Changeset 266236 in webkit for trunk/Source/JavaScriptCore/API/APICallbackFunction.h

Timestamp:

Aug 27, 2020, 9:41:27 AM (5 years ago)

Author:

[email protected]

Message:

JSClassRef should work with JS class syntax.
​https://bugs.webkit.org/show_bug.cgi?id=215047

Reviewed by Darin Adler.

This is done by checking if value returned by the
callAsConstructor parameter to JSObjectMakeConstructor returns an
object allocated as the jsClass parameter. When that happens we
replace the prototype of the returned object with the prototype of
the new.target. Ideally we would have passed the derived classes
constructor from the beginning of our support for JS subclassing
but at this point that's probably not compatible with too many
applications.

• API/APICallbackFunction.h:

(JSC::APICallbackFunction::construct):

• API/JSObjectRef.h:
• API/tests/testapi.cpp:

(APIString::APIString):
(TestAPI::markedJSValueArrayAndGC):
(TestAPI::classDefinitionWithJSSubclass):
(testCAPIViaCpp):

• API/tests/testapi.mm:

(testObjectiveCAPI):

File:

• trunk/Source/JavaScriptCore/API/APICallbackFunction.h (modified) (3 diffs)

trunk/Source/JavaScriptCore/API/APICallbackFunction.h

@@ -80 +80 @@
     VM& vm = getVM(globalObject);
     auto scope = DECLARE_THROW_SCOPE(vm);
-    JSObject* constructor = callFrame->jsCallee();
+    JSValue callee = callFrame->jsCallee();
+    T* constructor = jsCast<T*>(callFrame->jsCallee());
     JSContextRef ctx = toRef(globalObject);
     JSObjectRef constructorRef = toRef(constructor);
 
-    JSObjectCallAsConstructorCallback callback = jsCast<T*>(constructor)->constructCallback();
+    JSObjectCallAsConstructorCallback callback = constructor->constructCallback();
     if (callback) {
+        JSValue prototype;
+        JSValue newTarget = callFrame->newTarget();
+        // If we are doing a derived class construction get the .prototype property off the new target first so we behave closer to normal JS.
+        if (newTarget != constructor) {
+            prototype = newTarget.get(globalObject, vm.propertyNames->prototype);
+            RETURN_IF_EXCEPTION(scope, { });
+        }
+
         size_t argumentCount = callFrame->argumentCount();
         Vector<JSValueRef, 16> arguments;
@@ -98 +107 @@
             result = callback(ctx, constructorRef, argumentCount, arguments.data(), &exception);
         }
+
         if (exception) {
             throwException(globalObject, scope, toJS(globalObject, exception));
@@ -105 +115 @@
         if (!result)
             return throwVMTypeError(globalObject, scope);
-        return JSValue::encode(toJS(result));
+
+        JSObject* newObject = toJS(result);
+        // This won't trigger proxy traps on newObject's prototype handler but that's probably desirable here anyway.
+        if (newTarget != constructor && newObject->getPrototypeDirect(vm) == constructor->get(globalObject, vm.propertyNames->prototype)) {
+            RETURN_IF_EXCEPTION(scope, { });
+            newObject->setPrototype(vm, globalObject, prototype);
+            RETURN_IF_EXCEPTION(scope, { });
+        }
+
+        return JSValue::encode(newObject);
     }
     
-    return JSValue::encode(toJS(JSObjectMake(ctx, jsCast<JSCallbackConstructor*>(constructor)->classRef(), nullptr)));
+    return JSValue::encode(toJS(JSObjectMake(ctx, jsCast<JSCallbackConstructor*>(callee)->classRef(), nullptr)));
 }