[webkit-changes] [254390] trunk

[shvaikalesh]

Title: [254390] trunk

Revision

254390

Author

shvaikal...@gmail.com

Date

2020-01-10 19:17:59 -0800 (Fri, 10 Jan 2020)

Log Message

Object.keys should throw if called on module namespace object with uninitialized binding
https://bugs.webkit.org/show_bug.cgi?id=205983

Reviewed by Yusuke Suzuki.

JSTests:

* test262/expectations.yaml: Mark 2 test cases as passing.

Source/_javascript_Core:

If JSModuleNamespaceObject::getOwnPropertyNames method is called by
Object.keys or for/in loop, it should invoke [[GetOwnProperty]] on
every binding so a ReferenceError is thrown if the binding is uninitialized.

Complete call stack of internal methods and abstract ops is in "info" meta of
JSTests/test262/test/language/module-code/namespace/internals/object-keys-binding-uninit.js

* runtime/JSModuleNamespaceObject.cpp:
(JSC::JSModuleNamespaceObject::getOwnPropertyNames):

Modified Paths

• trunk/JSTests/ChangeLog
• trunk/JSTests/test262/expectations.yaml
• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/runtime/JSModuleNamespaceObject.cpp

Diff

Modified: trunk/JSTests/ChangeLog (254389 => 254390)

--- trunk/JSTests/ChangeLog	2020-01-11 03:05:30 UTC (rev 254389)
+++ trunk/JSTests/ChangeLog	2020-01-11 03:17:59 UTC (rev 254390)
@@ -1,3 +1,12 @@
+2020-01-10  Caitlin Potter  <ca...@igalia.com> and Alexey Shvayka  <shvaikal...@gmail.com>
+
+        Object.keys should throw if called on module namespace object with uninitialized binding
+        https://bugs.webkit.org/show_bug.cgi?id=205983
+
+        Reviewed by Yusuke Suzuki.
+
+        * test262/expectations.yaml: Mark 2 test cases as passing.
+
 2020-01-10  Saam Barati  <sbar...@apple.com>
 
         ObjectAllocationSinkingPhase doesn't model pointers to allocations in control flow properly

Modified: trunk/JSTests/test262/expectations.yaml (254389 => 254390)

--- trunk/JSTests/test262/expectations.yaml	2020-01-11 03:05:30 UTC (rev 254389)
+++ trunk/JSTests/test262/expectations.yaml	2020-01-11 03:17:59 UTC (rev 254390)
@@ -3477,8 +3477,6 @@
   module: "SyntaxError: Unexpected identifier 'as'. Expected 'from' before exported module name."
 test/language/module-code/namespace/internals/get-nested-namespace-props-nrml.js:
   module: "SyntaxError: Unexpected identifier 'as'. Expected 'from' before exported module name."
-test/language/module-code/namespace/internals/object-keys-binding-uninit.js:
-  module: 'Test262Error: Expected a ReferenceError to be thrown but no exception was thrown at all'
 test/language/module-code/namespace/internals/set.js:
   module: 'Test262Error: Reflect.defineProperty: local1 Expected SameValue(«false», «true») to be true'
 test/language/module-code/parse-err-hoist-lex-fun.js:

Modified: trunk/Source/_javascript_Core/ChangeLog (254389 => 254390)

--- trunk/Source/_javascript_Core/ChangeLog	2020-01-11 03:05:30 UTC (rev 254389)
+++ trunk/Source/_javascript_Core/ChangeLog	2020-01-11 03:17:59 UTC (rev 254390)
@@ -1,3 +1,20 @@
+2020-01-10  Caitlin Potter  <ca...@igalia.com> and Alexey Shvayka  <shvaikal...@gmail.com>
+
+        Object.keys should throw if called on module namespace object with uninitialized binding
+        https://bugs.webkit.org/show_bug.cgi?id=205983
+
+        Reviewed by Yusuke Suzuki.
+
+        If JSModuleNamespaceObject::getOwnPropertyNames method is called by
+        Object.keys or for/in loop, it should invoke [[GetOwnProperty]] on
+        every binding so a ReferenceError is thrown if the binding is uninitialized.
+
+        Complete call stack of internal methods and abstract ops is in "info" meta of
+        JSTests/test262/test/language/module-code/namespace/internals/object-keys-binding-uninit.js
+
+        * runtime/JSModuleNamespaceObject.cpp:
+        (JSC::JSModuleNamespaceObject::getOwnPropertyNames):
+
 2020-01-10  Saam Barati  <sbar...@apple.com>
 
         ObjectAllocationSinkingPhase doesn't model pointers to allocations in control flow properly

Modified: trunk/Source/_javascript_Core/runtime/JSModuleNamespaceObject.cpp (254389 => 254390)

--- trunk/Source/_javascript_Core/runtime/JSModuleNamespaceObject.cpp	2020-01-11 03:05:30 UTC (rev 254389)
+++ trunk/Source/_javascript_Core/runtime/JSModuleNamespaceObject.cpp	2020-01-11 03:17:59 UTC (rev 254390)
@@ -211,11 +211,21 @@
 
 void JSModuleNamespaceObject::getOwnPropertyNames(JSObject* cell, JSGlobalObject* globalObject, PropertyNameArray& propertyNames, EnumerationMode mode)
 {
-    // http://www.ecma-international.org/ecma-262/6.0/#sec-module-namespace-exotic-objects-ownpropertykeys
+    VM& vm = globalObject->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    // https://tc39.es/ecma262/#sec-module-namespace-exotic-objects-ownpropertykeys
     JSModuleNamespaceObject* thisObject = jsCast<JSModuleNamespaceObject*>(cell);
-    for (const auto& name : thisObject->m_names)
+    for (const auto& name : thisObject->m_names) {
+        if (!mode.includeDontEnumProperties()) {
+            // Perform [[GetOwnProperty]] to throw ReferenceError if binding is uninitialized.
+            PropertySlot slot(cell, PropertySlot::InternalMethodType::GetOwnProperty);
+            thisObject->getOwnPropertySlotCommon(globalObject, name.impl(), slot);
+            RETURN_IF_EXCEPTION(scope, void());
+        }
         propertyNames.add(name.impl());
-    return JSObject::getOwnPropertyNames(thisObject, globalObject, propertyNames, mode);
+    }
+    JSObject::getOwnPropertyNames(thisObject, globalObject, propertyNames, mode);
 }
 
 bool JSModuleNamespaceObject::defineOwnProperty(JSObject*, JSGlobalObject* globalObject, PropertyName, const PropertyDescriptor&, bool shouldThrow)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes