Ignore:
Timestamp:
Apr 27, 2021, 1:56:19 PM (4 years ago)
Author:
Alexey Shvayka
Message:

[JSC] Remove defaultValue() from the method table
https://bugs.webkit.org/show_bug.cgi?id=225032

Reviewed by Darin Adler.

Source/JavaScriptCore:

This patch not only removes the unnecessary method table entry, but also makes
the presence of custom ToPrimitive behavior observable to userland code.

To maintain object identity and (possibly) enable caching, Symbol.toPrimitive
method is stored on a structure. To avoid any potential breakage, it's made
replaceable and configurable, covering the case when its holder is a ProxyTarget.

For JSCallbackObject, Symbol.toPrimitive method is created only if ConvertToType
callback is present, before initialization is performed.

Also, this change adds additional ordinaryToPrimitive() cast to fix the invariant
that toPrimitive() returns a primitive value, which was broken if ConvertToType
callback returned an object. The invariant is enforced by the spec [1][2] and is
validated via assertion in JSValue::toStringSlowCase().

[1]: https://tc39.es/ecma262/#sec-toprimitive (step 2.b.vi)
[2]: https://tc39.es/ecma262/#sec-ordinarytoprimitive (step 6)

  • API/JSCallbackObject.h:
  • API/JSCallbackObjectFunctions.h:

(JSC::JSCallbackObject<Parent>::init):
(JSC::JSCallbackObject<Parent>::customToPrimitive):
(JSC::JSCallbackObject<Parent>::defaultValue): Deleted.

  • API/tests/testapiScripts/testapi.js:
  • runtime/ClassInfo.h:
  • runtime/JSCell.cpp:

(JSC::JSCell::defaultValue): Deleted.

  • runtime/JSCell.h:
  • runtime/JSObject.cpp:

(JSC::JSObject::toPrimitive const):
(JSC::JSObject::defaultValue): Deleted.

  • runtime/JSObject.h:
  • runtime/Operations.cpp:

(JSC::jsAddSlowCase):

Source/WebCore:

Test: platform/mac/fast/dom/objc-wrapper-toprimitive.html

  • bindings/js/JSPluginElementFunctions.cpp:

(WebCore::pluginElementCustomGetOwnPropertySlot):

  • bridge/objc/objc_runtime.h:
  • bridge/objc/objc_runtime.mm:

(JSC::Bindings::ObjcFallbackObjectImp::finishCreation):
(JSC::Bindings::ObjcFallbackObjectImp::getOwnPropertySlot):
(JSC::Bindings::JSC_DEFINE_HOST_FUNCTION):
(JSC::Bindings::ObjcFallbackObjectImp::defaultValue): Deleted.

  • bridge/runtime_object.cpp:

(JSC::Bindings::RuntimeObject::finishCreation):
(JSC::Bindings::RuntimeObject::getOwnPropertySlot):
(JSC::Bindings::JSC_DEFINE_HOST_FUNCTION):
(JSC::Bindings::RuntimeObject::defaultValue): Deleted.

  • bridge/runtime_object.h:

LayoutTests:

  • platform/mac/fast/dom/objc-wrapper-toprimitive-expected.txt: Added.
  • platform/mac/fast/dom/objc-wrapper-toprimitive.html: Added.
  • platform/wk2/TestExpectations:
  • plugins/npruntime/tostring-expected.txt:
  • plugins/npruntime/tostring.html:
  • plugins/npruntime/valueof-expected.txt:
  • plugins/npruntime/valueof.html:
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/runtime/Operations.cpp

    r266223 r276660  
    3535NEVER_INLINE JSValue jsAddSlowCase(JSGlobalObject* globalObject, JSValue v1, JSValue v2)
    3636{
    37     // exception for the Date exception in defaultValue()
    3837    VM& vm = globalObject->vm();
    3938    auto scope = DECLARE_THROW_SCOPE(vm);
Note: See TracChangeset for help on using the changeset viewer.