-
barraclough@apple.com authored
Global strict mode function leaking global object as "this". Reviewed by Oliver Hunt. Source/JavaScriptCore: The root problem here is that we pass the wrong values into calls, and then try to fix them up in the callee. Correct behaviour per the spec is to pass in the value undefined, as this unless either (1) the function call is based on an explicit property access or (2) the base of the call comes directly from a 'with'. This change does away with the need for this conversion of objects (non strict code should only box primitives), and does away with all this conversion for strict functions. This patch may have web compatibility ramifications, and may require some advocacy. * bytecode/CodeBlock.cpp: (JSC::CodeBlock::dump): - Removed op_convert_this_strict, added op_resolve_with_this. * bytecode/Opcode.h: - Removed op_convert_this_strict, added op_resolve_with_this. * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::BytecodeGenerator): (JSC::BytecodeGenerator::emitResolveWithThis): - Removed op_convert_this_strict, added op_resolve_with_this. * bytecompiler/BytecodeGenerator.h: - Removed op_convert_this_strict, added op_resolve_with_this. * bytecompiler/NodesCodegen.cpp: (JSC::EvalFunctionCallNode::emitBytecode): (JSC::FunctionCallResolveNode::emitBytecode): - Removed op_convert_this_strict, added op_resolve_with_this. * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compile): - Change NeedsThisConversion check to test for JSString's vptr (objects no longer need conversion). * interpreter/Interpreter.cpp: (JSC::Interpreter::resolveThisAndProperty): - Based on resolveBaseAndProperty, but produce correct this value. (JSC::Interpreter::privateExecute): - Removed op_convert_this_strict, added op_resolve_with_this. * interpreter/Interpreter.h: * jit/JIT.cpp: (JSC::JIT::privateCompileMainPass): (JSC::JIT::privateCompileSlowCases): - Removed op_convert_this_strict, added op_resolve_with_this. * jit/JIT.h: * jit/JITOpcodes.cpp: (JSC::JIT::emit_op_resolve_with_this): - Removed op_convert_this_strict, added op_resolve_with_this. (JSC::JIT::emit_op_convert_this): (JSC::JIT::emitSlow_op_convert_this): - Change NeedsThisConversion check to test for JSString's vptr (objects no longer need conversion). * jit/JITOpcodes32_64.cpp: (JSC::JIT::emit_op_resolve_with_this): - Removed op_convert_this_strict, added op_resolve_with_this. (JSC::JIT::emit_op_convert_this): (JSC::JIT::emitSlow_op_convert_this): - Change NeedsThisConversion check to test for JSString's vptr (objects no longer need conversion). * jit/JITStubs.cpp: (JSC::DEFINE_STUB_FUNCTION): - Removed op_convert_this_strict, added op_resolve_with_this. * jit/JITStubs.h: - Removed op_convert_this_strict, added op_resolve_with_this. * runtime/JSActivation.h: - removed NeedsThisConversion flag, added IsEnvironmentRecord. * runtime/JSStaticScopeObject.h: - removed NeedsThisConversion flag, added IsEnvironmentRecord. * runtime/JSString.h: (JSC::RopeBuilder::createStructure): - removed NeedsThisConversion. * runtime/JSTypeInfo.h: (JSC::TypeInfo::isEnvironmentRecord): (JSC::TypeInfo::overridesHasInstance): - removed NeedsThisConversion flag, added IsEnvironmentRecord. * runtime/JSValue.h: - removed NeedsThisConversion. * runtime/JSVariableObject.h: - Corrected StructureFlags inheritance. * runtime/StrictEvalActivation.h: (JSC::StrictEvalActivation::createStructure): - Added IsEnvironmentRecord to StructureFlags, addded createStructure. * runtime/Structure.h: - removed NeedsThisConversion. * tests/mozilla/ecma/String/15.5.4.6-2.js: (getTestCases): - Removed invalid test case. Source/WebCore: * bindings/js/JSMainThreadExecState.h: (WebCore::JSMainThreadExecState::call): * bindings/scripts/CodeGeneratorJS.pm: (GenerateHeader): - Change call to pass DOM Window shell, instead of the global varaible object. Source/WebKit/mac: * Plugins/Hosted/NetscapePluginInstanceProxy.mm: (WebKit::NetscapePluginInstanceProxy::invoke): (WebKit::NetscapePluginInstanceProxy::invokeDefault): - Change call to pass DOM Window shell, instead of the global varaible object. Source/WebKit2: * WebProcess/Plugins/Netscape/NPJSObject.cpp: (WebKit::NPJSObject::invoke): - Change call to pass DOM Window shell, instead of the global varaible object. LayoutTests: Add test case / update test results. * fast/js/call-base-resolution-expected.txt: Added. * fast/js/call-base-resolution.html: Added. - Add test for ES5 correct this value resolution in calls. * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.10_String.prototype.match/S15.5.4.10_A1_T3-expected.txt: * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.12_String.prototype.search/S15.5.4.12_A1_T3-expected.txt: * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.13_String.prototype.slice/S15.5.4.13_A1_T3-expected.txt: * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.14_String.prototype.split/S15.5.4.14_A1_T3-expected.txt: * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.15_String.prototype.substring/S15.5.4.15_A1_T3-expected.txt: * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.4_String.prototype.charAt/S15.5.4.4_A1_T3-expected.txt: * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.5_String.prototype.charCodeAt/S15.5.4.5_A1_T3-expected.txt: * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.6_String.prototype.concat/S15.5.4.6_A1_T3-expected.txt: * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.7_String.prototype.indexOf/S15.5.4.7_A1_T3-expected.txt: * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.8_String.prototype.lastIndexOf/S15.5.4.8_A1_T3-expected.txt: - Check in failing results for these tests - these tests were asserting incorrect behaviour, and have since been fixed in test-262, see https://bugs.ecmascript.org/show_bug.cgi?id=117 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@91095 268f45cc-cd09-0410-ab3c-d52691b4dbfc
19afeced