Reviewers: rossberg,
Message:
PTAL
Description:
Do not allow invocation of ArrayBuffer and array buffer views' constructors
as
functions.
ES6 bug 695 (https://bugs.ecmascript.org/show_bug.cgi?id=695).
This never worked in WebKit, so no compatibility issues.
[email protected]
Please review this at https://codereview.chromium.org/17904007/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
M src/arraybuffer.js
M src/messages.js
M src/typedarray.js
M test/mjsunit/external-array-no-sse2.js
M test/mjsunit/external-array.js
M test/mjsunit/harmony/typedarrays.js
M test/mjsunit/regress/regress-1383.js
Index: src/arraybuffer.js
diff --git a/src/arraybuffer.js b/src/arraybuffer.js
index
06cc653b0969ea82e5077222baeeb7008cb0b58f..4a4f570146568464dfe8938502e9a827be60c6cd
100644
--- a/src/arraybuffer.js
+++ b/src/arraybuffer.js
@@ -36,7 +36,7 @@ function ArrayBufferConstructor(length) { // length = 1
var byteLength =
ToPositiveInteger(length, 'invalid_array_buffer_length');
%ArrayBufferInitialize(this, byteLength);
} else {
- return new $ArrayBuffer(length);
+ throw MakeTypeError('constructor_not_function', ["ArrayBuffer"]);
}
}
Index: src/messages.js
diff --git a/src/messages.js b/src/messages.js
index
f515ca56a853c373b728f02a066f58a5d6ede73a..137d98fe7b8d73241fdee55c9874865dd00ab851
100644
--- a/src/messages.js
+++ b/src/messages.js
@@ -109,6 +109,7 @@ var kMessages = {
not_typed_array: ["this is not a typed array."],
invalid_argument: ["invalid_argument"],
data_view_not_array_buffer: ["First argument to DataView constructor
must be an ArrayBuffer"],
+ constructor_not_function: ["Constructor ", "%0", " requires 'new'"],
// RangeError
invalid_array_length: ["Invalid array length"],
invalid_array_buffer_length: ["Invalid array buffer length"],
Index: src/typedarray.js
diff --git a/src/typedarray.js b/src/typedarray.js
index
b14d65f0f6cda8a95ba46291fcadd87bd92fb487..0d903550495be2a6d792d279b547e7229ebf4ce5
100644
--- a/src/typedarray.js
+++ b/src/typedarray.js
@@ -97,7 +97,7 @@ function CreateTypedArrayConstructor(name, elementSize,
arrayId, constructor) {
throw MakeTypeError("parameterless_typed_array_constr", [name]);
}
} else {
- return new constructor(arg1, arg2, arg3);
+ throw MakeTypeError("constructor_not_function", [name])
}
}
}
@@ -223,7 +223,7 @@ function DataViewConstructor(buffer, byteOffset,
byteLength) { // length = 3
}
%DataViewInitialize(this, buffer, offset, length);
} else {
- return new $DataView(buffer, byteOffset, byteLength)
+ throw MakeTypeError('constructor_not_function', ["DataView"]);
}
}
Index: test/mjsunit/external-array-no-sse2.js
diff --git a/test/mjsunit/external-array-no-sse2.js
b/test/mjsunit/external-array-no-sse2.js
index
c9d56217c80ad4726717bf18fd79896983021e72..cffcab86102433274bd01fdab82682f8061fea85
100644
--- a/test/mjsunit/external-array-no-sse2.js
+++ b/test/mjsunit/external-array-no-sse2.js
@@ -520,30 +520,15 @@ assertSame(a.buffer, aa.buffer);
assertThrows(function(){ a.subarray.call({}, 0) });
assertThrows(function(){ a.subarray.call([], 0) });
-// Call constructors directly as functions, and through .call and .apply
-
-b = ArrayBuffer(100)
-a = Int8Array(b, 5, 77)
-assertInstance(b, ArrayBuffer)
-assertInstance(a, Int8Array)
-assertSame(b, a.buffer)
-assertEquals(5, a.byteOffset)
-assertEquals(77, a.byteLength)
-b = ArrayBuffer.call(null, 10)
-a = Uint16Array.call(null, b, 2, 4)
-assertInstance(b, ArrayBuffer)
-assertInstance(a, Uint16Array)
-assertSame(b, a.buffer)
-assertEquals(2, a.byteOffset)
-assertEquals(8, a.byteLength)
-b = ArrayBuffer.apply(null, [1000])
-a = Float32Array.apply(null, [b, 128, 1])
-assertInstance(b, ArrayBuffer)
-assertInstance(a, Float32Array)
-assertSame(b, a.buffer)
-assertEquals(128, a.byteOffset)
-assertEquals(4, a.byteLength)
+// Try to call constructors directly as functions, and through .call
+// and .apply. Should fail.
+assertThrows(function() { ArrayBuffer(100); }, TypeError);
+assertThrows(function() { Int8Array(b, 5, 77); }, TypeError);
+assertThrows(function() { ArrayBuffer.call(null, 10); }, TypeError);
+assertThrows(function() { Uint16Array.call(null, b, 2, 4); }, TypeError);
+assertThrows(function() { ArrayBuffer.apply(null, [1000]); }, TypeError);
+assertThrows(function() { Float32Array.apply(null, [b, 128, 1]); },
TypeError);
// Test array.set in different combinations.
@@ -632,15 +617,15 @@ var b0 = a0.buffer
var b1 = b0.slice(0)
assertEquals(b0.byteLength, b1.byteLength)
-assertArrayPrefix([1, 2, 3, 4, 5, 6], Int8Array(b1))
+assertArrayPrefix([1, 2, 3, 4, 5, 6], new Int8Array(b1))
var b2 = b0.slice(3)
assertEquals(b0.byteLength - 3, b2.byteLength)
-assertArrayPrefix([4, 5, 6], Int8Array(b2))
+assertArrayPrefix([4, 5, 6], new Int8Array(b2))
var b3 = b0.slice(2, 4)
assertEquals(2, b3.byteLength)
-assertArrayPrefix([3, 4], Int8Array(b3))
+assertArrayPrefix([3, 4], new Int8Array(b3))
function goo(a, i) {
return a[i];
Index: test/mjsunit/external-array.js
diff --git a/test/mjsunit/external-array.js b/test/mjsunit/external-array.js
index
bfdab8abff9430db4b88e2254ba9b76369dce176..deb3c8659dba17982dee3725698aece1bd5322c7
100644
--- a/test/mjsunit/external-array.js
+++ b/test/mjsunit/external-array.js
@@ -519,30 +519,15 @@ assertSame(a.buffer, aa.buffer);
assertThrows(function(){ a.subarray.call({}, 0) });
assertThrows(function(){ a.subarray.call([], 0) });
-// Call constructors directly as functions, and through .call and .apply
-
-b = ArrayBuffer(100)
-a = Int8Array(b, 5, 77)
-assertInstance(b, ArrayBuffer)
-assertInstance(a, Int8Array)
-assertSame(b, a.buffer)
-assertEquals(5, a.byteOffset)
-assertEquals(77, a.byteLength)
-b = ArrayBuffer.call(null, 10)
-a = Uint16Array.call(null, b, 2, 4)
-assertInstance(b, ArrayBuffer)
-assertInstance(a, Uint16Array)
-assertSame(b, a.buffer)
-assertEquals(2, a.byteOffset)
-assertEquals(8, a.byteLength)
-b = ArrayBuffer.apply(null, [1000])
-a = Float32Array.apply(null, [b, 128, 1])
-assertInstance(b, ArrayBuffer)
-assertInstance(a, Float32Array)
-assertSame(b, a.buffer)
-assertEquals(128, a.byteOffset)
-assertEquals(4, a.byteLength)
+// Try to call constructors directly as functions, and through .call
+// and .apply. Should fail.
+assertThrows(function() { ArrayBuffer(100); }, TypeError);
+assertThrows(function() { Int8Array(b, 5, 77); }, TypeError);
+assertThrows(function() { ArrayBuffer.call(null, 10); }, TypeError);
+assertThrows(function() { Uint16Array.call(null, b, 2, 4); }, TypeError);
+assertThrows(function() { ArrayBuffer.apply(null, [1000]); }, TypeError);
+assertThrows(function() { Float32Array.apply(null, [b, 128, 1]); },
TypeError);
// Test array.set in different combinations.
@@ -631,15 +616,15 @@ var b0 = a0.buffer
var b1 = b0.slice(0)
assertEquals(b0.byteLength, b1.byteLength)
-assertArrayPrefix([1, 2, 3, 4, 5, 6], Int8Array(b1))
+assertArrayPrefix([1, 2, 3, 4, 5, 6], new Int8Array(b1))
var b2 = b0.slice(3)
assertEquals(b0.byteLength - 3, b2.byteLength)
-assertArrayPrefix([4, 5, 6], Int8Array(b2))
+assertArrayPrefix([4, 5, 6], new Int8Array(b2))
var b3 = b0.slice(2, 4)
assertEquals(2, b3.byteLength)
-assertArrayPrefix([3, 4], Int8Array(b3))
+assertArrayPrefix([3, 4], new Int8Array(b3))
function goo(a, i) {
return a[i];
Index: test/mjsunit/harmony/typedarrays.js
diff --git a/test/mjsunit/harmony/typedarrays.js
b/test/mjsunit/harmony/typedarrays.js
index
c699f647180fe1ae89257f9ca41257eb86b06a08..e1b0e653d602e8fde9094ab8656d5fc476b39a25
100644
--- a/test/mjsunit/harmony/typedarrays.js
+++ b/test/mjsunit/harmony/typedarrays.js
@@ -563,5 +563,5 @@ TestArbitrary(new DataView(new ArrayBuffer(256)));
// Test direct constructor call
-assertTrue(ArrayBuffer() instanceof ArrayBuffer);
-assertTrue(DataView(new ArrayBuffer()) instanceof DataView);
+assertThrows(function() { ArrayBuffer(); }, TypeError);
+assertThrows(function() { DataView(new ArrayBuffer()); }, TypeError);
Index: test/mjsunit/regress/regress-1383.js
diff --git a/test/mjsunit/regress/regress-1383.js
b/test/mjsunit/regress/regress-1383.js
index
4b08f5a6b5f5a0be352d9bd00fcfb4a7ddafaa56..387c8b4004c55d124d837d180f6874e5ea370502
100644
--- a/test/mjsunit/regress/regress-1383.js
+++ b/test/mjsunit/regress/regress-1383.js
@@ -33,7 +33,7 @@ x="";
function foo(){
"use strict";
var wxemsx=(4);
- var wxemsx_0=Float32Array(wxemsx);
+ var wxemsx_0=new Float32Array(wxemsx);
wxemsx_0[0]={};
}
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
