeatures = 0;
-const CodeFeatures EvalFeature = 1 << 0;
-const CodeFeatures ArgumentsFeature = 1 << 1;
-const CodeFeatures WithFeature = 1 << 2;
-const CodeFeatures ThisFeature = 1 << 3;
-const CodeFeatures StrictModeFeature = 1 << 4;
-const CodeFeatures ShadowsArgumentsFeature = 1 << 5;
-const CodeFeatures ArrowFunctionFeature = 1 << 6;
-const CodeFeatures ArrowFunctionContextFeature = 1 << 7;
-const CodeFeatures SuperCallFeature = 1 << 8;
-const CodeFeatures SuperPropertyFeature = 1 << 9;
-const CodeFeatures NewTargetFeature = 1 << 10;
-const CodeFeatures NoEvalCacheFeature = 1 << 11;
+const CodeFeatures NoFeatures = 0;
+const CodeFeatures EvalFeature = 1 << 0;
+const CodeFeatures ArgumentsFeature = 1 << 1;
+const CodeFeatures WithFeature = 1 << 2;
+const CodeFeatures ThisFeature = 1 << 3;
+const CodeFeatures StrictModeFeature = 1 << 4;
+const CodeFeatures ShadowsArgumentsFeature = 1 << 5;
+const CodeFeatures ArrowFunctionFeature = 1 << 6;
+const CodeFeatures ArrowFunctionContextFeature = 1 << 7;
+const CodeFeatures SuperCallFeature = 1 << 8;
+const CodeFeatures SuperPropertyFeature = 1 << 9;
+const CodeFeatures NewTargetFeature = 1 << 10;
+const CodeFeatures NoEvalCacheFeature = 1 << 11;
+const CodeFeatures NonSimpleParameterListFeature = 1 << 12;
-const CodeFeatures AllFeatures = EvalFeature | ArgumentsFeature | WithFeature | ThisFeature | StrictModeFeature | ShadowsArgumentsFeature | ArrowFunctionFeature | ArrowFunctionContextFeature |
- SuperCallFeature | SuperPropertyFeature | NewTargetFeature | NoEvalCacheFeature;
+const CodeFeatures AllFeatures = EvalFeature | ArgumentsFeature | WithFeature | ThisFeature | StrictModeFeature | ShadowsArgumentsFeature | ArrowFunctionFeature | ArrowFunctionContextFeature | SuperCallFeature | SuperPropertyFeature | NewTargetFeature | NoEvalCacheFeature | NonSimpleParameterListFeature;
typedef uint8_t InnerArrowFunctionCodeFeatures;
Modified: trunk/Source/_javascript_Core/runtime/ClonedArguments.cpp (268322 => 268323)
--- trunk/Source/_javascript_Core/runtime/ClonedArguments.cpp 2020-10-11 18:14:28 UTC (rev 268322)
+++ trunk/Source/_javascript_Core/runtime/ClonedArguments.cpp 2020-10-11 18:21:10 UTC (rev 268323)
@@ -180,7 +180,7 @@
bool isStrictMode = executable->isInStrictContext();
if (ident == vm.propertyNames->callee) {
- if (isStrictMode) {
+ if (isStrictMode || executable->usesNonSimpleParameterList()) {
slot.setGetterSlot(thisObject, PropertyAttribute::DontDelete | PropertyAttribute::DontEnum | PropertyAttribute::Accessor, thisObject->globalObject(vm)->throwTypeErrorArgumentsCalleeAndCallerGetterSetter());
return true;
}
@@ -251,7 +251,7 @@
FunctionExecutable* executable = jsCast<FunctionExecutable*>(m_callee->executable());
bool isStrictMode = executable->isInStrictContext();
- if (isStrictMode)
+ if (isStrictMode || executable->usesNonSimpleParameterList())
putDirectAccessor(globalObject, vm.propertyNames->callee, this->globalObject(vm)->throwTypeErrorArgumentsCalleeAndCallerGetterSetter(), PropertyAttribute::DontDelete | PropertyAttribute::DontEnum | PropertyAttribute::Accessor);
else
putDirect(vm, vm.propertyNames->callee, JSValue(m_callee.get()));
Modified: trunk/Source/_javascript_Core/runtime/ScriptExecutable.h (268322 => 268323)
--- trunk/Source/_javascript_Core/runtime/ScriptExecutable.h 2020-10-11 18:14:28 UTC (rev 268322)
+++ trunk/Source/_javascript_Core/runtime/ScriptExecutable.h 2020-10-11 18:21:10 UTC (rev 268323)
@@ -64,6 +64,7 @@
DerivedContextType derivedContextType() const { return static_cast<DerivedContextType>(m_derivedContextType); }
EvalContextType evalContextType() const { return static_cast<EvalContextType>(m_evalContextType); }
bool isInStrictContext() const { return m_features & StrictModeFeature; }
+ bool usesNonSimpleParameterList() const { return m_features & NonSimpleParameterListFeature; }
void setNeverInline(bool value) { m_neverInline = value; }
void setNeverOptimize(bool value) { m_neverOptimize = value; }
