[webkit-changes] [WebKit/WebKit] 1a8dfc: [JSC] Split DataView construction step into a sepa...

Thu, 07 May 2026 00:53:48 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 1a8dfc920f4cc261c77b2a663392f6a4412adf1a
      
https://github.com/WebKit/WebKit/commit/1a8dfc920f4cc261c77b2a663392f6a4412adf1a
  Author: Tetsuharu Ohzeki <[email protected]>
  Date:   2026-05-07 (Thu, 07 May 2026)

  Changed paths:
    M JSTests/stress/create-subclass-structure-might-throw.js
    A 
JSTests/stress/dataview-constructor-toindex-byteoffset-before-ordinarycreatefromctor.js
    M Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h

  Log Message:
  -----------
  [JSC] Split DataView construction step into a separated code path from other 
TypedArrays
https://bugs.webkit.org/show_bug.cgi?id=313416

Reviewed by Yusuke Suzuki.

This reland https://commits.webkit.org/312483@main
with fixing a regression.

---

`DataView` and %TypedArray%` constructors take almost same arguments and behave 
very similarly
but the spec has a different abstract operation steps.
It makes a difference for an order of checking their arguments and throwing 
errors in the detail.
And its difference comes with an user observable behavior.

- https://tc39.es/ecma262/#sec-dataview-buffer-byteoffset-bytelength
- https://tc39.es/ecma262/#sec-typedarray

Our previous implementation shares the infrastructure for both of them via C++ 
template and if constexpr.
But `if constexpr` branch makes a thing complex.

To prepare to resolve https://bugs.webkit.org/show_bug.cgi?id=313230,
let's split into separate paths.

Test: 
JSTests/stress/dataview-constructor-toindex-byteoffset-before-ordinarycreatefromctor.js

* JSTests/stress/create-subclass-structure-might-throw.js:
    By this change, `new DataView` would throw error _earlier_ if the argument 
count is 0 just like as `Promise`.
    This fix add the case of `DataView`.
* 
JSTests/stress/dataview-constructor-toindex-byteoffset-before-ordinarycreatefromctor.js:
 Added.
    This is a regression test that failed in 
https://commits.webkit.org/312483@main.
* Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h:
(JSC::constructGenericTypedArrayViewWithArrayBuffer):
    Share the part of the construction with JSArrayBuffer.
(JSC::constructGenericTypedArrayViewWithArguments):
    This removes JSDataView branches.
(JSC::constructGenericTypedArrayViewImpl):
    This removes JSDataView branches.
(JSC::constructDataViewImpl):
    To clarify the purpose, this change adds this function.
(JSC::constructGenericTypedArrayViewImpl<JSDataView>):
    This is a C++ template specialization to call the actual new separated 
implementation.
    This is useful to not change the exist code base on caller side.

Canonical link: https://commits.webkit.org/312778@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to