-
barraclough@apple.com authored
https://bugs.webkit.org/show_bug.cgi?id=78409 Reviewed by Oliver Hunt. Re-implement this as a regular accessor property. This has three key benefits: 1) It makes it possible for objects to be given properties named __proto__. 2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed. 3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property. Source/JavaScriptCore: * parser/Parser.cpp: (JSC::::parseFunctionInfo): - No need to prohibit functions named __proto__. * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): - Add __proto__ accessor to Object.prototype. * runtime/JSGlobalObjectFunctions.cpp: (JSC::globalFuncProtoGetter): (JSC::globalFuncProtoSetter): - Definition of the __proto__ accessor functions. * runtime/JSGlobalObjectFunctions.h: - Declaration of the __proto__ accessor functions. * runtime/JSObject.cpp: (JSC::JSObject::put): - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__. (JSC::JSObject::putDirectAccessor): - Track on the structure whether an object contains accessors other than one for __proto__. (JSC::JSObject::defineOwnProperty): - No need to prohibit definition of own properties named __proto__. * runtime/JSObject.h: (JSC::JSObject::inlineGetOwnPropertySlot): - Remove the special handling for __proto__. (JSC::JSValue::get): - Remove the special handling for __proto__. * runtime/JSString.cpp: (JSC::JSString::getOwnPropertySlot): - Remove the special handling for __proto__. * runtime/JSValue.h: (JSValue): - Made synthesizePrototype public (this may be needed by the __proto__ getter). * runtime/ObjectConstructor.cpp: (JSC::objectConstructorGetPrototypeOf): - Perform the security check & call prototype() directly. * runtime/Structure.cpp: (JSC::Structure::Structure): - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state. * runtime/Structure.h: (JSC::Structure::hasGetterSetterPropertiesExcludingProto): (JSC::Structure::setHasGetterSetterProperties): (Structure): - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state. Source/WebCore: * bindings/js/JSDOMWindowBase.cpp: (WebCore::JSDOMWindowBase::allowsAccessFrom): (WebCore): - expose allowsAccessFrom check to JSC. * bindings/js/JSDOMWindowBase.h: (JSDOMWindowBase): - expose allowsAccessFrom check to JSC. LayoutTests: * fast/js/Object-getOwnPropertyNames-expected.txt: * fast/js/cyclic-prototypes-expected.txt: * fast/js/parser-syntax-check-expected.txt: * fast/js/preventExtensions-expected.txt: * fast/js/prototypes-expected.txt: - Update results * fast/js/script-tests/Object-getOwnPropertyNames.js: - __proto__ is now a property of Object Prototype. * fast/js/script-tests/cyclic-prototypes.js: - setting an object's prototype to null removes __proto__ setter, future usage won't set prototype. * fast/js/script-tests/parser-syntax-check.js: - Allow functions named __proto__ * fast/js/script-tests/preventExtensions.js: - Setting __proto__ should not throw. * fast/js/script-tests/prototypes.js: - Objects may contained own properties named __proto__, add new test cases. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@107498 268f45cc-cd09-0410-ab3c-d52691b4dbfc
1b59d1e9