Changeset 65588 in webkit for trunk/JavaScriptCore

Timestamp:

Aug 18, 2010, 12:41:22 AM (15 years ago)

Author:

[email protected]

Message:

Bug 44146 - Remove toDouble/toUInt32 methods from UString.

Reviewed by Sam Weinig.

JavaScriptCore:

These methods all implement JavaScript language specific behaviour, and as such
are not suited to being on a generic string object. They are also inefficient
and incorrectly used, refactor & cleanup. Uses of these methods really divide
out into two cases.

ToNumber:
Uses of toDouble from JSString and from parseFloat are implementing ecma's
ToNumber conversion from strings (see ecma-262 9.3.1), so UString::toDouble
should largely just be moved out to a global jsToNumber function. ToNumber is
capable of recognizing either decimal or hexadecimal numbers, but parseFloat
should only recognize decimal values. This is currently handled by testing for
hexadecimal before calling toDouble, which should unnecessary - instead we can
just split out the two parts to the grammar into separate functions. Also,
strtod recognizes a set of literals (nan, inf, and infinity - all with any
capitalization) - which are not defined by any of the specs we are implementing.
To handle this we need to perform additional work in toDouble to convert the
unsupported cases of infinities back to NaNs. Instead we should simply remove
support for this literals from strtod. This should provide a more desirable
behaviour for all clients of strtod.

Indexed properties:
Uses of the toStrictUInt32 methods are were all converting property names to
indices, and all uses of toUInt32 were incorrect; in all cases we should have
been calling toUInt32. This error results in some incorrect behaviour in the
DOM (accessing property "0 " of a NodeList should fail; it currently does not).
Move this method onto Identifier (our canonical property name), and make it
always perform a strict conversion. Add a layout test to check NodeList does
convert indexed property names correctly.

• JavaScriptCore.exp:
• runtime/Arguments.cpp:

(JSC::Arguments::getOwnPropertySlot):
(JSC::Arguments::getOwnPropertyDescriptor):
(JSC::Arguments::put):
(JSC::Arguments::deleteProperty):

• runtime/Identifier.cpp:

(JSC::Identifier::toUInt32):

• runtime/Identifier.h:

(JSC::Identifier::toUInt32):

• runtime/JSArray.cpp:

(JSC::JSArray::getOwnPropertySlot):
(JSC::JSArray::getOwnPropertyDescriptor):
(JSC::JSArray::put):
(JSC::JSArray::deleteProperty):

• runtime/JSArray.h:

(JSC::Identifier::toArrayIndex):

• runtime/JSByteArray.cpp:

(JSC::JSByteArray::getOwnPropertySlot):
(JSC::JSByteArray::getOwnPropertyDescriptor):
(JSC::JSByteArray::put):

• runtime/JSGlobalObjectFunctions.cpp:

(JSC::isInfinity):
(JSC::jsHexIntegerLiteral):
(JSC::jsStrDecimalLiteral):
(JSC::jsToNumber):
(JSC::parseFloat):

• runtime/JSGlobalObjectFunctions.h:
• runtime/JSString.cpp:

(JSC::JSString::getPrimitiveNumber):
(JSC::JSString::toNumber):
(JSC::JSString::getStringPropertyDescriptor):

• runtime/JSString.h:

(JSC::JSString::getStringPropertySlot):

• runtime/ObjectPrototype.cpp:

(JSC::ObjectPrototype::put):

• runtime/StringObject.cpp:

(JSC::StringObject::deleteProperty):

• runtime/UString.cpp:
• runtime/UString.h:
• wtf/dtoa.cpp:

(WTF::strtod):

WebCore:

These methods all implement JavaScript language specific behaviour, and as such
are not suited to being on a generic string object. They are also inefficient
and incorrectly used, refactor & cleanup. Uses of these methods really divide
out into two cases.

ToNumber:
Uses of toDouble from JSString and from parseFloat are implementing ecma's
ToNumber conversion from strings (see ecma-262 9.3.1), so UString::toDouble
should largely just be moved out to a global jsToNumber function. ToNumber is
capable of recognizing either decimal or hexadecimal numbers, but parseFloat
should only recognize decimal values. This is currently handled by testing for
hexadecimal before calling toDouble, which should unnecessary - instead we can
just split out the two parts to the grammar into separate functions. Also,
strtod recognizes a set of literals (nan, inf, and infinity - all with any
capitalization) - which are not defined by any of the specs we are implementing.
To handle this we need to perform additional work in toDouble to convert the
unsupported cases of infinities back to NaNs. Instead we should simply remove
support for this literals from strtod. This should provide a more desirable
behaviour for all clients of strtod.

Indexed properties:
Uses of the toStrictUInt32 methods are were all converting property names to
indices, and all uses of toUInt32 were incorrect; in all cases we should have
been calling toUInt32. This error results in some incorrect behaviour in the
DOM (accessing property "0 " of a NodeList should fail; it currently does not).
Move this method onto Identifier (our canonical property name), and make it
always perform a strict conversion. Add a layout test to check NodeList does
convert indexed property names correctly.

Test: fast/dom/NodeList/nodelist-item-with-index.html

• WebCore.xcodeproj/project.pbxproj:
• bindings/js/JSDOMWindowCustom.cpp:

(WebCore::JSDOMWindow::getOwnPropertySlot):
(WebCore::JSDOMWindow::getOwnPropertyDescriptor):

• bindings/js/JSHTMLAllCollectionCustom.cpp:

(WebCore::callHTMLAllCollection):
(WebCore::JSHTMLAllCollection::item):

• bindings/js/JSHTMLCollectionCustom.cpp:

(WebCore::callHTMLCollection):
(WebCore::JSHTMLCollection::item):

• bindings/js/JSNodeListCustom.cpp:

(WebCore::callNodeList):

• bindings/scripts/CodeGeneratorJS.pm:
• bridge/runtime_array.cpp:

(JSC::RuntimeArray::getOwnPropertySlot):
(JSC::RuntimeArray::getOwnPropertyDescriptor):
(JSC::RuntimeArray::put):

LayoutTests:

Test that indexing into nodelists works correctly, particularly
wrt indices passed as strings that contain whitespace.

• fast/dom/NodeList/nodelist-item-with-index-expected.txt: Added.
• fast/dom/NodeList/nodelist-item-with-index.html: Added.

Location:

trunk/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• JavaScriptCore.exp (modified) (2 diffs)
• jit/JITStubs.cpp (modified) (2 diffs)
• runtime/Arguments.cpp (modified) (4 diffs)
• runtime/Identifier.cpp (modified) (1 diff)
• runtime/Identifier.h (modified) (1 diff)
• runtime/JSArray.cpp (modified) (4 diffs)
• runtime/JSArray.h (modified) (1 diff)
• runtime/JSByteArray.cpp (modified) (3 diffs)
• runtime/JSGlobalObjectFunctions.cpp (modified) (1 diff)
• runtime/JSGlobalObjectFunctions.h (modified) (1 diff)
• runtime/JSString.cpp (modified) (4 diffs)
• runtime/JSString.h (modified) (1 diff)
• runtime/ObjectPrototype.cpp (modified) (1 diff)
• runtime/StringObject.cpp (modified) (1 diff)
• runtime/UString.cpp (modified) (1 diff)
• runtime/UString.h (modified) (1 diff)
• wtf/dtoa.cpp (modified) (4 diffs)

trunk/JavaScriptCore/ChangeLog

@@ +1 @@
+2010-08-17  Gavin Barraclough  <[email protected]>
+
+        Reviewed by Sam Weinig.
+
+        Bug 44146 - Remove toDouble/toUInt32 methods from UString.
+
+        These methods all implement JavaScript language specific behaviour, and as such
+        are not suited to being on a generic string object.  They are also inefficient
+        and incorrectly used, refactor & cleanup.  Uses of these methods really divide
+        out into two cases.
+
+        ToNumber:
+        Uses of toDouble from JSString and from parseFloat are implementing ecma's
+        ToNumber conversion from strings (see ecma-262 9.3.1), so UString::toDouble
+        should largely just be moved out to a global jsToNumber function.  ToNumber is
+        capable of recognizing either decimal or hexadecimal numbers, but parseFloat
+        should only recognize decimal values.  This is currently handled by testing for
+        hexadecimal before calling toDouble, which should unnecessary - instead we can
+        just split out the two parts to the grammar into separate functions. Also,
+        strtod recognizes a set of literals (nan, inf, and infinity - all with any
+        capitalization) - which are not defined by any of the specs we are implementing.
+        To handle this we need to perform additional work in toDouble to convert the
+        unsupported cases of infinities back to NaNs.  Instead we should simply remove
+        support for this literals from strtod.  This should provide a more desirable
+        behaviour for all clients of strtod.
+
+        Indexed properties:
+        Uses of the toStrictUInt32 methods are were all converting property names to
+        indices, and all uses of toUInt32 were incorrect; in all cases we should have
+        been calling toUInt32.  This error results in some incorrect behaviour in the
+        DOM (accessing property "0 " of a NodeList should fail; it currently does not).
+        Move this method onto Identifier (our canonical property name), and make it
+        always perform a strict conversion. Add a layout test to check NodeList does
+        convert indexed property names correctly.
+
+        * JavaScriptCore.exp:
+        * runtime/Arguments.cpp:
+        (JSC::Arguments::getOwnPropertySlot):
+        (JSC::Arguments::getOwnPropertyDescriptor):
+        (JSC::Arguments::put):
+        (JSC::Arguments::deleteProperty):
+        * runtime/Identifier.cpp:
+        (JSC::Identifier::toUInt32):
+        * runtime/Identifier.h:
+        (JSC::Identifier::toUInt32):
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::getOwnPropertySlot):
+        (JSC::JSArray::getOwnPropertyDescriptor):
+        (JSC::JSArray::put):
+        (JSC::JSArray::deleteProperty):
+        * runtime/JSArray.h:
+        (JSC::Identifier::toArrayIndex):
+        * runtime/JSByteArray.cpp:
+        (JSC::JSByteArray::getOwnPropertySlot):
+        (JSC::JSByteArray::getOwnPropertyDescriptor):
+        (JSC::JSByteArray::put):
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::isInfinity):
+        (JSC::jsHexIntegerLiteral):
+        (JSC::jsStrDecimalLiteral):
+        (JSC::jsToNumber):
+        (JSC::parseFloat):
+        * runtime/JSGlobalObjectFunctions.h:
+        * runtime/JSString.cpp:
+        (JSC::JSString::getPrimitiveNumber):
+        (JSC::JSString::toNumber):
+        (JSC::JSString::getStringPropertyDescriptor):
+        * runtime/JSString.h:
+        (JSC::JSString::getStringPropertySlot):
+        * runtime/ObjectPrototype.cpp:
+        (JSC::ObjectPrototype::put):
+        * runtime/StringObject.cpp:
+        (JSC::StringObject::deleteProperty):
+        * runtime/UString.cpp:
+        * runtime/UString.h:
+        * wtf/dtoa.cpp:
+        (WTF::strtod):
+
 2010-08-17  Gavin Barraclough  <[email protected]>
 

trunk/JavaScriptCore/JavaScriptCore.exp

@@ -108 +108 @@
 __ZN3JSC10Identifier4fromEPNS_9ExecStateEj
 __ZN3JSC10Identifier5equalEPKN3WTF10StringImplEPKc
+__ZN3JSC10Identifier8toUInt32ERKNS_7UStringERb
 __ZN3JSC10JSFunction4infoE
 __ZN3JSC10JSFunction4nameEPNS_9ExecStateE
@@ -516 +517 @@
 __ZNK3JSC7JSValue20toThisObjectSlowCaseEPNS_9ExecStateE
 __ZNK3JSC7JSValue9toIntegerEPNS_9ExecStateE
-__ZNK3JSC7UString14toStrictUInt32EPb
 __ZNK3JSC7UString4utf8Eb
 __ZNK3JSC7UString5asciiEv
 __ZNK3JSC7UString6substrEjj
-__ZNK3JSC7UString8toUInt32EPb
-__ZNK3JSC7UString8toUInt32EPbb
 __ZNK3JSC8JSObject11hasPropertyEPNS_9ExecStateERKNS_10IdentifierE
 __ZNK3JSC8JSObject11hasPropertyEPNS_9ExecStateEj

trunk/JavaScriptCore/jit/JITStubs.cpp

@@ -46 +46 @@
 #include "JSByteArray.h"
 #include "JSFunction.h"
+#include "JSGlobalObjectFunctions.h"
 #include "JSNotAnObject.h"
 #include "JSPropertyNameIterator.h"
@@ -2815 +2816 @@
     if (cell1->isString()) {
         if (src2.isInt32())
-            return static_cast<JSString*>(cell1)->value(stackFrame.callFrame).toDouble() == src2.asInt32();
+            return jsToNumber(static_cast<JSString*>(cell1)->value(stackFrame.callFrame)) == src2.asInt32();
             
         if (src2.isDouble())
-            return static_cast<JSString*>(cell1)->value(stackFrame.callFrame).toDouble() == src2.asDouble();
+            return jsToNumber(static_cast<JSString*>(cell1)->value(stackFrame.callFrame)) == src2.asDouble();
 
         if (src2.isTrue())
-            return static_cast<JSString*>(cell1)->value(stackFrame.callFrame).toDouble() == 1.0;
+            return jsToNumber(static_cast<JSString*>(cell1)->value(stackFrame.callFrame)) == 1.0;
 
         if (src2.isFalse())
-            return static_cast<JSString*>(cell1)->value(stackFrame.callFrame).toDouble() == 0.0;
+            return jsToNumber(static_cast<JSString*>(cell1)->value(stackFrame.callFrame)) == 0.0;
 
         JSCell* cell2 = asCell(src2);

trunk/JavaScriptCore/runtime/Arguments.cpp

@@ -158 +158 @@
 {
     bool isArrayIndex;
-    unsigned i = toArrayIndex(propertyName.ustring(), &isArrayIndex);
+    unsigned i = propertyName.toArrayIndex(isArrayIndex);
     if (isArrayIndex && i < d->numArguments && (!d->deletedArguments || !d->deletedArguments[i])) {
         if (i < d->numParameters) {
@@ -183 +183 @@
 {
     bool isArrayIndex;
-    unsigned i = toArrayIndex(propertyName.ustring(), &isArrayIndex);
+    unsigned i = propertyName.toArrayIndex(isArrayIndex);
     if (isArrayIndex && i < d->numArguments && (!d->deletedArguments || !d->deletedArguments[i])) {
         if (i < d->numParameters) {
@@ -234 +234 @@
 {
     bool isArrayIndex;
-    unsigned i = toArrayIndex(propertyName.ustring(), &isArrayIndex);
+    unsigned i = propertyName.toArrayIndex(isArrayIndex);
     if (isArrayIndex && i < d->numArguments && (!d->deletedArguments || !d->deletedArguments[i])) {
         if (i < d->numParameters)
@@ -277 +277 @@
 {
     bool isArrayIndex;
-    unsigned i = toArrayIndex(propertyName.ustring(), &isArrayIndex);
+    unsigned i = propertyName.toArrayIndex(isArrayIndex);
     if (isArrayIndex && i < d->numArguments) {
         if (!d->deletedArguments) {

trunk/JavaScriptCore/runtime/Identifier.cpp

@@ -169 +169 @@
 };
 
+uint32_t Identifier::toUInt32(const UString& string, bool& ok)
+{
+    ok = false;
+
+    unsigned length = string.length();
+    const UChar* characters = string.characters();
+
+    // An empty string is not a number.
+    if (!length)
+        return 0;
+
+    // Get the first character, turning it into a digit.
+    uint32_t value = characters[0] - '0';
+    if (value > 9)
+        return 0;
+
+    // Check for leading zeros. If the first characher is 0, then the
+    // length of the string must be one - e.g. "042" is not equal to "42".
+    if (!value && length > 1)
+        return 0;
+
+    while (--length) {
+        // Multiply value by 10, checking for overflow out of 32 bits.
+        if (value > 0xFFFFFFFFU / 10)
+            return 0;
+        value *= 10;
+
+        // Get the next character, turning it into a digit.
+        uint32_t newValue = *(++characters) - '0';
+        if (newValue > 9)
+            return 0;
+
+        // Add in the old value, checking for overflow out of 32 bits.
+        newValue += value;
+        if (newValue < value)
+            return 0;
+        value = newValue;
+    }
+
+    ok = true;
+    return value;
+}
+
 PassRefPtr<StringImpl> Identifier::add(JSGlobalData* globalData, const UChar* s, int length)
 {

trunk/JavaScriptCore/runtime/Identifier.h

@@ -60 +60 @@
         static Identifier from(JSGlobalData*, int y);
         static Identifier from(JSGlobalData*, double y);
-        
+
+        static uint32_t toUInt32(const UString&, bool& ok);
+        uint32_t toUInt32(bool& ok) const { return toUInt32(m_string, ok); }
+        unsigned toArrayIndex(bool& ok) const;
+
         bool isNull() const { return m_string.isNull(); }
         bool isEmpty() const { return m_string.isEmpty(); }
-        
-        uint32_t toUInt32(bool* ok) const { return m_string.toUInt32(ok); }
-        uint32_t toUInt32(bool* ok, bool tolerateEmptyString) const { return m_string.toUInt32(ok, tolerateEmptyString); };
-        uint32_t toStrictUInt32(bool* ok) const { return m_string.toStrictUInt32(ok); }
-        double toDouble() const { return m_string.toDouble(); }
         
         friend bool operator==(const Identifier&, const Identifier&);

trunk/JavaScriptCore/runtime/JSArray.cpp

@@ -274 +274 @@
 
     bool isArrayIndex;
-    unsigned i = toArrayIndex(propertyName.ustring(), &isArrayIndex);
+    unsigned i = propertyName.toArrayIndex(isArrayIndex);
     if (isArrayIndex)
         return JSArray::getOwnPropertySlot(exec, i, slot);
@@ -291 +291 @@
     
     bool isArrayIndex;
-    unsigned i = toArrayIndex(propertyName.ustring(), &isArrayIndex);
+    unsigned i = propertyName.toArrayIndex(isArrayIndex);
     if (isArrayIndex) {
         if (i >= storage->m_length)
@@ -318 +318 @@
 {
     bool isArrayIndex;
-    unsigned i = toArrayIndex(propertyName.ustring(), &isArrayIndex);
+    unsigned i = propertyName.toArrayIndex(isArrayIndex);
     if (isArrayIndex) {
         put(exec, i, value);
@@ -476 +476 @@
 {
     bool isArrayIndex;
-    unsigned i = toArrayIndex(propertyName.ustring(), &isArrayIndex);
+    unsigned i = propertyName.toArrayIndex(isArrayIndex);
     if (isArrayIndex)
         return deleteProperty(exec, i);

trunk/JavaScriptCore/runtime/JSArray.h

@@ -265 +265 @@
     // Rule from ECMA 15.2 about what an array index is.
     // Must exactly match string form of an unsigned integer, and be less than 2^32 - 1.
-    inline unsigned toArrayIndex(const UString& string, bool* ok)
-    {
-        unsigned i = string.toStrictUInt32(ok);
+    inline unsigned Identifier::toArrayIndex(bool& ok) const
+    {
+        unsigned i = toUInt32(ok);
         if (ok && i >= 0xFFFFFFFFU)
-            *ok = false;
+            ok = false;
         return i;
     }

trunk/JavaScriptCore/runtime/JSByteArray.cpp

@@ -61 +61 @@
 {
     bool ok;
-    unsigned index = propertyName.toUInt32(&ok, false);
+    unsigned index = propertyName.toUInt32(ok);
     if (ok && canAccessIndex(index)) {
         slot.setValue(getIndex(exec, index));
@@ -72 +72 @@
 {
     bool ok;
-    unsigned index = propertyName.toUInt32(&ok, false);
+    unsigned index = propertyName.toUInt32(ok);
     if (ok && canAccessIndex(index)) {
         descriptor.setDescriptor(getIndex(exec, index), DontDelete);
@@ -92 +92 @@
 {
     bool ok;
-    unsigned index = propertyName.toUInt32(&ok, false);
+    unsigned index = propertyName.toUInt32(ok);
     if (ok) {
         setIndex(exec, index, value);

trunk/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp

@@ -277 +277 @@
 }
 
+static const int SizeOfInfinity = 8;
+
+static bool isInfinity(const UChar* data, const UChar* end)
+{
+    return (end - data) >= SizeOfInfinity
+        && data[0] == 'I'
+        && data[1] == 'n'
+        && data[2] == 'f'
+        && data[3] == 'i'
+        && data[4] == 'n'
+        && data[5] == 'i'
+        && data[6] == 't'
+        && data[7] == 'y';
+}
+
+// See ecma-262 9.3.1
+static double jsHexIntegerLiteral(const UChar*& data, const UChar* end)
+{
+    // Hex number.
+    data += 2;
+    const UChar* firstDigitPosition = data;
+    double number = 0;
+    while (true) {
+        number = number * 16 + toASCIIHexValue(*data);
+        ++data;
+        if (data == end)
+            break;
+        if (!isASCIIHexDigit(*data))
+            break;
+    }
+    if (number >= mantissaOverflowLowerBound)
+        number = parseIntOverflow(firstDigitPosition, data - firstDigitPosition, 16);
+
+    return number;
+}
+
+// See ecma-262 9.3.1
+static double jsStrDecimalLiteral(const UChar*& data, const UChar* end)
+{
+    ASSERT(data < end);
+
+    // Copy the sting into a null-terminated byte buffer, and call strtod.
+    Vector<char, 32> byteBuffer;
+    for (const UChar* characters = data; characters < end; ++characters) {
+        UChar character = *characters;
+        byteBuffer.append(isASCII(character) ? character : 0);
+    }
+    byteBuffer.append(0);
+    char* endOfNumber;
+    double number = WTF::strtod(byteBuffer.data(), &endOfNumber);
+
+    // Check if strtod found a number; if so return it.
+    ptrdiff_t consumed = endOfNumber - byteBuffer.data();
+    if (consumed) {
+        data += consumed;
+        return number;
+    }
+
+    // Check for [+-]?Infinity
+    switch (*data) {
+    case 'I':
+        if (isInfinity(data, end)) {
+            data += SizeOfInfinity;
+            return Inf;
+        }
+        break;
+
+    case '+':
+        if (isInfinity(data + 1, end)) {
+            data += SizeOfInfinity + 1;
+            return Inf;
+        }
+        break;
+
+    case '-':
+        if (isInfinity(data + 1, end)) {
+            data += SizeOfInfinity + 1;
+            return -Inf;
+        }
+        break;
+    }
+
+    // Not a number.
+    return NaN;
+}
+
+// See ecma-262 9.3.1
+double jsToNumber(const UString& s)
+{
+    unsigned size = s.length();
+
+    if (size == 1) {
+        UChar c = s.characters()[0];
+        if (isASCIIDigit(c))
+            return c - '0';
+        if (isStrWhiteSpace(c))
+            return 0;
+        return NaN;
+    }
+
+    const UChar* data = s.characters();
+    const UChar* end = data + size;
+
+    // Skip leading white space.
+    for (; data < end; ++data) {
+        if (!isStrWhiteSpace(*data))
+            break;
+    }
+
+    // Empty string.
+    if (data == end)
+        return 0.0;
+
+    double number;
+    if (data[0] == '0' && data + 2 < end && (data[1] | 0x20) == 'x' && isASCIIHexDigit(data[2]))
+        number = jsHexIntegerLiteral(data, end);
+    else
+        number = jsStrDecimalLiteral(data, end);
+
+    // Allow trailing white space.
+    for (; data < end; ++data) {
+        if (!isStrWhiteSpace(*data))
+            break;
+    }
+    if (data != end)
+        return NaN;
+
+    return number;
+}
+
 static double parseFloat(const UString& s)
 {
-    // Check for 0x prefix here, because toDouble allows it, but we must treat it as 0.
-    // Need to skip any whitespace and then one + or - sign.
-    int length = s.length();
+    unsigned size = s.length();
+
+    if (size == 1) {
+        UChar c = s.characters()[0];
+        if (isASCIIDigit(c))
+            return c - '0';
+        return NaN;
+    }
+
     const UChar* data = s.characters();
-    int p = 0;
-    while (p < length && isStrWhiteSpace(data[p]))
-        ++p;
-
-    if (p < length && (data[p] == '+' || data[p] == '-'))
-        ++p;
-
-    if (length - p >= 2 && data[p] == '0' && (data[p + 1] == 'x' || data[p + 1] == 'X'))
-        return 0;
-
-    return s.toDouble(true /*tolerant*/, false /* NaN for empty string */);
+    const UChar* end = data + size;
+
+    // Skip leading white space.
+    for (; data < end; ++data) {
+        if (!isStrWhiteSpace(*data))
+            break;
+    }
+
+    // Empty string.
+    if (data == end)
+        return NaN;
+
+    return jsStrDecimalLiteral(data, end);
 }
 

trunk/JavaScriptCore/runtime/JSGlobalObjectFunctions.h

@@ -56 +56 @@
     double parseIntOverflow(const UChar*, int length, int radix);
     bool isStrWhiteSpace(UChar);
+    double jsToNumber(const UString& s);
 
 } // namespace JSC

trunk/JavaScriptCore/runtime/JSString.cpp

@@ -25 +25 @@
 
 #include "JSGlobalObject.h"
+#include "JSGlobalObjectFunctions.h"
 #include "JSObject.h"
 #include "Operations.h"
@@ -178 +179 @@
 {
     result = this;
-    number = value(exec).toDouble();
+    number = jsToNumber(value(exec));
     return false;
 }
@@ -189 +190 @@
 double JSString::toNumber(ExecState* exec) const
 {
-    return value(exec).toDouble();
+    return jsToNumber(value(exec));
 }
 
@@ -241 +242 @@
     
     bool isStrictUInt32;
-    unsigned i = propertyName.toStrictUInt32(&isStrictUInt32);
+    unsigned i = propertyName.toUInt32(isStrictUInt32);
     if (isStrictUInt32 && i < m_length) {
         descriptor.setDescriptor(getIndex(exec, i), DontDelete | ReadOnly);

trunk/JavaScriptCore/runtime/JSString.h

@@ -565 +565 @@
 
         bool isStrictUInt32;
-        unsigned i = propertyName.toStrictUInt32(&isStrictUInt32);
+        unsigned i = propertyName.toUInt32(isStrictUInt32);
         if (isStrictUInt32 && i < m_length) {
             slot.setValue(getIndex(exec, i));

trunk/JavaScriptCore/runtime/ObjectPrototype.cpp

@@ -66 +66 @@
     if (m_hasNoPropertiesWithUInt32Names) {
         bool isUInt32;
-        propertyName.toStrictUInt32(&isUInt32);
+        propertyName.toUInt32(isUInt32);
         m_hasNoPropertiesWithUInt32Names = !isUInt32;
     }

trunk/JavaScriptCore/runtime/StringObject.cpp

@@ -81 +81 @@
         return false;
     bool isStrictUInt32;
-    unsigned i = propertyName.toStrictUInt32(&isStrictUInt32);
+    unsigned i = propertyName.toUInt32(isStrictUInt32);
     if (isStrictUInt32 && internalValue()->canGetIndex(i))
         return false;

trunk/JavaScriptCore/runtime/UString.cpp

@@ -205 +205 @@
 }
 
-static inline bool isInfinity(double number)
-{
-    return number == Inf || number == -Inf;
-}
-
-static bool isInfinity(const UChar* data, const UChar* end)
-{
-    return data + 7 < end
-        && data[0] == 'I'
-        && data[1] == 'n'
-        && data[2] == 'f'
-        && data[3] == 'i'
-        && data[4] == 'n'
-        && data[5] == 'i'
-        && data[6] == 't'
-        && data[7] == 'y';
-}
-
-double UString::toDouble(bool tolerateTrailingJunk, bool tolerateEmptyString) const
-{
-    unsigned size = this->length();
-
-    if (size == 1) {
-        UChar c = characters()[0];
-        if (isASCIIDigit(c))
-            return c - '0';
-        if (isStrWhiteSpace(c) && tolerateEmptyString)
-            return 0;
-        return NaN;
-    }
-
-    const UChar* data = this->characters();
-    const UChar* end = data + size;
-
-    // Skip leading white space.
-    for (; data < end; ++data) {
-        if (!isStrWhiteSpace(*data))
-            break;
-    }
-
-    // Empty string.
-    if (data == end)
-        return tolerateEmptyString ? 0.0 : NaN;
-
-    double number;
-
-    if (data[0] == '0' && data + 2 < end && (data[1] | 0x20) == 'x' && isASCIIHexDigit(data[2])) {
-        // Hex number.
-        data += 2;
-        const UChar* firstDigitPosition = data;
-        number = 0;
-        while (true) {
-            number = number * 16 + toASCIIHexValue(*data);
-            ++data;
-            if (data == end)
-                break;
-            if (!isASCIIHexDigit(*data))
-                break;
-        }
-        if (number >= mantissaOverflowLowerBound)
-            number = parseIntOverflow(firstDigitPosition, data - firstDigitPosition, 16);
-    } else {
-        // Decimal number.
-
-        // Put into a null-terminated byte buffer.
-        Vector<char, 32> byteBuffer;
-        for (const UChar* characters = data; characters < end; ++characters) {
-            UChar character = *characters;
-            byteBuffer.append(isASCII(character) ? character : 0);
-        }
-        byteBuffer.append(0);
-
-        char* byteBufferEnd;
-        number = WTF::strtod(byteBuffer.data(), &byteBufferEnd);
-        const UChar* pastNumber = data + (byteBufferEnd - byteBuffer.data());
-
-        if ((number || pastNumber != data) && !isInfinity(number))
-            data = pastNumber;
-        else {
-            // We used strtod() to do the conversion. However, strtod() handles
-            // infinite values slightly differently than JavaScript in that it
-            // converts the string "inf" with any capitalization to infinity,
-            // whereas the ECMA spec requires that it be converted to NaN.
-
-            double signedInfinity = Inf;
-            if (data < end) {
-                if (*data == '+')
-                    data++;
-                else if (*data == '-') {
-                    signedInfinity = -Inf;
-                    data++;
-                }
-            }
-            if (isInfinity(data, end)) {
-                number = signedInfinity;
-                data += 8;
-            } else if (isInfinity(number) && data < end && (*data | 0x20) != 'i')
-                data = pastNumber;
-            else
-                return NaN;
-        }
-    }
-
-    // Look for trailing junk.
-    if (!tolerateTrailingJunk) {
-        // Allow trailing white space.
-        for (; data < end; ++data) {
-            if (!isStrWhiteSpace(*data))
-                break;
-        }
-        if (data != end)
-            return NaN;
-    }
-
-    return number;
-}
-
-double UString::toDouble(bool tolerateTrailingJunk) const
-{
-    return toDouble(tolerateTrailingJunk, true);
-}
-
-double UString::toDouble() const
-{
-    return toDouble(false, true);
-}
-
-uint32_t UString::toUInt32(bool* ok) const
-{
-    double d = toDouble();
-    bool b = true;
-
-    if (d != static_cast<uint32_t>(d)) {
-        b = false;
-        d = 0;
-    }
-
-    if (ok)
-        *ok = b;
-
-    return static_cast<uint32_t>(d);
-}
-
-uint32_t UString::toUInt32(bool* ok, bool tolerateEmptyString) const
-{
-    double d = toDouble(false, tolerateEmptyString);
-    bool b = true;
-
-    if (d != static_cast<uint32_t>(d)) {
-        b = false;
-        d = 0;
-    }
-
-    if (ok)
-        *ok = b;
-
-    return static_cast<uint32_t>(d);
-}
-
-uint32_t UString::toStrictUInt32(bool* ok) const
-{
-    if (ok)
-        *ok = false;
-
-    // Empty string is not OK.
-    unsigned len = m_impl->length();
-    if (len == 0)
-        return 0;
-    const UChar* p = m_impl->characters();
-    unsigned short c = p[0];
-
-    // If the first digit is 0, only 0 itself is OK.
-    if (c == '0') {
-        if (len == 1 && ok)
-            *ok = true;
-        return 0;
-    }
-
-    // Convert to UInt32, checking for overflow.
-    uint32_t i = 0;
-    while (1) {
-        // Process character, turning it into a digit.
-        if (c < '0' || c > '9')
-            return 0;
-        const unsigned d = c - '0';
-
-        // Multiply by 10, checking for overflow out of 32 bits.
-        if (i > 0xFFFFFFFFU / 10)
-            return 0;
-        i *= 10;
-
-        // Add in the digit, checking for overflow out of 32 bits.
-        const unsigned max = 0xFFFFFFFFU - d;
-        if (i > max)
-            return 0;
-        i += d;
-
-        // Handle end of string.
-        if (--len == 0) {
-            if (ok)
-                *ok = true;
-            return i;
-        }
-
-        // Get next character.
-        c = *(++p);
-    }
-}
-
 UString UString::substr(unsigned pos, unsigned len) const
 {

trunk/JavaScriptCore/runtime/UString.h

@@ -107 +107 @@
     size_t reverseFind(const UString& str, unsigned start = UINT_MAX) const
         { return m_impl ? m_impl->reverseFind(str.impl(), start) : notFound; }
-
-    double toDouble(bool tolerateTrailingJunk, bool tolerateEmptyString) const;
-    double toDouble(bool tolerateTrailingJunk) const;
-    double toDouble() const;
-
-    uint32_t toUInt32(bool* ok = 0) const;
-    uint32_t toUInt32(bool* ok, bool tolerateEmptyString) const;
-    uint32_t toStrictUInt32(bool* ok = 0) const;
 
     UString substr(unsigned pos = 0, unsigned len = UINT_MAX) const;

trunk/JavaScriptCore/wtf/dtoa.cpp

@@ -89 +89 @@
  *    define some or all of DBL_DIG, DBL_MAX_10_EXP, DBL_MAX_EXP,
  *    FLT_RADIX, FLT_ROUNDS, and DBL_MAX.
- * #define INFNAN_CHECK on IEEE systems to cause strtod to check for
- *    Infinity and NaN (case insensitively).  On some systems (e.g.,
- *    some HP systems), it may be necessary to #define NAN_WORD0
- *    appropriately -- to the most significant word of a quiet NaN.
- *    (On HP Series 700/800 machines, -DNAN_WORD0=0x7ff40000 works.)
- *    When INFNAN_CHECK is #defined and No_Hex_NaN is not #defined,
- *    strtod also accepts (case insensitively) strings of the form
- *    NaN(x), where x is a string of hexadecimal digits and spaces;
- *    if there is only one string of hexadecimal digits, it is taken
- *    for the 52 fraction bits of the resulting NaN; if there are two
- *    or more strings of hex digits, the first is for the high 20 bits,
- *    the second and subsequent for the low 32 bits, with intervening
- *    white space ignored; but if this results in none of the 52
- *    fraction bits being on (an IEEE Infinity symbol), then NAN_WORD0
- *    and NAN_WORD1 are used instead.
  * #define NO_IEEE_Scale to disable new (Feb. 1997) logic in strtod that
  *    avoids underflows on inputs whose result does not underflow.
@@ -167 +152 @@
 #endif
 
-#define INFNAN_CHECK
-#define No_Hex_NaN
-
 #if defined(IEEE_8087) + defined(IEEE_MC68k) + defined(IEEE_ARM) != 1
 Exactly one of IEEE_8087, IEEE_ARM or IEEE_MC68k should be defined.
@@ -1041 +1023 @@
 #define n_bigtens 5
 
-#if defined(INFNAN_CHECK)
-
-#ifndef NAN_WORD0
-#define NAN_WORD0 0x7ff80000
-#endif
-
-#ifndef NAN_WORD1
-#define NAN_WORD1 0
-#endif
-
-static int match(const char** sp, const char* t)
-{
-    int c, d;
-    const char* s = *sp;
-
-    while ((d = *t++)) {
-        if ((c = *++s) >= 'A' && c <= 'Z')
-            c += 'a' - 'A';
-        if (c != d)
-            return 0;
-    }
-    *sp = s + 1;
-    return 1;
-}
-
-#ifndef No_Hex_NaN
-static void hexnan(U* rvp, const char** sp)
-{
-    uint32_t c, x[2];
-    const char* s;
-    int havedig, udx0, xshift;
-
-    x[0] = x[1] = 0;
-    havedig = xshift = 0;
-    udx0 = 1;
-    s = *sp;
-    while ((c = *(const unsigned char*)++s)) {
-        if (c >= '0' && c <= '9')
-            c -= '0';
-        else if (c >= 'a' && c <= 'f')
-            c += 10 - 'a';
-        else if (c >= 'A' && c <= 'F')
-            c += 10 - 'A';
-        else if (c <= ' ') {
-            if (udx0 && havedig) {
-                udx0 = 0;
-                xshift = 1;
-            }
-            continue;
-        } else if (/*(*/ c == ')' && havedig) {
-            *sp = s + 1;
-            break;
-        } else
-            return;    /* invalid form: don't change *sp */
-        havedig = 1;
-        if (xshift) {
-            xshift = 0;
-            x[0] = x[1];
-            x[1] = 0;
-        }
-        if (udx0)
-            x[0] = (x[0] << 4) | (x[1] >> 28);
-        x[1] = (x[1] << 4) | c;
-    }
-    if ((x[0] &= 0xfffff) || x[1]) {
-        word0(rvp) = Exp_mask | x[0];
-        word1(rvp) = x[1];
-    }
-}
-#endif /*No_Hex_NaN*/
-#endif /* INFNAN_CHECK */
-
 double strtod(const char* s00, char** se)
 {
@@ -1237 +1147 @@
     if (!nd) {
         if (!nz && !nz0) {
-#ifdef INFNAN_CHECK
-            /* Check for Nan and Infinity */
-            switch (c) {
-            case 'i':
-            case 'I':
-                if (match(&s, "nf")) {
-                    --s;
-                    if (!match(&s, "inity"))
-                        ++s;
-                    word0(&rv) = 0x7ff00000;
-                    word1(&rv) = 0;
-                    goto ret;
-                }
-                break;
-            case 'n':
-            case 'N':
-                if (match(&s, "an")) {
-                    word0(&rv) = NAN_WORD0;
-                    word1(&rv) = NAN_WORD1;
-#ifndef No_Hex_NaN
-                    if (*s == '(') /*)*/
-                        hexnan(&rv, &s);
-#endif
-                    goto ret;
-                }
-            }
-#endif /* INFNAN_CHECK */
 ret0:
             s = s00;