Changeset 266236 in webkit for trunk/Source/JavaScriptCore

Timestamp:

Aug 27, 2020, 9:41:27 AM (5 years ago)

Author:

[email protected]

Message:

JSClassRef should work with JS class syntax.
​https://bugs.webkit.org/show_bug.cgi?id=215047

Reviewed by Darin Adler.

This is done by checking if value returned by the
callAsConstructor parameter to JSObjectMakeConstructor returns an
object allocated as the jsClass parameter. When that happens we
replace the prototype of the returned object with the prototype of
the new.target. Ideally we would have passed the derived classes
constructor from the beginning of our support for JS subclassing
but at this point that's probably not compatible with too many
applications.

• API/APICallbackFunction.h:

(JSC::APICallbackFunction::construct):

• API/JSObjectRef.h:
• API/tests/testapi.cpp:

(APIString::APIString):
(TestAPI::markedJSValueArrayAndGC):
(TestAPI::classDefinitionWithJSSubclass):
(testCAPIViaCpp):

• API/tests/testapi.mm:

(testObjectiveCAPI):

Location:

trunk/Source/JavaScriptCore

Files:

• API/APICallbackFunction.h (modified) (3 diffs)
• API/JSObjectRef.h (modified) (2 diffs)
• API/tests/testapi.cpp (modified) (9 diffs)
• API/tests/testapi.mm (modified) (1 diff)
• ChangeLog (modified) (1 diff)

trunk/Source/JavaScriptCore/API/APICallbackFunction.h

@@ -80 +80 @@
     VM& vm = getVM(globalObject);
     auto scope = DECLARE_THROW_SCOPE(vm);
-    JSObject* constructor = callFrame->jsCallee();
+    JSValue callee = callFrame->jsCallee();
+    T* constructor = jsCast<T*>(callFrame->jsCallee());
     JSContextRef ctx = toRef(globalObject);
     JSObjectRef constructorRef = toRef(constructor);
 
-    JSObjectCallAsConstructorCallback callback = jsCast<T*>(constructor)->constructCallback();
+    JSObjectCallAsConstructorCallback callback = constructor->constructCallback();
     if (callback) {
+        JSValue prototype;
+        JSValue newTarget = callFrame->newTarget();
+        // If we are doing a derived class construction get the .prototype property off the new target first so we behave closer to normal JS.
+        if (newTarget != constructor) {
+            prototype = newTarget.get(globalObject, vm.propertyNames->prototype);
+            RETURN_IF_EXCEPTION(scope, { });
+        }
+
         size_t argumentCount = callFrame->argumentCount();
         Vector<JSValueRef, 16> arguments;
@@ -98 +107 @@
             result = callback(ctx, constructorRef, argumentCount, arguments.data(), &exception);
         }
+
         if (exception) {
             throwException(globalObject, scope, toJS(globalObject, exception));
@@ -105 +115 @@
         if (!result)
             return throwVMTypeError(globalObject, scope);
-        return JSValue::encode(toJS(result));
+
+        JSObject* newObject = toJS(result);
+        // This won't trigger proxy traps on newObject's prototype handler but that's probably desirable here anyway.
+        if (newTarget != constructor && newObject->getPrototypeDirect(vm) == constructor->get(globalObject, vm.propertyNames->prototype)) {
+            RETURN_IF_EXCEPTION(scope, { });
+            newObject->setPrototype(vm, globalObject, prototype);
+            RETURN_IF_EXCEPTION(scope, { });
+        }
+
+        return JSValue::encode(newObject);
     }
     
-    return JSValue::encode(toJS(JSObjectMake(ctx, jsCast<JSCallbackConstructor*>(constructor)->classRef(), nullptr)));
+    return JSValue::encode(toJS(JSObjectMake(ctx, jsCast<JSCallbackConstructor*>(callee)->classRef(), nullptr)));
 }
 

trunk/Source/JavaScriptCore/API/JSObjectRef.h

@@ -340 +340 @@
 
 A NULL callback specifies that the default object callback should substitute, except in the case of hasProperty, where it specifies that getProperty should substitute.
+
+It is not possible to use JS subclassing with objects created from a class definition that sets callAsConstructor by default. Subclassing is supported via the JSObjectMakeConstructor function, however.
 */
 typedef struct {
@@ -427 +429 @@
 @param callAsConstructor A JSObjectCallAsConstructorCallback to invoke when your constructor is used in a 'new' expression. Pass NULL to use the default object constructor.
 @result A JSObject that is a constructor. The object's prototype will be the default object prototype.
-@discussion The default object constructor takes no arguments and constructs an object of class jsClass with no private data.
+@discussion The default object constructor takes no arguments and constructs an object of class jsClass with no private data. If the constructor is inherited via JS subclassing and the value returned from callAsConstructor was created with jsClass, then the returned object will have it's prototype overridden to the derived class's prototype.
 */
 JS_EXPORT JSObjectRef JSObjectMakeConstructor(JSContextRef ctx, JSClassRef jsClass, JSObjectCallAsConstructorCallback callAsConstructor);

trunk/Source/JavaScriptCore/API/tests/testapi.cpp

@@ -30 +30 @@
 #include "MarkedJSValueRefArray.h"
 #include <JavaScriptCore/JSContextRefPrivate.h>
+#include <JavaScriptCore/JSObjectRefPrivate.h>
 #include <JavaScriptCore/JavaScript.h>
 #include <wtf/DataLog.h>
@@ -48 +49 @@
     APIString(const char* string)
         : m_string(JSStringCreateWithUTF8CString(string))
+    {
+    }
+
+    APIString(const String& string)
+        : APIString(string.utf8().data())
     {
     }
@@ -144 +150 @@
     void topCallFrameAccess();
     void markedJSValueArrayAndGC();
+    void classDefinitionWithJSSubclass();
+    void proxyReturnedWithJSSubclassing();
 
     int failed() const { return m_failed; }
@@ -163 +171 @@
     bool functionReturnsTrue(const char* functionSource, ArgumentTypes... arguments);
 
+    bool scriptResultIs(ScriptResult, JSValueRef);
+
     // Ways to make sets of interesting things.
     APIVector<JSObjectRef> interestingObjects();
@@ -237 +247 @@
         return false;
     return JSValueIsStrictEqual(context, trueValue, result.value());
+}
+
+bool TestAPI::scriptResultIs(ScriptResult result, JSValueRef value)
+{
+    if (!result)
+        return false;
+    return JSValueIsStrictEqual(context, result.value(), value);
 }
 
@@ -622 +639 @@
 void TestAPI::markedJSValueArrayAndGC()
 {
-    auto testMarkedJSValueArray = [&](unsigned count) {
+    auto testMarkedJSValueArray = [&] (unsigned count) {
         auto* globalObject = toJS(context);
         JSC::JSLockHolder locker(globalObject->vm());
         JSC::MarkedJSValueRefArray values(context, count);
         for (unsigned index = 0; index < count; ++index) {
-            String target = makeString("Prefix", index);
-            auto holder = OpaqueJSString::tryCreate(target);
-            JSValueRef string = JSValueMakeString(context, holder.get());
+            JSValueRef string = JSValueMakeString(context, APIString(makeString("Prefix", index)));
             values[index] = string;
         }
@@ -635 +650 @@
         bool ok = true;
         for (unsigned index = 0; index < count; ++index) {
-            String target = makeString("Prefix", index);
-            auto holder = OpaqueJSString::tryCreate(target);
-            JSValueRef string = JSValueMakeString(context, holder.get());
+            JSValueRef string = JSValueMakeString(context, APIString(makeString("Prefix", index)));
             if (!JSValueIsStrictEqual(context, values[index], string))
                 ok = false;
@@ -645 +658 @@
     testMarkedJSValueArray(4);
     testMarkedJSValueArray(1000);
+}
+
+void TestAPI::classDefinitionWithJSSubclass()
+{
+    const static JSClassDefinition definition = kJSClassDefinitionEmpty;
+    static JSClassRef jsClass = JSClassCreate(&definition);
+
+    auto constructor = [] (JSContextRef ctx, JSObjectRef, size_t, const JSValueRef*, JSValueRef*) -> JSObjectRef {
+        return JSObjectMake(ctx, jsClass, nullptr);
+    };
+
+    JSObjectRef Superclass = JSObjectMakeConstructor(context, jsClass, constructor);
+
+    ScriptResult result = callFunction("(function (Superclass) { class Subclass extends Superclass { method() { return 'value'; } }; return new Subclass(); })", Superclass);
+    check(!!result, "creating a subclass should not throw.");
+    check(JSValueIsObject(context, result.value()), "result of construction should have been an object.");
+    JSObjectRef subclass = const_cast<JSObjectRef>(result.value());
+
+    check(JSObjectHasProperty(context, subclass, APIString("method")), "subclass should have derived classes functions.");
+    check(functionReturnsTrue("(function (subclass, Superclass) { return subclass instanceof Superclass; })", subclass, Superclass), "JS subclass should instanceof the Superclass");
+
+    JSClassRelease(jsClass);
+}
+
+void TestAPI::proxyReturnedWithJSSubclassing()
+{
+    const static JSClassDefinition definition = kJSClassDefinitionEmpty;
+    static JSClassRef jsClass = JSClassCreate(&definition);
+    static TestAPI& test = *this;
+
+    auto constructor = [] (JSContextRef ctx, JSObjectRef, size_t, const JSValueRef*, JSValueRef*) -> JSObjectRef {
+        ScriptResult result = test.callFunction("(function (object) { return new Proxy(object, { getPrototypeOf: () => { globalThis.triggeredProxy = true; return object.__proto__; }}); })", JSObjectMake(ctx, jsClass, nullptr));
+        test.check(!!result, "creating a proxy should not throw");
+        test.check(JSValueIsObject(ctx, result.value()), "result of proxy creation should have been an object.");
+        return const_cast<JSObjectRef>(result.value());
+    };
+
+    JSObjectRef Superclass = JSObjectMakeConstructor(context, jsClass, constructor);
+
+    ScriptResult result = callFunction("(function (Superclass) { class Subclass extends Superclass { method() { return 'value'; } }; return new Subclass(); })", Superclass);
+    check(!!result, "creating a subclass should not throw.");
+    check(JSValueIsObject(context, result.value()), "result of construction should have been an object.");
+    JSObjectRef subclass = const_cast<JSObjectRef>(result.value());
+
+    check(scriptResultIs(evaluateScript("globalThis.triggeredProxy"), JSValueMakeUndefined(context)), "creating a subclass should not have triggered the proxy");
+    check(functionReturnsTrue("(function (subclass, Superclass) { return subclass.__proto__ == Superclass.prototype; })", subclass, Superclass), "proxy's prototype should match Superclass.prototype");
 }
 
@@ -687 +746 @@
     RUN(promiseEarlyHandledRejections());
     RUN(markedJSValueArrayAndGC());
+    RUN(classDefinitionWithJSSubclass());
+    RUN(proxyReturnedWithJSSubclassing());
 
     if (tasks.isEmpty()) {

trunk/Source/JavaScriptCore/API/tests/testapi.mm

@@ -2860 +2860 @@
     RUN(parallelPromiseResolveTest());
 
-    testObjectiveCAPIMain();
+    if (!filter)
+        testObjectiveCAPIMain();
 }
 

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2020-08-27  Keith Miller  <[email protected]>
+
+        JSClassRef should work with JS class syntax.
+        https://bugs.webkit.org/show_bug.cgi?id=215047
+
+        Reviewed by Darin Adler.
+
+        This is done by checking if value returned by the
+        callAsConstructor parameter to JSObjectMakeConstructor returns an
+        object allocated as the jsClass parameter. When that happens we
+        replace the prototype of the returned object with the prototype of
+        the new.target. Ideally we would have passed the derived classes
+        constructor from the beginning of our support for JS subclassing
+        but at this point that's probably not compatible with too many
+        applications.
+
+        * API/APICallbackFunction.h:
+        (JSC::APICallbackFunction::construct):
+        * API/JSObjectRef.h:
+        * API/tests/testapi.cpp:
+        (APIString::APIString):
+        (TestAPI::markedJSValueArrayAndGC):
+        (TestAPI::classDefinitionWithJSSubclass):
+        (testCAPIViaCpp):
+        * API/tests/testapi.mm:
+        (testObjectiveCAPI):
+
 2020-08-26  Alexey Shvayka  <[email protected]>