Diff
Modified: trunk/LayoutTests/ChangeLog (152572 => 152573)
--- trunk/LayoutTests/ChangeLog 2013-07-11 16:17:37 UTC (rev 152572)
+++ trunk/LayoutTests/ChangeLog 2013-07-11 18:35:35 UTC (rev 152573)
@@ -1,3 +1,15 @@
+2013-07-10 Oliver Hunt <[email protected]>
+
+ NativeExecutable cache needs to use both call and construct functions for key
+ https://bugs.webkit.org/show_bug.cgi?id=118545
+
+ Reviewed by Geoffrey Garen.
+
+ Make sure we don't decide that all bound functions aren't constructors.
+
+ * fast/js/function-bind-expected.txt:
+ * fast/js/script-tests/function-bind.js:
+
2013-07-11 Andrei Bucur <[email protected]>
[CSS Regions] In a region chain with auto-height regions, lines get their length based only on the first region
Modified: trunk/LayoutTests/fast/js/function-bind-expected.txt (152572 => 152573)
--- trunk/LayoutTests/fast/js/function-bind-expected.txt 2013-07-11 16:17:37 UTC (rev 152572)
+++ trunk/LayoutTests/fast/js/function-bind-expected.txt 2013-07-11 18:35:35 UTC (rev 152573)
@@ -3,6 +3,10 @@
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+PASS new (decodeURI.bind())() threw exception TypeError: 'function decodeURI() {
+ [native code]
+}' is not a constructor (evaluating 'new (decodeURI.bind())()').
+PASS (new (String.bind())('foo')).toString() is 'foo'
PASS result is "[object Window] -> x:1, y:2"
PASS result is "'a' -> x:'b', y:1"
PASS result is "'a' -> x:'b', y:'c'"
Modified: trunk/LayoutTests/fast/js/script-tests/function-bind.js (152572 => 152573)
--- trunk/LayoutTests/fast/js/script-tests/function-bind.js 2013-07-11 16:17:37 UTC (rev 152572)
+++ trunk/LayoutTests/fast/js/script-tests/function-bind.js 2013-07-11 18:35:35 UTC (rev 152573)
@@ -1,5 +1,8 @@
description("Tests Function.bind.");
+shouldThrow("new (decodeURI.bind())()");
+shouldBe("(new (String.bind())('foo')).toString()", "'foo'");
+
var result;
function F(x, y)
Modified: trunk/Source/_javascript_Core/ChangeLog (152572 => 152573)
--- trunk/Source/_javascript_Core/ChangeLog 2013-07-11 16:17:37 UTC (rev 152572)
+++ trunk/Source/_javascript_Core/ChangeLog 2013-07-11 18:35:35 UTC (rev 152573)
@@ -1,3 +1,22 @@
+2013-07-10 Oliver Hunt <[email protected]>
+
+ NativeExecutable cache needs to use both call and construct functions for key
+ https://bugs.webkit.org/show_bug.cgi?id=118545
+
+ Reviewed by Geoffrey Garen.
+
+ Make the native executable cache make use a key pair so we don't decide to
+ treat all subsequent functions as not being constructors.
+
+ * jit/JITThunks.cpp:
+ (JSC::JITThunks::hostFunctionStub):
+ * jit/JITThunks.h:
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::create):
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getCallData):
+ (JSC::JSCell::getConstructData):
+
2013-07-09 Mark Lam <[email protected]>
Gardening to unbreak builds on the Windows bot.
Modified: trunk/Source/_javascript_Core/jit/JITThunks.cpp (152572 => 152573)
--- trunk/Source/_javascript_Core/jit/JITThunks.cpp 2013-07-11 16:17:37 UTC (rev 152572)
+++ trunk/Source/_javascript_Core/jit/JITThunks.cpp 2013-07-11 18:35:35 UTC (rev 152573)
@@ -71,17 +71,17 @@
NativeExecutable* JITThunks::hostFunctionStub(VM* vm, NativeFunction function, NativeFunction constructor)
{
- if (NativeExecutable* nativeExecutable = m_hostFunctionStubMap->get(function))
+ if (NativeExecutable* nativeExecutable = m_hostFunctionStubMap->get(std::make_pair(function, constructor)))
return nativeExecutable;
NativeExecutable* nativeExecutable = NativeExecutable::create(*vm, JIT::compileCTINativeCall(vm, function), function, MacroAssemblerCodeRef::createSelfManagedCodeRef(ctiNativeConstruct(vm)), constructor, NoIntrinsic);
- weakAdd(*m_hostFunctionStubMap, function, PassWeak<NativeExecutable>(nativeExecutable));
+ weakAdd(*m_hostFunctionStubMap, std::make_pair(function, constructor), PassWeak<NativeExecutable>(nativeExecutable));
return nativeExecutable;
}
NativeExecutable* JITThunks::hostFunctionStub(VM* vm, NativeFunction function, ThunkGenerator generator, Intrinsic intrinsic)
{
- if (NativeExecutable* nativeExecutable = m_hostFunctionStubMap->get(function))
+ if (NativeExecutable* nativeExecutable = m_hostFunctionStubMap->get(std::make_pair(function, callHostFunctionAsConstructor)))
return nativeExecutable;
MacroAssemblerCodeRef code;
@@ -94,7 +94,7 @@
code = JIT::compileCTINativeCall(vm, function);
NativeExecutable* nativeExecutable = NativeExecutable::create(*vm, code, function, MacroAssemblerCodeRef::createSelfManagedCodeRef(ctiNativeConstruct(vm)), callHostFunctionAsConstructor, intrinsic);
- weakAdd(*m_hostFunctionStubMap, function, PassWeak<NativeExecutable>(nativeExecutable));
+ weakAdd(*m_hostFunctionStubMap, std::make_pair(function, callHostFunctionAsConstructor), PassWeak<NativeExecutable>(nativeExecutable));
return nativeExecutable;
}
Modified: trunk/Source/_javascript_Core/jit/JITThunks.h (152572 => 152573)
--- trunk/Source/_javascript_Core/jit/JITThunks.h 2013-07-11 16:17:37 UTC (rev 152572)
+++ trunk/Source/_javascript_Core/jit/JITThunks.h 2013-07-11 18:35:35 UTC (rev 152573)
@@ -64,7 +64,7 @@
private:
typedef HashMap<ThunkGenerator, MacroAssemblerCodeRef> CTIStubMap;
CTIStubMap m_ctiStubMap;
- typedef HashMap<NativeFunction, Weak<NativeExecutable> > HostFunctionStubMap;
+ typedef HashMap<pair<NativeFunction, NativeFunction>, Weak<NativeExecutable> > HostFunctionStubMap;
OwnPtr<HostFunctionStubMap> m_hostFunctionStubMap;
};
Modified: trunk/Source/_javascript_Core/runtime/JSBoundFunction.cpp (152572 => 152573)
--- trunk/Source/_javascript_Core/runtime/JSBoundFunction.cpp 2013-07-11 16:17:37 UTC (rev 152572)
+++ trunk/Source/_javascript_Core/runtime/JSBoundFunction.cpp 2013-07-11 18:35:35 UTC (rev 152573)
@@ -79,7 +79,6 @@
ConstructData constructData;
ConstructType constructType = JSC::getConstructData(targetFunction, constructData);
bool canConstruct = constructType != ConstructTypeNone;
-
NativeExecutable* executable = exec->vm().getHostFunction(boundFunctionCall, canConstruct ? boundFunctionConstruct : callHostFunctionAsConstructor);
JSBoundFunction* function = new (NotNull, allocateCell<JSBoundFunction>(*exec->heap())) JSBoundFunction(exec, globalObject, globalObject->boundFunctionStructure(), targetFunction, boundThis, boundArgs);
Modified: trunk/Source/_javascript_Core/runtime/JSCell.cpp (152572 => 152573)
--- trunk/Source/_javascript_Core/runtime/JSCell.cpp 2013-07-11 16:17:37 UTC (rev 152572)
+++ trunk/Source/_javascript_Core/runtime/JSCell.cpp 2013-07-11 18:35:35 UTC (rev 152573)
@@ -66,13 +66,19 @@
return isObject() ? static_cast<const JSObject*>(this) : 0;
}
-CallType JSCell::getCallData(JSCell*, CallData&)
+CallType JSCell::getCallData(JSCell*, CallData& callData)
{
+ callData.js.functionExecutable = 0;
+ callData.js.scope = 0;
+ callData.native.function = 0;
return CallTypeNone;
}
-ConstructType JSCell::getConstructData(JSCell*, ConstructData&)
+ConstructType JSCell::getConstructData(JSCell*, ConstructData& constructData)
{
+ constructData.js.functionExecutable = 0;
+ constructData.js.scope = 0;
+ constructData.native.function = 0;
return ConstructTypeNone;
}
