Created
April 1, 2017 22:36
-
-
Save daeken/357f16c16aed879560953fe4fd694a8d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ------------------------------------------------------------------------ | |
| r209424 | mark.lam@apple.com | 2016-12-06 22:43:16 +0000 (Tue, 06 Dec 2016) | 107 lines | |
| Changed paths: | |
| M /trunk/JSTests/ChangeLog | |
| M /trunk/JSTests/stress/get-from-scope-dynamic-onto-proxy.js | |
| D /trunk/JSTests/stress/proxy-dont-infinite-loop.js | |
| D /trunk/JSTests/stress/proxy-json-path.js | |
| D /trunk/JSTests/stress/rest-parameter-allocation-elimination-watchpoints-6.js | |
| M /trunk/LayoutTests/ChangeLog | |
| M /trunk/LayoutTests/TestExpectations | |
| M /trunk/LayoutTests/http/tests/security/window-named-valueOf-expected.txt | |
| M /trunk/LayoutTests/js/dom/proxy-is-not-allowed-in-global-prototype-chain-expected.txt | |
| M /trunk/LayoutTests/js/dom/proxy-is-not-allowed-in-global-prototype-chain.html | |
| A /trunk/LayoutTests/js/prototype-assignment-expected.txt | |
| A /trunk/LayoutTests/js/prototype-assignment.html | |
| A /trunk/LayoutTests/js/script-tests/prototype-assignment.js | |
| M /trunk/LayoutTests/js/setPrototypeOf-expected.txt | |
| M /trunk/Source/JavaScriptCore/ChangeLog | |
| M /trunk/Source/JavaScriptCore/runtime/JSObject.cpp | |
| M /trunk/Source/JavaScriptCore/runtime/JSTypeInfo.h | |
| M /trunk/Source/JavaScriptCore/runtime/ObjectConstructor.cpp | |
| M /trunk/Source/JavaScriptCore/runtime/ObjectPrototype.h | |
| M /trunk/Source/JavaScriptCore/runtime/Structure.h | |
| M /trunk/Source/WebCore/ChangeLog | |
| M /trunk/Source/WebCore/bindings/js/JSDOMWindowProperties.h | |
| M /trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm | |
| M /trunk/Source/WebCore/bindings/scripts/IDLAttributes.txt | |
| M /trunk/Source/WebCore/dom/EventTarget.idl | |
| M /trunk/Source/WebCore/page/DOMWindow.idl | |
| Introduce the concept of Immutable Prototype Exotic Objects to comply with the spec. | |
| https://bugs.webkit.org/show_bug.cgi?id=165227 | |
| <rdar://problem/29442665> | |
| Reviewed by Saam Barati. | |
| JSTests: | |
| * stress/get-from-scope-dynamic-onto-proxy.js: | |
| - Updated error message. | |
| * stress/proxy-dont-infinite-loop.js: Removed. | |
| * stress/proxy-json-path.js: Removed. | |
| * stress/rest-parameter-allocation-elimination-watchpoints-6.js: Removed. | |
| - Removed these tests because the issue they are testing relies on being able to | |
| set Object.prototype.__proto__ to something else (which is now not possible). | |
| Source/JavaScriptCore: | |
| * runtime/JSObject.cpp: | |
| (JSC::JSObject::setPrototypeWithCycleCheck): | |
| - This is where we check for immutable prototype exotic objects and refuse to set | |
| the prototype if needed. | |
| See https://tc39.github.io/ecma262/#sec-immutable-prototype-exotic-objects. | |
| * runtime/JSTypeInfo.h: | |
| (JSC::TypeInfo::isImmutablePrototypeExoticObject): | |
| * runtime/Structure.h: | |
| - Add flag for declaring immutable prototype exotic objects. | |
| * runtime/ObjectPrototype.h: | |
| - Declare that Object.prototype is an immutable prototype exotic object. | |
| See https://tc39.github.io/ecma262/#sec-properties-of-the-object-prototype-object. | |
| * runtime/ObjectConstructor.cpp: | |
| (JSC::objectConstructorSetPrototypeOf): | |
| - Use better error messages. | |
| Source/WebCore: | |
| Make all objects in window.__proto__'s prototype chain immutable prototype exotic | |
| objects. This gives us roughly equivalent behavior to other browsers. | |
| Firefox's behavior differ slightly in that Firefox will fail any attempted | |
| assignment their __proto__, while the immutable prototype exotic objects will | |
| only fail if the assignment is of a different value. See | |
| https://tc39.github.io/ecma262/#sec-immutable-prototype-exotic-objects. | |
| Chrome differs in that assignment to window.__proto__ is also handled like an | |
| immutable prototype exotic object. Instead we adhere to the current HTML spec | |
| that says that the assignment should fail unconditionally. See | |
| https://html.spec.whatwg.org/#the-windowproxy-exotic-object and | |
| https://html.spec.whatwg.org/#windowproxy-setprototypeof. | |
| If the HTML spec is changed to make the WindowProxy and Location objects into | |
| immutable prototype exotic objects later, we can update to match the spec then. | |
| Test: js/prototype-assignment.html | |
| * bindings/js/JSDOMWindowProperties.h: | |
| * bindings/scripts/CodeGeneratorJS.pm: | |
| (GenerateHeader): | |
| (GeneratePrototypeDeclaration): | |
| * bindings/scripts/IDLAttributes.txt: | |
| * dom/EventTarget.idl: | |
| * page/DOMWindow.idl: | |
| LayoutTests: | |
| The new prototype-assignment.js test is currently only enabled for LLInt only | |
| run in the JSC tests until webkit.org/b/165401 is fixed. | |
| * TestExpectations: | |
| - Skip js/prototype-assignment.html for now until webkit.org/b/165401 is fixed. | |
| * http/tests/security/window-named-valueOf-expected.txt: | |
| * js/dom/proxy-is-not-allowed-in-global-prototype-chain-expected.txt: | |
| * js/dom/proxy-is-not-allowed-in-global-prototype-chain.html: | |
| - Updated error messages. | |
| * js/prototype-assignment-expected.txt: Added. | |
| * js/prototype-assignment.html: Added. | |
| * js/script-tests/prototype-assignment.js: Added. | |
| (else): | |
| (reportError): | |
| (shouldEqual): | |
| (shouldThrow): | |
| (stringify): | |
| (makeTestID): | |
| (doInternalSetPrototypeOf): | |
| (ordinarySetPrototypeOf): | |
| (setImmutablePrototype): | |
| (windowProxySetPrototypeOf): | |
| (initSetterExpectation): | |
| (throwIfNoExceptionPending): | |
| (objectSetPrototypeOf): | |
| (setUnderscoreProto): | |
| (reflectSetPrototypeOf): | |
| (newObjectProto.toString): | |
| (this.testObject.targets.push.value): | |
| (this.testProxy.targets.push.setPrototypeOf): | |
| (Symbol): | |
| (test): | |
| (runTests): | |
| * js/setPrototypeOf-expected.txt: | |
| ------------------------------------------------------------------------ | |
| ------------------------------------------------------------------------ | |
| r209149 | mark.lam@apple.com | 2016-11-30 21:13:42 +0000 (Wed, 30 Nov 2016) | 17 lines | |
| Changed paths: | |
| M /trunk/LayoutTests/ChangeLog | |
| A /trunk/LayoutTests/js/dom/proxy-is-not-allowed-in-global-prototype-chain-expected.txt | |
| A /trunk/LayoutTests/js/dom/proxy-is-not-allowed-in-global-prototype-chain.html | |
| M /trunk/Source/JavaScriptCore/ChangeLog | |
| M /trunk/Source/JavaScriptCore/runtime/ProgramExecutable.cpp | |
| Proxy is not allowed in the global prototype chain. | |
| https://bugs.webkit.org/show_bug.cgi?id=165205 | |
| Reviewed by Geoffrey Garen. | |
| Source/JavaScriptCore: | |
| * runtime/ProgramExecutable.cpp: | |
| (JSC::ProgramExecutable::initializeGlobalProperties): | |
| - We'll now throw a TypeError if we detect a Proxy in the global prototype chain. | |
| LayoutTests: | |
| * js/dom/proxy-is-not-allowed-in-global-prototype-chain-expected.txt: Added. | |
| * js/dom/proxy-is-not-allowed-in-global-prototype-chain.html: Added. | |
| ------------------------------------------------------------------------ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment