[webkit-changes] [WebKit/WebKit] eeda72: [JSC] Throw RangeError if Set methods are called o...

Fri, 02 Feb 2024 12:53:26 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: eeda72823e71a06b3993663328d737332329fc60
      
https://github.com/WebKit/WebKit/commit/eeda72823e71a06b3993663328d737332329fc60
  Author: Alexey Shvayka <ashva...@apple.com>
  Date:   2024-02-02 (Fri, 02 Feb 2024)

  Changed paths:
    M JSTests/stress/set-prototype-difference.js
    M JSTests/stress/set-prototype-intersection.js
    M JSTests/stress/set-prototype-isDisjointfrom.js
    M JSTests/stress/set-prototype-isSubsetOf.js
    M JSTests/stress/set-prototype-isSupersetOf.js
    M JSTests/stress/set-prototype-symmetricDifference.js
    M JSTests/stress/set-prototype-union.js
    M Source/JavaScriptCore/builtins/SetPrototype.js

  Log Message:
  -----------
  [JSC] Throw RangeError if Set methods are called on an object with negative 
"size" property
https://bugs.webkit.org/show_bug.cgi?id=267494
<rdar://problem/121310940>

Reviewed by Justin Michaud and Yusuke Suzuki.

This change implements steps 6-7 of GetSetRecord [1], ensuring a RangeError is 
thrown if
result of ToIntegerOrInfinity is negative, and extracts always-inlineable 
@getSetSizeAsInt().

These methods are at stage 3 of ECMA-262 standardization process, meaning we 
shouldn't worry
too much about performance impact.

Aligns JSC with V8, preventing most of newly-added Set methods from returning 
wrong results
when given an malformed Set-like object.

[1]: https://tc39.es/proposal-set-methods/#sec-getsetrecord

* JSTests/stress/set-prototype-difference.js:
* JSTests/stress/set-prototype-intersection.js:
* JSTests/stress/set-prototype-isDisjointfrom.js:
* JSTests/stress/set-prototype-isSubsetOf.js:
* JSTests/stress/set-prototype-isSupersetOf.js:
* JSTests/stress/set-prototype-symmetricDifference.js:
* JSTests/stress/set-prototype-union.js:
* Source/JavaScriptCore/builtins/SetPrototype.js:
(linkTimeConstant.alwaysInline.getSetSizeAsInt):
(isSubsetOf):

Canonical link: https://commits.webkit.org/274009@main


_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to