• barraclough@apple.com's avatar
    putByIndex should throw in strict mode · b1db28d8
    barraclough@apple.com authored
    https://bugs.webkit.org/show_bug.cgi?id=80335
    
    Reviewed by Filip Pizlo.
    
    Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter.
    
    Source/JavaScriptCore: 
    
    This is a largely mechanical change, simply adding an extra parameter to a number
    of functions. Some call sites need perform additional exception checks, and
    operationPutByValBeyondArrayBounds needs to know whether it is strict or not.
    
    This patch doesn't fix a missing throw from some cases of shift/unshift (this is
    an existing bug), I'll follow up with a third patch to handle that.
    
    * API/JSObjectRef.cpp:
    (JSObjectSetPropertyAtIndex):
    * JSCTypedArrayStubs.h:
    (JSC):
    * dfg/DFGOperations.cpp:
    (JSC::DFG::putByVal):
    * dfg/DFGOperations.h:
    * dfg/DFGSpeculativeJIT32_64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGSpeculativeJIT64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * interpreter/Interpreter.cpp:
    (JSC::Interpreter::privateExecute):
    * jit/JITStubs.cpp:
    (JSC::DEFINE_STUB_FUNCTION):
    * jsc.cpp:
    (GlobalObject::finishCreation):
    * llint/LLIntSlowPaths.cpp:
    (JSC::LLInt::LLINT_SLOW_PATH_DECL):
    * runtime/Arguments.cpp:
    (JSC::Arguments::putByIndex):
    * runtime/Arguments.h:
    (Arguments):
    * runtime/ArrayPrototype.cpp:
    (JSC::arrayProtoFuncPush):
    (JSC::arrayProtoFuncReverse):
    (JSC::arrayProtoFuncShift):
    (JSC::arrayProtoFuncSort):
    (JSC::arrayProtoFuncSplice):
    (JSC::arrayProtoFuncUnShift):
    * runtime/ClassInfo.h:
    (MethodTable):
    * runtime/JSArray.cpp:
    (JSC::SparseArrayValueMap::put):
    (JSC::JSArray::put):
    (JSC::JSArray::putByIndex):
    (JSC::JSArray::putByIndexBeyondVectorLength):
    (JSC::JSArray::push):
    (JSC::JSArray::shiftCount):
    (JSC::JSArray::unshiftCount):
    * runtime/JSArray.h:
    (SparseArrayValueMap):
    (JSArray):
    * runtime/JSByteArray.cpp:
    (JSC::JSByteArray::putByIndex):
    * runtime/JSByteArray.h:
    (JSByteArray):
    * runtime/JSCell.cpp:
    (JSC::JSCell::putByIndex):
    * runtime/JSCell.h:
    (JSCell):
    * runtime/JSNotAnObject.cpp:
    (JSC::JSNotAnObject::putByIndex):
    * runtime/JSNotAnObject.h:
    (JSNotAnObject):
    * runtime/JSONObject.cpp:
    (JSC::Walker::walk):
    * runtime/JSObject.cpp:
    (JSC::JSObject::putByIndex):
    * runtime/JSObject.h:
    (JSC::JSValue::putByIndex):
    * runtime/RegExpConstructor.cpp:
    (JSC::RegExpMatchesArray::fillArrayInstance):
    * runtime/RegExpMatchesArray.h:
    (JSC::RegExpMatchesArray::putByIndex):
    * runtime/StringPrototype.cpp:
    (JSC::stringProtoFuncSplit):
    
    Source/WebCore: 
    
    * bindings/js/SerializedScriptValue.cpp:
    (WebCore::CloneDeserializer::putProperty):
    * bindings/objc/WebScriptObject.mm:
    (-[WebScriptObject setWebScriptValueAtIndex:value:]):
    * bindings/scripts/CodeGeneratorJS.pm:
    (GenerateHeader):
    (GenerateImplementation):
    * bridge/NP_jsobject.cpp:
    (_NPN_SetProperty):
    * bridge/jni/jni_jsobject.mm:
    (JavaJSObject::setSlot):
    * bridge/runtime_array.cpp:
    (JSC::RuntimeArray::putByIndex):
    * bridge/runtime_array.h:
    (RuntimeArray):
    
    Source/WebKit/mac: 
    
    * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
    (WebKit::NetscapePluginInstanceProxy::setProperty):
    
    Source/WebKit2: 
    
    * WebProcess/Plugins/Netscape/NPJSObject.cpp:
    (WebKit::NPJSObject::setProperty):
    
    LayoutTests: 
    
    * fast/js/Object-defineProperty-expected.txt:
    * fast/js/mozilla/strict/15.4.4.12-expected.txt:
    * fast/js/mozilla/strict/15.4.4.13-expected.txt:
    * fast/js/mozilla/strict/15.4.4.8-expected.txt:
    * fast/js/mozilla/strict/15.4.4.9-expected.txt:
    * fast/js/mozilla/strict/15.5.5.2-expected.txt:
    * fast/js/mozilla/strict/8.12.5-expected.txt:
    * fast/js/preventExtensions-expected.txt:
    * fast/js/primitive-property-access-edge-cases-expected.txt:
        - Checking in passing test results.
    * fast/js/script-tests/Object-defineProperty.js:
        - Added test cases for putting to numeric properties where property is read-only,
          length is read-only, or property is accessor with missing set function.
    * fast/js/script-tests/preventExtensions.js:
        - Added test case, putting numeric property to non-extensible array.
    * fast/js/script-tests/primitive-property-access-edge-cases.js:
        - Enabled test cases for putting numeric properties to primitive strings.
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@109866 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    b1db28d8
JSArray.cpp 74.6 KB