Changeset 31746 in webkit for trunk/JavaScriptCore/kjs

Timestamp:

Apr 8, 2008, 7:17:49 PM (17 years ago)

Author:

[email protected]

Message:

JavaScriptCore:

2008-04-04 Sam Weinig <​[email protected]>

Reviewed by Geoffrey Garen.

First step in implementing the "split window"

• Add a GlobalThisValue to ExecState which should be used in places that used to implement the "use the global object as this if null" rule.
• Factor out lookupGetter/lookupSetter into virtual methods on JSObject so that they can be forwarded.
• Make defineGetter/defineSetter virtual methods for the same reason.
• Have PrototypeReflexiveFunction store the globalObject used to create it so that it can be used to get the correct thisObject for eval.

• API/JSObjectRef.cpp: (JSObjectCallAsFunction):
• JavaScriptCore.exp:
• kjs/Activation.h:
• kjs/ExecState.cpp: (KJS::ExecState::ExecState): (KJS::GlobalExecState::GlobalExecState):
• kjs/ExecState.h: (KJS::ExecState::globalThisValue):
• kjs/ExecStateInlines.h: (KJS::ExecState::ExecState): (KJS::FunctionExecState::FunctionExecState):
• kjs/JSGlobalObject.cpp: (KJS::JSGlobalObject::reset): (KJS::JSGlobalObject::toGlobalObject):
• kjs/JSGlobalObject.h: (KJS::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): (KJS::JSGlobalObject::JSGlobalObject):
• kjs/array_instance.cpp: (KJS::CompareWithCompareFunctionArguments::CompareWithCompareFunctionArguments): (KJS::compareWithCompareFunctionForQSort):
• kjs/array_object.cpp: (KJS::arrayProtoFuncSort): (KJS::arrayProtoFuncFilter): (KJS::arrayProtoFuncMap): (KJS::arrayProtoFuncEvery): (KJS::arrayProtoFuncForEach): (KJS::arrayProtoFuncSome):
• kjs/function.cpp: (KJS::FunctionImp::callAsFunction): (KJS::ActivationImp::toThisObject): (KJS::globalFuncEval): (KJS::PrototypeReflexiveFunction::PrototypeReflexiveFunction): (KJS::PrototypeReflexiveFunction::mark):
• kjs/function.h: (KJS::PrototypeReflexiveFunction::cachedGlobalObject):
• kjs/function_object.cpp: (KJS::functionProtoFuncApply): (KJS::functionProtoFuncCall):
• kjs/nodes.cpp: (KJS::ExpressionNode::resolveAndCall): (KJS::FunctionCallValueNode::evaluate): (KJS::LocalVarFunctionCallNode::inlineEvaluate): (KJS::ScopedVarFunctionCallNode::inlineEvaluate): (KJS::FunctionCallBracketNode::evaluate): (KJS::FunctionCallDotNode::inlineEvaluate):
• kjs/object.cpp: (KJS::JSObject::call): (KJS::JSObject::put): (KJS::tryGetAndCallProperty): (KJS::JSObject::lookupGetter): (KJS::JSObject::lookupSetter): (KJS::JSObject::toThisObject): (KJS::JSObject::toGlobalObject): (KJS::JSObject::fillGetterPropertySlot):
• kjs/object.h:
• kjs/object_object.cpp: (KJS::objectProtoFuncLookupGetter): (KJS::objectProtoFuncLookupSetter):
• kjs/string_object.cpp: (KJS::replace):

WebCore:

2008-04-04 Sam Weinig <​[email protected]>

Reviewed by Geoffrey Garen.

First step in implementing the "split window"

• This patch takes the first step in changing the window navigation model from clearing the window properties on navigation, to replacing an inner window. This is necessary to safely perform security checks using the lexical global object.

This first step adds a new class called JSDOMWindowWrapper, which wraps
the real window object. All JS calls that would go to the window object
now go to it, which it forwards to the current inner window. To accomplish
this, the wrapper window is used as the ThisValue wherever the window was used
before.

• WebCore.base.exp:
• WebCore.xcodeproj/project.pbxproj:
• bindings/js/JSDOMWindowBase.cpp: (WebCore::JSDOMWindowBase::JSDOMWindowBase): (WebCore::JSDOMWindowBase::clear): Reset the wrapper windows prototype too. (WebCore::JSDOMWindowBase::toThisObject): (WebCore::JSDOMWindowBase::wrapper): (WebCore::windowProtoFuncAToB): (WebCore::windowProtoFuncBToA): (WebCore::windowProtoFuncOpen): (WebCore::windowProtoFuncSetTimeout): (WebCore::windowProtoFuncClearTimeout): (WebCore::windowProtoFuncSetInterval): (WebCore::windowProtoFuncAddEventListener): (WebCore::windowProtoFuncRemoveEventListener): (WebCore::windowProtoFuncShowModalDialog): (WebCore::windowProtoFuncNotImplemented): (WebCore::toJS):
• bindings/js/JSDOMWindowBase.h: Fix to expect the wrapper as the thisObj.
• bindings/js/JSDOMWindowCustom.cpp: (WebCore::JSDOMWindow::postMessage): (WebCore::toDOMWindow):
• bindings/js/JSDOMWindowWrapper.cpp: Added. (WebCore::): (WebCore::JSDOMWindowWrapper::JSDOMWindowWrapper): (WebCore::JSDOMWindowWrapper::~JSDOMWindowWrapper): (WebCore::JSDOMWindowWrapper::mark): (WebCore::JSDOMWindowWrapper::className): (WebCore::JSDOMWindowWrapper::getOwnPropertySlot): (WebCore::JSDOMWindowWrapper::put): (WebCore::JSDOMWindowWrapper::deleteProperty): (WebCore::JSDOMWindowWrapper::getPropertyNames): (WebCore::JSDOMWindowWrapper::getPropertyAttributes): (WebCore::JSDOMWindowWrapper::defineGetter): (WebCore::JSDOMWindowWrapper::defineSetter): (WebCore::JSDOMWindowWrapper::lookupGetter): (WebCore::JSDOMWindowWrapper::lookupSetter): (WebCore::JSDOMWindowWrapper::toGlobalObject): (WebCore::JSDOMWindowWrapper::impl): (WebCore::JSDOMWindowWrapper::disconnectFrame): (WebCore::JSDOMWindowWrapper::clear): (WebCore::toJS):
• bindings/js/JSDOMWindowWrapper.h: Added. (WebCore::JSDOMWindowWrapper::innerWindow): (WebCore::JSDOMWindowWrapper::setInnerWindow): (WebCore::JSDOMWindowWrapper::classInfo): Forward methods to the innerWindow.
• bindings/js/JSHTMLDocumentCustom.cpp: (WebCore::JSHTMLDocument::open):
• bindings/js/ScheduledAction.cpp: (WebCore::ScheduledAction::execute):
• bindings/js/kjs_events.cpp: (WebCore::JSAbstractEventListener::handleEvent):
• bindings/js/kjs_proxy.cpp: (WebCore::KJSProxy::~KJSProxy): (WebCore::KJSProxy::evaluate): (WebCore::KJSProxy::clear): (WebCore::KJSProxy::initScript): (WebCore::KJSProxy::clearDocumentWrapper): (WebCore::KJSProxy::processingUserGesture): (WebCore::KJSProxy::attachDebugger):
• bindings/js/kjs_proxy.h: (WebCore::KJSProxy::haveWindowWrapper): (WebCore::KJSProxy::windowWrapper): (WebCore::KJSProxy::globalObject): (WebCore::KJSProxy::initScriptIfNeeded): Hold onto the wrapper window instead of global object. As a convenience, keep the globalObject() as a forward to the inner window.
• bindings/objc/DOMUtility.mm: (KJS::createDOMWrapper):
• bindings/scripts/CodeGeneratorJS.pm:
• dom/Document.cpp: (WebCore::Document::domWindow):
• dom/Document.h: (WebCore::Document::defaultView):
• loader/FrameLoader.cpp: (WebCore::FrameLoader::dispatchWindowObjectAvailable):
• page/DOMWindow.idl:
• page/Frame.cpp: (WebCore::Frame::~Frame): (WebCore::Frame::pageDestroyed):

Location:

trunk/JavaScriptCore/kjs

Files:

• Activation.h (modified) (1 diff)
• ExecState.cpp (modified) (5 diffs)
• ExecState.h (modified) (5 diffs)
• ExecStateInlines.h (modified) (3 diffs)
• JSGlobalObject.cpp (modified) (2 diffs)
• JSGlobalObject.h (modified) (4 diffs)
• array_instance.cpp (modified) (4 diffs)
• array_object.cpp (modified) (6 diffs)
• function.cpp (modified) (6 diffs)
• function.h (modified) (1 diff)
• function_object.cpp (modified) (2 diffs)
• nodes.cpp (modified) (7 diffs)
• object.cpp (modified) (6 diffs)
• object.h (modified) (2 diffs)
• object_object.cpp (modified) (1 diff)
• string_object.cpp (modified) (2 diffs)

trunk/JavaScriptCore/kjs/Activation.h

@@ -67 +67 @@
         static const ClassInfo info;
 
+        virtual JSObject* toThisObject(ExecState*) const;
+
         virtual void mark();
         void markChildren();

trunk/JavaScriptCore/kjs/ExecState.cpp

@@ -43 +43 @@
 
 // The constructor for the globalExec pseudo-ExecState
-inline ExecState::ExecState(JSGlobalObject* globalObject)
+inline ExecState::ExecState(JSGlobalObject* globalObject, JSObject* thisObject)
     : m_globalObject(globalObject)
     , m_exception(0)
@@ -56 +56 @@
     , m_inlineScopeChainNode(0, 0)
     , m_variableObject(globalObject)
-    , m_thisValue(globalObject)
+    , m_thisValue(thisObject)
+    , m_globalThisValue(thisObject)
     , m_iterationDepth(0)
     , m_switchDepth(0) 
@@ -78 +79 @@
     , m_variableObject(globalObject)
     , m_thisValue(thisObject)
+    , m_globalThisValue(thisObject)
     , m_iterationDepth(0)
     , m_switchDepth(0) 
@@ -101 +103 @@
     , m_variableObject(variableObject)
     , m_thisValue(thisObject)
+    , m_globalThisValue(thisObject)
     , m_iterationDepth(0)
     , m_switchDepth(0) 
@@ -116 +119 @@
 }
 
-GlobalExecState::GlobalExecState(JSGlobalObject* globalObject)
-    : ExecState(globalObject)
+GlobalExecState::GlobalExecState(JSGlobalObject* globalObject, JSObject* thisObject)
+    : ExecState(globalObject, thisObject)
 {
 }

trunk/JavaScriptCore/kjs/ExecState.h

@@ -74 +74 @@
         
         JSObject* thisValue() const { return m_thisValue; }
+        JSObject* globalThisValue() const { return m_globalThisValue; }
         
         ExecState* callingExecState() { return m_callingExec; }
@@ -165 +166 @@
 
     protected:
-        ExecState(JSGlobalObject*);
+        ExecState(JSGlobalObject*, JSObject* thisObject);
         ExecState(JSGlobalObject*, JSObject* thisObject, ProgramNode*);
         ExecState(JSGlobalObject*, JSObject* thisObject, EvalNode*, ExecState* callingExecState, const ScopeChain&, JSVariableObject*);
-        ExecState(JSGlobalObject*, JSObject* thisObject, FunctionBodyNode*, ExecState* callingExecState, FunctionImp*, const List& args);
+        ExecState(JSGlobalObject*, JSObject* thisObject, JSObject* globalThisValue, FunctionBodyNode*, ExecState* callingExecState, FunctionImp*, const List& args);
         ~ExecState();
 
@@ -191 +192 @@
         ScopeChainNode m_inlineScopeChainNode;
         JSVariableObject* m_variableObject;
+
         JSObject* m_thisValue;
+        JSObject* m_globalThisValue;
         
         LabelStack m_labelStack;
@@ -204 +207 @@
     class GlobalExecState : public ExecState {
     public:
-        GlobalExecState(JSGlobalObject*);
+        GlobalExecState(JSGlobalObject*, JSObject* thisObject);
         ~GlobalExecState();
     };
@@ -222 +225 @@
     class FunctionExecState : public ExecState {
     public:
-        FunctionExecState(JSGlobalObject*, JSObject* thisObject, FunctionBodyNode*,
+        FunctionExecState(JSGlobalObject*, JSObject* thisObject, JSObject* globalThisValue, FunctionBodyNode*,
             ExecState* callingExecState, FunctionImp*, const List& args);
         ~FunctionExecState();

trunk/JavaScriptCore/kjs/ExecStateInlines.h

@@ -31 +31 @@
 namespace KJS  {
 
-    inline ExecState::ExecState(JSGlobalObject* globalObject, JSObject* thisObject, 
+    inline ExecState::ExecState(JSGlobalObject* globalObject, JSObject* thisObject, JSObject* globalThisValue,
                                 FunctionBodyNode* functionBodyNode, ExecState* callingExec,
                                 FunctionImp* func, const List& args)
@@ -45 +45 @@
         , m_inlineScopeChainNode(0, 0)
         , m_thisValue(thisObject)
+        , m_globalThisValue(globalThisValue)
         , m_iterationDepth(0)
         , m_switchDepth(0) 
@@ -69 +70 @@
     }
 
-    inline FunctionExecState::FunctionExecState(JSGlobalObject* globalObject, JSObject* thisObject, 
+    inline FunctionExecState::FunctionExecState(JSGlobalObject* globalObject, JSObject* thisObject, JSObject* globalThisValue,
                                                 FunctionBodyNode* functionBodyNode, ExecState* callingExec,
                                                 FunctionImp* func, const List& args)
-        : ExecState(globalObject, thisObject, functionBodyNode, callingExec, func, args)
+        : ExecState(globalObject, thisObject, globalThisValue, functionBodyNode, callingExec, func, args)
     {
         m_globalObject->activeExecStates().append(this);

trunk/JavaScriptCore/kjs/JSGlobalObject.cpp

@@ -328 +328 @@
     // Set global functions.
 
-    d()->evalFunction = new PrototypeReflexiveFunction(exec, d()->functionPrototype, 1, exec->propertyNames().eval, globalFuncEval);
+    d()->evalFunction = new PrototypeReflexiveFunction(exec, d()->functionPrototype, 1, exec->propertyNames().eval, globalFuncEval, this);
     putDirectFunction(d()->evalFunction, DontEnum);
     putDirectFunction(new PrototypeFunction(exec, d()->functionPrototype, 2, "parseInt", globalFuncParseInt), DontEnum);
@@ -535 +535 @@
 }
 
+JSGlobalObject* JSGlobalObject::toGlobalObject(ExecState*) const
+{
+    return const_cast<JSGlobalObject*>(this);
+}
+
 ExecState* JSGlobalObject::globalExec()
 {

trunk/JavaScriptCore/kjs/JSGlobalObject.h

@@ -77 +77 @@
 
         struct JSGlobalObjectData : public JSVariableObjectData {
-            JSGlobalObjectData(JSGlobalObject* globalObject)
+            JSGlobalObjectData(JSGlobalObject* globalObject, JSObject* thisValue)
                 : JSVariableObjectData(&inlineSymbolTable)
-                , globalExec(globalObject)
+                , globalExec(globalObject, thisValue)
             {
             }
@@ -142 +142 @@
     public:
         JSGlobalObject()
-            : JSVariableObject(new JSGlobalObjectData(this))
+            : JSVariableObject(new JSGlobalObjectData(this, this))
         {
             init();
@@ -148 +148 @@
 
     protected:
-        JSGlobalObject(JSValue* proto)
-            : JSVariableObject(proto, new JSGlobalObjectData(this))
+        JSGlobalObject(JSValue* proto, JSObject* globalThisValue)
+            : JSVariableObject(proto, new JSGlobalObjectData(this, globalThisValue))
         {
             init();
@@ -226 +226 @@
 
         virtual bool isGlobalObject() const { return true; }
+        virtual JSGlobalObject* toGlobalObject(ExecState*) const;
 
         virtual ExecState* globalExec();

trunk/JavaScriptCore/kjs/array_instance.cpp

@@ -24 +24 @@
 #include "array_instance.h"
 
-#include "JSGlobalObject.h"
 #include "PropertyNameArray.h"
 #include <wtf/Assertions.h>
@@ -490 +489 @@
         : exec(e)
         , compareFunction(cf)
-        , globalObject(e->dynamicGlobalObject())
+        , globalThisValue(e->globalThisValue())
     {
     }
@@ -497 +496 @@
     JSObject *compareFunction;
     List arguments;
-    JSGlobalObject* globalObject;
+    JSObject* globalThisValue;
 };
 
@@ -514 +513 @@
     args->arguments.append(va);
     args->arguments.append(vb);
-    double compareResult = args->compareFunction->call
-        (args->exec, args->globalObject, args->arguments)->toNumber(args->exec);
+    double compareResult = args->compareFunction->call(args->exec, args->globalThisValue, args->arguments)->toNumber(args->exec);
     return compareResult < 0 ? -1 : compareResult > 0 ? 1 : 0;
 }

trunk/JavaScriptCore/kjs/array_object.cpp

@@ -405 +405 @@
                 l.append(jObj);
                 l.append(minObj);
-                compareResult = sortFunction->call(exec, exec->dynamicGlobalObject(), l)->toNumber(exec);
+                compareResult = sortFunction->call(exec, exec->globalThisValue(), l)->toNumber(exec);
             } else
                 compareResult = (jObj->toString(exec) < minObj->toString(exec)) ? -1 : 1;
@@ -503 +503 @@
         return throwError(exec, TypeError);
 
-    JSObject* applyThis = args[1]->isUndefinedOrNull() ? exec->dynamicGlobalObject() :  args[1]->toObject(exec);
+    JSObject* applyThis = args[1]->isUndefinedOrNull() ? exec->globalThisValue() :  args[1]->toObject(exec);
     JSObject* resultArray = static_cast<JSObject*>(exec->lexicalGlobalObject()->arrayConstructor()->construct(exec, exec->emptyList()));
 
@@ -536 +536 @@
         return throwError(exec, TypeError);
 
-    JSObject* applyThis = args[1]->isUndefinedOrNull() ? exec->dynamicGlobalObject() :  args[1]->toObject(exec);
+    JSObject* applyThis = args[1]->isUndefinedOrNull() ? exec->globalThisValue() :  args[1]->toObject(exec);
 
     unsigned length = thisObj->get(exec, exec->propertyNames().length)->toUInt32(exec);
@@ -576 +576 @@
         return throwError(exec, TypeError);
 
-    JSObject* applyThis = args[1]->isUndefinedOrNull() ? exec->dynamicGlobalObject() :  args[1]->toObject(exec);
+    JSObject* applyThis = args[1]->isUndefinedOrNull() ? exec->globalThisValue() :  args[1]->toObject(exec);
 
     JSValue* result = jsBoolean(true);
@@ -611 +611 @@
         return throwError(exec, TypeError);
 
-    JSObject* applyThis = args[1]->isUndefinedOrNull() ? exec->dynamicGlobalObject() :  args[1]->toObject(exec);
+    JSObject* applyThis = args[1]->isUndefinedOrNull() ? exec->globalThisValue() :  args[1]->toObject(exec);
 
     unsigned length = thisObj->get(exec, exec->propertyNames().length)->toUInt32(exec);
@@ -636 +636 @@
         return throwError(exec, TypeError);
 
-    JSObject* applyThis = args[1]->isUndefinedOrNull() ? exec->dynamicGlobalObject() :  args[1]->toObject(exec);
+    JSObject* applyThis = args[1]->isUndefinedOrNull() ? exec->globalThisValue() :  args[1]->toObject(exec);
 
     JSValue* result = jsBoolean(false);

trunk/JavaScriptCore/kjs/function.cpp

@@ -74 +74 @@
 JSValue* FunctionImp::callAsFunction(ExecState* exec, JSObject* thisObj, const List& args)
 {
-    FunctionExecState newExec(exec->dynamicGlobalObject(), thisObj, body.get(), exec, this, args);
+    FunctionExecState newExec(exec->dynamicGlobalObject(), thisObj, exec->globalThisValue(), body.get(), exec, this, args);
     JSValue* result = body->execute(&newExec);
     if (newExec.completionType() == ReturnValue)
@@ -465 +465 @@
     // call instead of storing the list ourselves.
     d()->argumentsObject = new Arguments(exec, d()->exec->function(), *d()->exec->arguments(), this);
+}
+
+JSObject* ActivationImp::toThisObject(ExecState* exec) const
+{
+    return exec->globalThisValue();
 }
 
@@ -739 +744 @@
 JSValue* globalFuncEval(ExecState* exec, PrototypeReflexiveFunction* function, JSObject* thisObj, const List& args)
 {
-    JSGlobalObject* globalObject = thisObj->isGlobalObject() ? static_cast<JSGlobalObject*>(thisObj) : 0;
+    JSGlobalObject* globalObject = thisObj->toGlobalObject(exec);
 
     if (!globalObject || globalObject->evalFunction() != function)
@@ -745 +750 @@
 
     ScopeChain scopeChain(globalObject);
-    return eval(exec, scopeChain, globalObject, globalObject, globalObject, args);
+    return eval(exec, scopeChain, globalObject, globalObject, function->cachedGlobalObject()->toThisObject(exec), args);
 }
 
@@ -891 +896 @@
 // ------------------------------ PrototypeReflexiveFunction -------------------------------
 
-PrototypeReflexiveFunction::PrototypeReflexiveFunction(ExecState* exec, FunctionPrototype* functionPrototype, int len, const Identifier& name, JSMemberFunction function)
+PrototypeReflexiveFunction::PrototypeReflexiveFunction(ExecState* exec, FunctionPrototype* functionPrototype, int len, const Identifier& name, JSMemberFunction function, JSGlobalObject* cachedGlobalObject)
     : InternalFunctionImp(functionPrototype, name)
     , m_function(function)
+    , m_cachedGlobalObject(cachedGlobalObject)
 {
     ASSERT_ARG(function, function);
+    ASSERT_ARG(cachedGlobalObject, cachedGlobalObject);
     putDirect(exec->propertyNames().length, jsNumber(len), DontDelete | ReadOnly | DontEnum);
 }
@@ -904 +911 @@
 }
 
+void PrototypeReflexiveFunction::mark()
+{
+    InternalFunctionImp::mark();
+    if (!m_cachedGlobalObject->marked())
+        m_cachedGlobalObject->mark();
+}
+
 } // namespace KJS

trunk/JavaScriptCore/kjs/function.h

@@ -143 +143 @@
     typedef JSValue* (*JSMemberFunction)(ExecState*, PrototypeReflexiveFunction*, JSObject* thisObj, const List&);
 
-    PrototypeReflexiveFunction(ExecState*, FunctionPrototype*, int len, const Identifier&, JSMemberFunction);
+    PrototypeReflexiveFunction(ExecState*, FunctionPrototype*, int len, const Identifier&, JSMemberFunction, JSGlobalObject* expectedThisObject);
 
+    virtual void mark();
     virtual JSValue* callAsFunction(ExecState* exec, JSObject* thisObj, const List&);
+
+    JSGlobalObject* cachedGlobalObject() const { return m_cachedGlobalObject; }
 
   private:
     const JSMemberFunction m_function;
+    JSGlobalObject* m_cachedGlobalObject;
   };
 

trunk/JavaScriptCore/kjs/function_object.cpp

@@ -87 +87 @@
     JSObject* applyThis;
     if (thisArg->isUndefinedOrNull())
-        applyThis = exec->dynamicGlobalObject();
+        applyThis = exec->globalThisValue();
     else
         applyThis = thisArg->toObject(exec);
@@ -117 +117 @@
     JSObject* callThis;
     if (thisArg->isUndefinedOrNull())
-        callThis = exec->dynamicGlobalObject();
+        callThis = exec->globalThisValue();
     else
         callThis = thisArg->toObject(exec);

trunk/JavaScriptCore/kjs/nodes.cpp

@@ -1123 +1123 @@
             KJS_CHECKEXCEPTIONVALUE
 
-            JSObject* thisObj = base;
-            // ECMA 11.2.3 says that in this situation the this value should be null.
-            // However, section 10.2.3 says that in the case where the value provided
-            // by the caller is null, the global object should be used. It also says
-            // that the section does not apply to internal functions, but for simplicity
-            // of implementation we use the global object anyway here. This guarantees
-            // that in host objects you always get a valid object for this.
-            if (thisObj->isActivationObject())
-                thisObj = exec->dynamicGlobalObject();
-
             if (callerType == EvalOperator) {
                 if (base == exec->lexicalGlobalObject() && func == exec->lexicalGlobalObject()->evalFunction()) {
@@ -1139 +1129 @@
                 }
             }
+
+            JSObject* thisObj = base->toThisObject(exec);
             return func->call(exec, thisObj, argList);
         }
@@ -1183 +1175 @@
     KJS_CHECKEXCEPTIONVALUE
 
-    JSObject* thisObj =  exec->dynamicGlobalObject();
-
+    JSObject* thisObj = exec->globalThisValue();
     return func->call(exec, thisObj, argList);
 }
@@ -1267 +1258 @@
     KJS_CHECKEXCEPTIONVALUE
 
-    return func->call(exec, exec->dynamicGlobalObject(), argList);
+    JSObject* thisObj = exec->globalThisValue();
+    return func->call(exec, thisObj, argList);
 }
 
@@ -1319 +1311 @@
     m_args->evaluateList(exec, argList);
     KJS_CHECKEXCEPTIONVALUE
-    
-    return func->call(exec, exec->dynamicGlobalObject(), argList);
+
+    JSObject* thisObj = exec->globalThisValue();
+    return func->call(exec, thisObj, argList);
 }
 
@@ -1449 +1442 @@
     ASSERT(!thisObj->isActivationObject());
 
+    // No need to call toThisObject() on the thisObj as it is known not to be the GlobalObject or ActivationObject
     return func->call(exec, thisObj, argList);
 }
@@ -1498 +1492 @@
     ASSERT(!thisObj->isActivationObject());
 
+    // No need to call toThisObject() on the thisObj as it is known not to be the GlobalObject or ActivationObject
     return func->call(exec, thisObj, argList);
 }

trunk/JavaScriptCore/kjs/object.cpp

@@ -94 +94 @@
 #endif
 
-  JSValue *ret = callAsFunction(exec,thisObj,args); 
+  JSValue* ret = callAsFunction(exec, thisObj, args); 
 
 #if KJS_MAX_STACK > 0
@@ -262 +262 @@
           args.append(value);
         
-          setterFunc->call(exec, this, args);
+          setterFunc->call(exec, this->toThisObject(exec), args);
           return;
         } else {
@@ -338 +338 @@
     if (o->implementsCall()) { // spec says "not primitive type" but ...
       JSObject *thisObj = const_cast<JSObject*>(object);
-      JSValue* def = o->call(exec, thisObj, exec->emptyList());
+      JSValue* def = o->call(exec, thisObj->toThisObject(exec), exec->emptyList());
       JSType defType = def->type();
       ASSERT(defType != GetterSetterType);
@@ -418 +418 @@
     _prop.setHasGetterSetterProperties(true);
     gs->setSetter(setterFunc);
+}
+
+JSValue* JSObject::lookupGetter(ExecState*, const Identifier& propertyName)
+{
+    JSObject* obj = this;
+    while (true) {
+        JSValue* v = obj->getDirect(propertyName);
+        if (v) {
+            if (v->type() != GetterSetterType)
+                return jsUndefined();
+            JSObject* funcObj = static_cast<GetterSetterImp*>(v)->getGetter();
+            if (!funcObj)
+                return jsUndefined();
+            return funcObj;
+        }
+
+        if (!obj->prototype() || !obj->prototype()->isObject())
+            return jsUndefined();
+        obj = static_cast<JSObject*>(obj->prototype());
+    }
+}
+
+JSValue* JSObject::lookupSetter(ExecState*, const Identifier& propertyName)
+{
+    JSObject* obj = this;
+    while (true) {
+        JSValue* v = obj->getDirect(propertyName);
+        if (v) {
+            if (v->type() != GetterSetterType)
+                return jsUndefined();
+            JSObject* funcObj = static_cast<GetterSetterImp*>(v)->getSetter();
+            if (!funcObj)
+                return jsUndefined();
+            return funcObj;
+        }
+
+        if (!obj->prototype() || !obj->prototype()->isObject())
+            return jsUndefined();
+        obj = static_cast<JSObject*>(obj->prototype());
+    }
 }
 
@@ -546 +586 @@
 }
 
+JSObject* JSObject::toThisObject(ExecState*) const
+{
+    return const_cast<JSObject*>(this);
+}
+
+JSGlobalObject* JSObject::toGlobalObject(ExecState*) const
+{
+    return 0;
+}
+
 void JSObject::putDirect(const Identifier &propertyName, JSValue *value, int attr)
 {
@@ -571 +621 @@
     JSObject *getterFunc = gs->getGetter();
     if (getterFunc)
-        slot.setGetterSlot(this, getterFunc);
+        slot.setGetterSlot(this->toThisObject(0), getterFunc);
     else
         slot.setUndefined(this);

trunk/JavaScriptCore/kjs/object.h

@@ -403 +403 @@
     virtual UString toString(ExecState *exec) const;
     virtual JSObject *toObject(ExecState *exec) const;
-    
+
+    virtual JSObject* toThisObject(ExecState*) const;
+    virtual JSGlobalObject* toGlobalObject(ExecState*) const;
+
     virtual bool getPropertyAttributes(const Identifier& propertyName, unsigned& attributes) const;
     
@@ -425 +428 @@
     void fillGetterPropertySlot(PropertySlot& slot, JSValue **location);
 
-    void defineGetter(ExecState *exec, const Identifier& propertyName, JSObject *getterFunc);
-    void defineSetter(ExecState *exec, const Identifier& propertyName, JSObject *setterFunc);
+    virtual void defineGetter(ExecState*, const Identifier& propertyName, JSObject* getterFunction);
+    virtual void defineSetter(ExecState*, const Identifier& propertyName, JSObject* setterFunction);
+    virtual JSValue* lookupGetter(ExecState*, const Identifier& propertyName);
+    virtual JSValue* lookupSetter(ExecState*, const Identifier& propertyName);
 
     void saveProperties(SavedProperties &p) const { _prop.save(p); }

trunk/JavaScriptCore/kjs/object_object.cpp

@@ -110 +110 @@
 JSValue* objectProtoFuncLookupGetter(ExecState* exec, JSObject* thisObj, const List& args)
 {
-    Identifier propertyName = Identifier(args[0]->toString(exec));
-    JSObject* obj = thisObj;
-    while (true) {
-        JSValue* v = obj->getDirect(propertyName);
-        if (v) {
-            if (v->type() != GetterSetterType)
-                return jsUndefined();
-            JSObject* funcObj = static_cast<GetterSetterImp*>(v)->getGetter();
-            if (!funcObj)
-                return jsUndefined();
-            return funcObj;
-        }
-
-        if (!obj->prototype() || !obj->prototype()->isObject())
-            return jsUndefined();
-        obj = static_cast<JSObject*>(obj->prototype());
-    }
+    return thisObj->lookupGetter(exec, Identifier(args[0]->toString(exec)));
 }
 
 JSValue* objectProtoFuncLookupSetter(ExecState* exec, JSObject* thisObj, const List& args)
 {
-    Identifier propertyName = Identifier(args[0]->toString(exec));
-    JSObject* obj = thisObj;
-    while (true) {
-        JSValue* v = obj->getDirect(propertyName);
-        if (v) {
-            if (v->type() != GetterSetterType)
-                return jsUndefined();
-            JSObject* funcObj = static_cast<GetterSetterImp*>(v)->getSetter();
-            if (!funcObj)
-                return jsUndefined();
-            return funcObj;
-        }
-
-        if (!obj->prototype() || !obj->prototype()->isObject())
-            return jsUndefined();
-        obj = static_cast<JSObject*>(obj->prototype());
-    }
+    return thisObj->lookupSetter(exec, Identifier(args[0]->toString(exec)));
 }
 

trunk/JavaScriptCore/kjs/string_object.cpp

@@ -351 +351 @@
           args.append(sourceVal);
 
-          substitutedReplacement = replacementFunction->call(exec, exec->dynamicGlobalObject(), 
-                                                             args)->toString(exec);
+          substitutedReplacement = replacementFunction->call(exec, exec->globalThisValue(), args)->toString(exec);
       } else
           substitutedReplacement = substituteBackreferences(replacementString, source, ovector, reg);
@@ -401 +400 @@
       args.append(sourceVal);
       
-      replacementString = replacementFunction->call(exec, exec->dynamicGlobalObject(), 
-                                                    args)->toString(exec);
+      replacementString = replacementFunction->call(exec, exec->globalThisValue(), args)->toString(exec);
   }