Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (198434 => 198435)
--- trunk/Source/_javascript_Core/ChangeLog 2016-03-18 18:37:12 UTC (rev 198434)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-03-18 18:42:53 UTC (rev 198435)
@@ -1,3 +1,36 @@
+2016-03-18 Keith Miller <[email protected]>
+
+ DataView should use an accessor for its length and buffer properties
+ https://bugs.webkit.org/show_bug.cgi?id=155625
+
+ Reviewed by Michael Saboff.
+
+ The DataView object should use an accessor on DataView.prototype for its
+ byteLength, byteOffset, and buffer properties. This patch also, moves the
+ buffer property off the TypedArray object itself and onto the prototype
+ along with the other accessors. Since the .buffer property is no longer on
+ the object, JSArrayBufferView no longer needs to intercept accesses to
+ properties. Finally, this patch also fixes the length property on all the
+ existing DataView.prototype functions.
+
+ * runtime/JSArrayBufferView.cpp:
+ (JSC::JSArrayBufferView::getOwnPropertySlot): Deleted.
+ (JSC::JSArrayBufferView::put): Deleted.
+ (JSC::JSArrayBufferView::defineOwnProperty): Deleted.
+ (JSC::JSArrayBufferView::deleteProperty): Deleted.
+ (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): Deleted.
+ * runtime/JSArrayBufferView.h:
+ (JSC::JSArrayBufferView::jsBuffer):
+ * runtime/JSDataViewPrototype.cpp:
+ (JSC::dataViewProtoGetterBuffer):
+ (JSC::dataViewProtoGetterByteLength):
+ (JSC::dataViewProtoGetterByteOffset):
+ * runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
+ (JSC::genericTypedArrayViewProtoGetterFuncBuffer):
+ * runtime/JSTypedArrayViewPrototype.cpp:
+ (JSC::typedArrayViewProtoGetterFuncBuffer):
+ (JSC::JSTypedArrayViewPrototype::finishCreation):
+
2016-03-18 Csaba Osztrogonác <[email protected]>
Unreviewed speculative cloop buildfix after r198364.
Modified: trunk/Source/_javascript_Core/runtime/JSArrayBufferView.cpp (198434 => 198435)
--- trunk/Source/_javascript_Core/runtime/JSArrayBufferView.cpp 2016-03-18 18:37:12 UTC (rev 198434)
+++ trunk/Source/_javascript_Core/runtime/JSArrayBufferView.cpp 2016-03-18 18:42:53 UTC (rev 198435)
@@ -136,21 +136,6 @@
RELEASE_ASSERT_NOT_REACHED();
}
-bool JSArrayBufferView::getOwnPropertySlot(
- JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
-{
- JSArrayBufferView* thisObject = jsCast<JSArrayBufferView*>(object);
-
- if (propertyName == exec->propertyNames().buffer) {
- slot.setValue(
- thisObject, DontDelete | ReadOnly, exec->vm().m_typedArrayController->toJS(
- exec, thisObject->globalObject(), thisObject->buffer()));
- return true;
- }
-
- return Base::getOwnPropertySlot(thisObject, exec, propertyName, slot);
-}
-
void JSArrayBufferView::visitChildren(JSCell* cell, SlotVisitor& visitor)
{
JSArrayBufferView* thisObject = jsCast<JSArrayBufferView*>(cell);
@@ -172,46 +157,10 @@
if (UNLIKELY(isThisValueAltered(slot, thisObject)))
return ordinarySetSlow(exec, thisObject, propertyName, value, slot.thisValue(), slot.isStrictMode());
-
- if (propertyName == exec->propertyNames().buffer)
- return reject(exec, slot.isStrictMode(), "Attempting to write to read-only typed array property.");
return Base::put(thisObject, exec, propertyName, value, slot);
}
-
-bool JSArrayBufferView::defineOwnProperty(
- JSObject* object, ExecState* exec, PropertyName propertyName,
- const PropertyDescriptor& descriptor, bool shouldThrow)
-{
- JSArrayBufferView* thisObject = jsCast<JSArrayBufferView*>(object);
- if (propertyName == exec->propertyNames().buffer)
- return reject(exec, shouldThrow, "Attempting to define read-only typed array property.");
- return Base::defineOwnProperty(thisObject, exec, propertyName, descriptor, shouldThrow);
-}
-
-bool JSArrayBufferView::deleteProperty(
- JSCell* cell, ExecState* exec, PropertyName propertyName)
-{
- JSArrayBufferView* thisObject = jsCast<JSArrayBufferView*>(cell);
- if (propertyName == exec->propertyNames().buffer)
- return false;
-
- return Base::deleteProperty(thisObject, exec, propertyName);
-}
-
-void JSArrayBufferView::getOwnNonIndexPropertyNames(
- JSObject* object, ExecState* exec, PropertyNameArray& array, EnumerationMode mode)
-{
- JSArrayBufferView* thisObject = jsCast<JSArrayBufferView*>(object);
-
- if (mode.includeDontEnumProperties())
- array.add(exec->propertyNames().buffer);
-
-
- Base::getOwnNonIndexPropertyNames(thisObject, exec, array, mode);
-}
-
void JSArrayBufferView::finalize(JSCell* cell)
{
JSArrayBufferView* thisObject = static_cast<JSArrayBufferView*>(cell);
Modified: trunk/Source/_javascript_Core/runtime/JSArrayBufferView.h (198434 => 198435)
--- trunk/Source/_javascript_Core/runtime/JSArrayBufferView.h 2016-03-18 18:37:12 UTC (rev 198434)
+++ trunk/Source/_javascript_Core/runtime/JSArrayBufferView.h 2016-03-18 18:42:53 UTC (rev 198435)
@@ -93,8 +93,6 @@
class JSArrayBufferView : public JSNonFinalObject {
public:
typedef JSNonFinalObject Base;
- static const unsigned StructureFlags = Base::StructureFlags | OverridesGetPropertyNames | OverridesGetOwnPropertySlot;
-
static const unsigned fastSizeLimit = 1000;
static size_t sizeOf(uint32_t length, uint32_t elementSize)
@@ -146,20 +144,16 @@
JS_EXPORT_PRIVATE JSArrayBufferView(VM&, ConstructionContext&);
JS_EXPORT_PRIVATE void finishCreation(VM&);
- static bool getOwnPropertySlot(JSObject*, ExecState*, PropertyName, PropertySlot&);
static bool put(JSCell*, ExecState*, PropertyName, JSValue, PutPropertySlot&);
- static bool defineOwnProperty(JSObject*, ExecState*, PropertyName, const PropertyDescriptor&, bool shouldThrow);
- static bool deleteProperty(JSCell*, ExecState*, PropertyName);
static void visitChildren(JSCell*, SlotVisitor&);
- static void getOwnNonIndexPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
-
public:
TypedArrayMode mode() const { return m_mode; }
bool hasArrayBuffer() const { return JSC::hasArrayBuffer(mode()); }
ArrayBuffer* buffer();
+ JSArrayBuffer* jsBuffer(ExecState* exec) { return exec->vm().m_typedArrayController->toJS(exec, globalObject(), buffer()); }
PassRefPtr<ArrayBufferView> impl();
bool isNeutered() { return hasArrayBuffer() && !vector(); }
void neuter();
Modified: trunk/Source/_javascript_Core/runtime/JSDataViewPrototype.cpp (198434 => 198435)
--- trunk/Source/_javascript_Core/runtime/JSDataViewPrototype.cpp 2016-03-18 18:37:12 UTC (rev 198434)
+++ trunk/Source/_javascript_Core/runtime/JSDataViewPrototype.cpp 2016-03-18 18:42:53 UTC (rev 198435)
@@ -27,6 +27,7 @@
#include "JSDataViewPrototype.h"
#include "Error.h"
+#include "JSArrayBuffer.h"
#include "JSDataView.h"
#include "Lookup.h"
#include "JSCInlines.h"
@@ -38,22 +39,25 @@
/* Source for JSDataViewPrototype.lut.h
@begin dataViewTable
- getInt8 dataViewProtoFuncGetInt8 DontEnum|Function 0
- getUint8 dataViewProtoFuncGetUint8 DontEnum|Function 0
- getInt16 dataViewProtoFuncGetInt16 DontEnum|Function 0
- getUint16 dataViewProtoFuncGetUint16 DontEnum|Function 0
- getInt32 dataViewProtoFuncGetInt32 DontEnum|Function 0
- getUint32 dataViewProtoFuncGetUint32 DontEnum|Function 0
- getFloat32 dataViewProtoFuncGetFloat32 DontEnum|Function 0
- getFloat64 dataViewProtoFuncGetFloat64 DontEnum|Function 0
- setInt8 dataViewProtoFuncSetInt8 DontEnum|Function 0
- setUint8 dataViewProtoFuncSetUint8 DontEnum|Function 0
- setInt16 dataViewProtoFuncSetInt16 DontEnum|Function 0
- setUint16 dataViewProtoFuncSetUint16 DontEnum|Function 0
- setInt32 dataViewProtoFuncSetInt32 DontEnum|Function 0
- setUint32 dataViewProtoFuncSetUint32 DontEnum|Function 0
- setFloat32 dataViewProtoFuncSetFloat32 DontEnum|Function 0
- setFloat64 dataViewProtoFuncSetFloat64 DontEnum|Function 0
+ getInt8 dataViewProtoFuncGetInt8 DontEnum|Function 1
+ getUint8 dataViewProtoFuncGetUint8 DontEnum|Function 1
+ getInt16 dataViewProtoFuncGetInt16 DontEnum|Function 1
+ getUint16 dataViewProtoFuncGetUint16 DontEnum|Function 1
+ getInt32 dataViewProtoFuncGetInt32 DontEnum|Function 1
+ getUint32 dataViewProtoFuncGetUint32 DontEnum|Function 1
+ getFloat32 dataViewProtoFuncGetFloat32 DontEnum|Function 1
+ getFloat64 dataViewProtoFuncGetFloat64 DontEnum|Function 1
+ setInt8 dataViewProtoFuncSetInt8 DontEnum|Function 2
+ setUint8 dataViewProtoFuncSetUint8 DontEnum|Function 2
+ setInt16 dataViewProtoFuncSetInt16 DontEnum|Function 2
+ setUint16 dataViewProtoFuncSetUint16 DontEnum|Function 2
+ setInt32 dataViewProtoFuncSetInt32 DontEnum|Function 2
+ setUint32 dataViewProtoFuncSetUint32 DontEnum|Function 2
+ setFloat32 dataViewProtoFuncSetFloat32 DontEnum|Function 2
+ setFloat64 dataViewProtoFuncSetFloat64 DontEnum|Function 2
+ buffer dataViewProtoGetterBuffer DontEnum|Accessor 0
+ byteLength dataViewProtoGetterByteLength DontEnum|Accessor 0
+ byteOffset dataViewProtoGetterByteOffset DontEnum|Accessor 0
@end
*/
@@ -73,6 +77,9 @@
EncodedJSValue JSC_HOST_CALL dataViewProtoFuncSetUint32(ExecState*);
EncodedJSValue JSC_HOST_CALL dataViewProtoFuncSetFloat32(ExecState*);
EncodedJSValue JSC_HOST_CALL dataViewProtoFuncSetFloat64(ExecState*);
+EncodedJSValue JSC_HOST_CALL dataViewProtoGetterBuffer(ExecState*);
+EncodedJSValue JSC_HOST_CALL dataViewProtoGetterByteLength(ExecState*);
+EncodedJSValue JSC_HOST_CALL dataViewProtoGetterByteOffset(ExecState*);
}
@@ -219,6 +226,33 @@
#pragma clang diagnostic ignored "-Wmissing-prototypes"
#endif
+EncodedJSValue JSC_HOST_CALL dataViewProtoGetterBuffer(ExecState* exec)
+{
+ JSDataView* view = jsDynamicCast<JSDataView*>(exec->thisValue());
+ if (!view)
+ return throwVMTypeError(exec, "DataView.prototype.buffer expects |this| to be a DataView object");
+
+ return JSValue::encode(view->jsBuffer(exec));
+}
+
+EncodedJSValue JSC_HOST_CALL dataViewProtoGetterByteLength(ExecState* exec)
+{
+ JSDataView* view = jsDynamicCast<JSDataView*>(exec->thisValue());
+ if (!view)
+ return throwVMTypeError(exec, "DataView.prototype.buffer expects |this| to be a DataView object");
+
+ return JSValue::encode(jsNumber(view->length()));
+}
+
+EncodedJSValue JSC_HOST_CALL dataViewProtoGetterByteOffset(ExecState* exec)
+{
+ JSDataView* view = jsDynamicCast<JSDataView*>(exec->thisValue());
+ if (!view)
+ return throwVMTypeError(exec, "DataView.prototype.buffer expects |this| to be a DataView object");
+
+ return JSValue::encode(jsNumber(view->byteOffset()));
+}
+
EncodedJSValue JSC_HOST_CALL dataViewProtoFuncGetInt8(ExecState* exec)
{
return getData<Int8Adaptor>(exec);
Modified: trunk/Source/_javascript_Core/runtime/JSGenericTypedArrayViewPrototypeFunctions.h (198434 => 198435)
--- trunk/Source/_javascript_Core/runtime/JSGenericTypedArrayViewPrototypeFunctions.h 2016-03-18 18:37:12 UTC (rev 198434)
+++ trunk/Source/_javascript_Core/runtime/JSGenericTypedArrayViewPrototypeFunctions.h 2016-03-18 18:42:53 UTC (rev 198435)
@@ -320,6 +320,15 @@
}
template<typename ViewClass>
+EncodedJSValue JSC_HOST_CALL genericTypedArrayViewProtoGetterFuncBuffer(ExecState* exec)
+{
+ // 22.2.3.3
+ ViewClass* thisObject = jsCast<ViewClass*>(exec->thisValue());
+
+ return JSValue::encode(thisObject->jsBuffer(exec));
+}
+
+template<typename ViewClass>
EncodedJSValue JSC_HOST_CALL genericTypedArrayViewProtoGetterFuncLength(ExecState* exec)
{
// 22.2.3.17
Modified: trunk/Source/_javascript_Core/runtime/JSTypedArrayViewPrototype.cpp (198434 => 198435)
--- trunk/Source/_javascript_Core/runtime/JSTypedArrayViewPrototype.cpp 2016-03-18 18:37:12 UTC (rev 198434)
+++ trunk/Source/_javascript_Core/runtime/JSTypedArrayViewPrototype.cpp 2016-03-18 18:42:53 UTC (rev 198435)
@@ -152,6 +152,14 @@
CALL_GENERIC_TYPEDARRAY_PROTOTYPE_FUNCTION(genericTypedArrayViewProtoFuncKeys);
}
+static EncodedJSValue JSC_HOST_CALL typedArrayViewProtoGetterFuncBuffer(ExecState* exec)
+{
+ JSValue thisValue = exec->thisValue();
+ if (!thisValue.isObject())
+ return throwVMError(exec, createTypeError(exec, "Receiver should be a typed array view but was not an object"));
+ CALL_GENERIC_TYPEDARRAY_PROTOTYPE_FUNCTION(genericTypedArrayViewProtoGetterFuncBuffer);
+}
+
static EncodedJSValue JSC_HOST_CALL typedArrayViewProtoGetterFuncLength(ExecState* exec)
{
JSValue thisValue = exec->thisValue();
@@ -255,6 +263,7 @@
ASSERT(inherits(info()));
+ JSC_NATIVE_GETTER(vm.propertyNames->buffer, typedArrayViewProtoGetterFuncBuffer, DontEnum | ReadOnly | DontDelete);
JSC_NATIVE_INTRINSIC_GETTER(vm.propertyNames->byteLength, typedArrayViewProtoGetterFuncByteLength, DontEnum | ReadOnly | DontDelete, TypedArrayByteLengthIntrinsic);
JSC_NATIVE_INTRINSIC_GETTER(vm.propertyNames->byteOffset, typedArrayViewProtoGetterFuncByteOffset, DontEnum | ReadOnly | DontDelete, TypedArrayByteOffsetIntrinsic);
JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION("copyWithin", typedArrayViewProtoFuncCopyWithin, DontEnum, 2);
Added: trunk/Source/_javascript_Core/tests/stress/dataview-prototype-accessors.js (0 => 198435)
--- trunk/Source/_javascript_Core/tests/stress/dataview-prototype-accessors.js (rev 0)
+++ trunk/Source/_javascript_Core/tests/stress/dataview-prototype-accessors.js 2016-03-18 18:42:53 UTC (rev 198435)
@@ -0,0 +1,24 @@
+{
+ let buffer = new ArrayBuffer(10);
+ let view = new DataView(buffer);
+
+ if (view.byteOffset !== 0)
+ throw "byteoffest should be 0";
+
+ if (view.byteLength !== 10)
+ throw "byteLength should be 0"
+
+ if (view.buffer !== buffer)
+ throw "buffer should be the incomming buffer"
+
+ view = new DataView(buffer, 1, 1)
+
+ if (view.byteOffset !== 1)
+ throw "byteoffest should be 0";
+
+ if (view.byteLength !== 1)
+ throw "byteLength should be 0"
+
+ if (view.buffer !== buffer)
+ throw "buffer should be the incomming buffer"
+}
