Changeset 95751 in webkit for trunk/Source/JavaScriptCore

Timestamp:

Sep 22, 2011, 2:22:17 PM (14 years ago)

Author:

[email protected]

Message:

Implement Function.prototype.bind
​https://bugs.webkit.org/show_bug.cgi?id=26382

Reviewed by Sam Weinig.

Source/JavaScriptCore:

This patch provides a basic functional implementation
for Function.bind. It should (hopefully!) be fully
functionally correct, and the bound functions can be
called to quickly (since they are a subclass of
JSFunction, not InternalFunction), but we'll probably
want to follow up with some optimization work to keep
bound calls in JIT code.

• JavaScriptCore.JSVALUE32_64only.exp:
• JavaScriptCore.JSVALUE64only.exp:
• JavaScriptCore.exp:
• JavaScriptCore.xcodeproj/project.pbxproj:
• jit/JITStubs.cpp:

(JSC::JITThunks::hostFunctionStub):

• jit/JITStubs.h:
• jsc.cpp:

(GlobalObject::addFunction):

• runtime/CommonIdentifiers.h:
• runtime/ConstructData.h:
• runtime/Executable.h:

(JSC::NativeExecutable::NativeExecutable):

• runtime/FunctionPrototype.cpp:

(JSC::FunctionPrototype::addFunctionProperties):
(JSC::functionProtoFuncBind):

• runtime/FunctionPrototype.h:
• runtime/JSBoundFunction.cpp: Added.

(JSC::boundFunctionCall):
(JSC::boundFunctionConstruct):
(JSC::JSBoundFunction::create):
(JSC::JSBoundFunction::hasInstance):
(JSC::JSBoundFunction::getOwnPropertySlot):
(JSC::JSBoundFunction::getOwnPropertyDescriptor):
(JSC::JSBoundFunction::JSBoundFunction):
(JSC::JSBoundFunction::finishCreation):

• runtime/JSBoundFunction.h: Added.

(JSC::JSBoundFunction::targetFunction):
(JSC::JSBoundFunction::boundThis):
(JSC::JSBoundFunction::boundArgs):
(JSC::JSBoundFunction::createStructure):

• runtime/JSFunction.cpp:

(JSC::JSFunction::create):
(JSC::JSFunction::finishCreation):
(JSC::createDescriptorForThrowingProperty):
(JSC::JSFunction::getOwnPropertySlot):

• runtime/JSFunction.h:
• runtime/JSGlobalData.cpp:

(JSC::JSGlobalData::getHostFunction):

• runtime/JSGlobalData.h:
• runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::reset):
(JSC::JSGlobalObject::visitChildren):

• runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::boundFunctionStructure):

• runtime/Lookup.cpp:

(JSC::setUpStaticFunctionSlot):

Source/WebCore:

Test: fast/js/function-bind.html

• bindings/js/JSDOMBinding.cpp:

(WebCore::objectToStringFunctionGetter):

• bindings/js/JSDOMWindowCustom.cpp:

(WebCore::nonCachingStaticFunctionGetter):

• bindings/js/JSHistoryCustom.cpp:

(WebCore::nonCachingStaticBackFunctionGetter):
(WebCore::nonCachingStaticForwardFunctionGetter):
(WebCore::nonCachingStaticGoFunctionGetter):

• bindings/js/JSLocationCustom.cpp:

(WebCore::nonCachingStaticReplaceFunctionGetter):
(WebCore::nonCachingStaticReloadFunctionGetter):
(WebCore::nonCachingStaticAssignFunctionGetter):

• Function::create no longer requires functionStructure() to be passed.

LayoutTests:

We now pass Function.bind tests.

• fast/js/Object-getOwnPropertyNames-expected.txt:
• fast/js/basic-strict-mode-expected.txt:
• fast/js/function-bind-expected.txt: Added.
• fast/js/function-bind.html: Added.
• fast/js/mozilla/strict/15.3.4.5-expected.txt:
• fast/js/script-tests/function-bind.js: Added.
• ietestcenter/Javascript/15.2.3.3-4-38-expected.txt:
• ietestcenter/Javascript/15.3.4.5-0-1-expected.txt:
• ietestcenter/Javascript/15.3.4.5-0-2-expected.txt:
• ietestcenter/Javascript/15.3.4.5-13.b-1-expected.txt:
• ietestcenter/Javascript/15.3.4.5-13.b-2-expected.txt:
• ietestcenter/Javascript/15.3.4.5-13.b-3-expected.txt:
• ietestcenter/Javascript/15.3.4.5-13.b-4-expected.txt:
• ietestcenter/Javascript/15.3.4.5-13.b-5-expected.txt:
• ietestcenter/Javascript/15.3.4.5-15-1-expected.txt:
• ietestcenter/Javascript/15.3.4.5-15-2-expected.txt:
• ietestcenter/Javascript/15.3.4.5-16-1-expected.txt:
• ietestcenter/Javascript/15.3.4.5-2-1-expected.txt:
• ietestcenter/Javascript/15.3.4.5-2-2-expected.txt:
• ietestcenter/Javascript/15.3.4.5-2-3-expected.txt:
• ietestcenter/Javascript/15.3.4.5-2-4-expected.txt:
• ietestcenter/Javascript/15.3.4.5-2-5-expected.txt:
• ietestcenter/Javascript/15.3.4.5-2-6-expected.txt:
• ietestcenter/Javascript/15.3.4.5-2-7-expected.txt:
• ietestcenter/Javascript/15.3.4.5-2-8-expected.txt:
• ietestcenter/Javascript/15.3.4.5-2-9-expected.txt:
• ietestcenter/Javascript/15.3.4.5-8-1-expected.txt:
• ietestcenter/Javascript/15.3.4.5-8-2-expected.txt:
• ietestcenter/Javascript/15.3.4.5-9-1-expected.txt:
• ietestcenter/Javascript/15.3.4.5-9-2-expected.txt:

Location:

trunk/Source/JavaScriptCore

Files:

• CMakeLists.txt (modified) (1 diff)
• ChangeLog (modified) (1 diff)
• GNUmakefile.list.am (modified) (1 diff)
• JavaScriptCore.JSVALUE32_64only.exp (modified) (1 diff)
• JavaScriptCore.JSVALUE64only.exp (modified) (1 diff)
• JavaScriptCore.exp (modified) (2 diffs)
• JavaScriptCore.gypi (modified) (2 diffs)
• JavaScriptCore.pro (modified) (1 diff)
• JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj (modified) (1 diff)
• JavaScriptCore.xcodeproj/project.pbxproj (modified) (5 diffs)
• jit/JITStubs.cpp (modified) (2 diffs)
• jit/JITStubs.h (modified) (1 diff)
• jsc.cpp (modified) (1 diff)
• runtime/CommonIdentifiers.h (modified) (1 diff)
• runtime/ConstructData.h (modified) (2 diffs)
• runtime/Executable.h (modified) (4 diffs)
• runtime/FunctionPrototype.cpp (modified) (4 diffs)
• runtime/FunctionPrototype.h (modified) (1 diff)
• runtime/JSBoundFunction.cpp (added)
• runtime/JSBoundFunction.h (added)
• runtime/JSFunction.cpp (modified) (7 diffs)
• runtime/JSFunction.h (modified) (5 diffs)
• runtime/JSGlobalData.cpp (modified) (2 diffs)
• runtime/JSGlobalData.h (modified) (1 diff)
• runtime/JSGlobalObject.cpp (modified) (4 diffs)
• runtime/JSGlobalObject.h (modified) (2 diffs)
• runtime/Lookup.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/CMakeLists.txt

@@ -124 +124 @@
     runtime/JSCell.cpp
     runtime/JSFunction.cpp
+    runtime/JSBoundFunction.cpp
     runtime/JSGlobalData.cpp
     runtime/JSGlobalObject.cpp

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2011-09-22  Gavin Barraclough  <[email protected]>
+
+        Implement Function.prototype.bind
+        https://bugs.webkit.org/show_bug.cgi?id=26382
+
+        Reviewed by Sam Weinig.
+
+        This patch provides a basic functional implementation
+        for Function.bind. It should (hopefully!) be fully
+        functionally correct, and the bound functions can be
+        called to quickly (since they are a subclass of
+        JSFunction, not InternalFunction), but we'll probably
+        want to follow up with some optimization work to keep
+        bound calls in JIT code.
+
+        * JavaScriptCore.JSVALUE32_64only.exp:
+        * JavaScriptCore.JSVALUE64only.exp:
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * jit/JITStubs.cpp:
+        (JSC::JITThunks::hostFunctionStub):
+        * jit/JITStubs.h:
+        * jsc.cpp:
+        (GlobalObject::addFunction):
+        * runtime/CommonIdentifiers.h:
+        * runtime/ConstructData.h:
+        * runtime/Executable.h:
+        (JSC::NativeExecutable::NativeExecutable):
+        * runtime/FunctionPrototype.cpp:
+        (JSC::FunctionPrototype::addFunctionProperties):
+        (JSC::functionProtoFuncBind):
+        * runtime/FunctionPrototype.h:
+        * runtime/JSBoundFunction.cpp: Added.
+        (JSC::boundFunctionCall):
+        (JSC::boundFunctionConstruct):
+        (JSC::JSBoundFunction::create):
+        (JSC::JSBoundFunction::hasInstance):
+        (JSC::JSBoundFunction::getOwnPropertySlot):
+        (JSC::JSBoundFunction::getOwnPropertyDescriptor):
+        (JSC::JSBoundFunction::JSBoundFunction):
+        (JSC::JSBoundFunction::finishCreation):
+        * runtime/JSBoundFunction.h: Added.
+        (JSC::JSBoundFunction::targetFunction):
+        (JSC::JSBoundFunction::boundThis):
+        (JSC::JSBoundFunction::boundArgs):
+        (JSC::JSBoundFunction::createStructure):
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::create):
+        (JSC::JSFunction::finishCreation):
+        (JSC::createDescriptorForThrowingProperty):
+        (JSC::JSFunction::getOwnPropertySlot):
+        * runtime/JSFunction.h:
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::getHostFunction):
+        * runtime/JSGlobalData.h:
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::reset):
+        (JSC::JSGlobalObject::visitChildren):
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::boundFunctionStructure):
+        * runtime/Lookup.cpp:
+        (JSC::setUpStaticFunctionSlot):
+
 2011-09-22  Oliver Hunt  <[email protected]>
 

trunk/Source/JavaScriptCore/GNUmakefile.list.am

@@ -348 +348 @@
         Source/JavaScriptCore/runtime/JSFunction.cpp \
         Source/JavaScriptCore/runtime/JSFunction.h \
+        Source/JavaScriptCore/runtime/JSBoundFunction.cpp \
+        Source/JavaScriptCore/runtime/JSBoundFunction.h \
         Source/JavaScriptCore/runtime/JSGlobalData.cpp \
         Source/JavaScriptCore/runtime/JSGlobalData.h \

trunk/Source/JavaScriptCore/JavaScriptCore.JSVALUE32_64only.exp

@@ -1 @@
-__ZN3JSC12JSGlobalData15getHostFunctionEPFxPNS_9ExecStateEE
+__ZN3JSC10JSFunction6createEPNS_9ExecStateEPNS_14JSGlobalObjectEiRKNS_10IdentifierEPFxS2_ES9_

trunk/Source/JavaScriptCore/JavaScriptCore.JSVALUE64only.exp

@@ -1 @@
-__ZN3JSC12JSGlobalData15getHostFunctionEPFPvPNS_9ExecStateEE
+__ZN3JSC10JSFunction6createEPNS_9ExecStateEPNS_14JSGlobalObjectEiRKNS_10IdentifierEPFPvS2_ESA_

trunk/Source/JavaScriptCore/JavaScriptCore.exp

@@ -110 +110 @@
 __ZN3JSC10Identifier4fromEPNS_9ExecStateEj
 __ZN3JSC10Identifier8toUInt32ERKNS_7UStringERb
-__ZN3JSC10JSFunction14finishCreationEPNS_9ExecStateEiRKNS_10IdentifierEPNS_14ExecutableBaseE
 __ZN3JSC10JSFunction4nameEPNS_9ExecStateE
 __ZN3JSC10JSFunction6s_infoE
@@ -230 +229 @@
 __ZN3JSC24createStackOverflowErrorEPNS_9ExecStateE
 __ZN3JSC25evaluateInGlobalCallFrameERKNS_7UStringERNS_7JSValueEPNS_14JSGlobalObjectE
+__ZN3JSC29callHostFunctionAsConstructorEPNS_9ExecStateE
 __ZN3JSC30isTerminatedExecutionExceptionENS_7JSValueE
 __ZN3JSC35createInterruptedExecutionExceptionEPNS_12JSGlobalDataE

trunk/Source/JavaScriptCore/JavaScriptCore.gypi

@@ -84 +84 @@
             'runtime/JSCell.h',
             'runtime/JSFunction.h',
+            'runtime/JSBoundFunction.h',
             'runtime/JSGlobalData.h',
             'runtime/JSGlobalObject.h',
@@ -517 +518 @@
             'runtime/JSCell.cpp',
             'runtime/JSFunction.cpp',
+            'runtime/JSBoundFunction.cpp',
             'runtime/JSGlobalData.cpp',
             'runtime/JSGlobalObject.cpp',

trunk/Source/JavaScriptCore/JavaScriptCore.pro

@@ -154 +154 @@
     runtime/JSCell.cpp \
     runtime/JSFunction.cpp \
+    runtime/JSBoundFunction.cpp \
     runtime/JSGlobalData.cpp \
     runtime/JSGlobalObject.cpp \

trunk/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj

@@ -799 +799 @@
                         </File>
                         <File
+                                RelativePath="..\..\runtime\JSBoundFunction.cpp"
+                                >
+                        </File>
+                        <File
+                                RelativePath="..\..\runtime\JSBoundFunction.h"
+                                >
+                        </File>
+                        <File
                                 RelativePath="..\..\runtime\JSGlobalData.cpp"
                                 >

trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj

@@ -362 +362 @@
                 86ECA3FA132DF25A002B2AD7 /* DFGScoreBoard.h in Headers */ = {isa = PBXBuildFile; fileRef = 86ECA3F9132DF25A002B2AD7 /* DFGScoreBoard.h */; };
                 86F38859121130CA007A7CE3 /* AtomicStringHash.h in Headers */ = {isa = PBXBuildFile; fileRef = 86F38858121130CA007A7CE3 /* AtomicStringHash.h */; settings = {ATTRIBUTES = (Private, ); }; };
+                86FA9E91142BBB2E001773B7 /* JSBoundFunction.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 86FA9E8F142BBB2D001773B7 /* JSBoundFunction.cpp */; };
+                86FA9E92142BBB2E001773B7 /* JSBoundFunction.h in Headers */ = {isa = PBXBuildFile; fileRef = 86FA9E90142BBB2E001773B7 /* JSBoundFunction.h */; };
                 90213E3D123A40C200D422F3 /* MemoryStatistics.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 90213E3B123A40C200D422F3 /* MemoryStatistics.cpp */; };
                 90213E3E123A40C200D422F3 /* MemoryStatistics.h in Headers */ = {isa = PBXBuildFile; fileRef = 90213E3C123A40C200D422F3 /* MemoryStatistics.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -1116 +1118 @@
                 86ECA3F9132DF25A002B2AD7 /* DFGScoreBoard.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGScoreBoard.h; path = dfg/DFGScoreBoard.h; sourceTree = "<group>"; };
                 86F38858121130CA007A7CE3 /* AtomicStringHash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AtomicStringHash.h; path = text/AtomicStringHash.h; sourceTree = "<group>"; };
+                86FA9E8F142BBB2D001773B7 /* JSBoundFunction.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSBoundFunction.cpp; sourceTree = "<group>"; };
+                86FA9E90142BBB2E001773B7 /* JSBoundFunction.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSBoundFunction.h; sourceTree = "<group>"; };
                 90213E3B123A40C200D422F3 /* MemoryStatistics.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MemoryStatistics.cpp; sourceTree = "<group>"; };
                 90213E3C123A40C200D422F3 /* MemoryStatistics.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MemoryStatistics.h; sourceTree = "<group>"; };
@@ -2067 +2071 @@
                                 93ADFCE60CCBD7AC00D30B08 /* JSArray.cpp */,
                                 938772E5038BFE19008635CE /* JSArray.h */,
+                                86FA9E8F142BBB2D001773B7 /* JSBoundFunction.cpp */,
+                                86FA9E90142BBB2E001773B7 /* JSBoundFunction.h */,
                                 A791EF270F11E07900AE1F68 /* JSByteArray.cpp */,
                                 A791EF260F11E07900AE1F68 /* JSByteArray.h */,
@@ -2812 +2818 @@
                                 1A08277A142168D70090CCAC /* BinarySemaphore.h in Headers */,
                                 A70456B01427FB910037DA68 /* AllocationSpace.h in Headers */,
+                                86FA9E92142BBB2E001773B7 /* JSBoundFunction.h in Headers */,
                         );
                         runOnlyForDeploymentPostprocessing = 0;
@@ -3335 +3342 @@
                                 1A082779142168D70090CCAC /* BinarySemaphore.cpp in Sources */,
                                 A70456B11427FB950037DA68 /* AllocationSpace.cpp in Sources */,
+                                86FA9E91142BBB2E001773B7 /* JSBoundFunction.cpp in Sources */,
                         );
                         runOnlyForDeploymentPostprocessing = 0;

trunk/Source/JavaScriptCore/jit/JITStubs.cpp

@@ -2087 +2087 @@
     ASSERT(typeInfo.type() != UnspecifiedType);
 
-    if (!typeInfo.overridesHasInstance()) {
-        if (!value.isObject())
-            return JSValue::encode(jsBoolean(false));
-
-        if (!proto.isObject()) {
-            throwError(callFrame, createTypeError(callFrame, "instanceof called on an object with an invalid prototype property."));
-            VM_THROW_EXCEPTION();
-        }
-    }
+    if (!typeInfo.overridesHasInstance() && !value.isObject())
+        return JSValue::encode(jsBoolean(false));
 
     JSValue result = jsBoolean(asObject(baseVal)->hasInstance(callFrame, value, proto));
@@ -3827 +3820 @@
 }
 
-NativeExecutable* JITThunks::hostFunctionStub(JSGlobalData* globalData, NativeFunction function)
+NativeExecutable* JITThunks::hostFunctionStub(JSGlobalData* globalData, NativeFunction function, NativeFunction constructor)
 {
     std::pair<HostFunctionStubMap::iterator, bool> entry = m_hostFunctionStubMap->add(function, Weak<NativeExecutable>());
     if (!*entry.first->second)
-        entry.first->second.set(*globalData, NativeExecutable::create(*globalData, JIT::compileCTINativeCall(globalData, function), function, MacroAssemblerCodeRef::createSelfManagedCodeRef(ctiNativeConstruct()), callHostFunctionAsConstructor, DFG::NoIntrinsic));
+        entry.first->second.set(*globalData, NativeExecutable::create(*globalData, JIT::compileCTINativeCall(globalData, function), function, MacroAssemblerCodeRef::createSelfManagedCodeRef(ctiNativeConstruct()), constructor, DFG::NoIntrinsic));
     return entry.first->second.get();
 }

trunk/Source/JavaScriptCore/jit/JITStubs.h

@@ -298 +298 @@
         MacroAssemblerCodeRef ctiStub(JSGlobalData*, ThunkGenerator);
 
-        NativeExecutable* hostFunctionStub(JSGlobalData*, NativeFunction);
+        NativeExecutable* hostFunctionStub(JSGlobalData*, NativeFunction, NativeFunction constructor);
         NativeExecutable* hostFunctionStub(JSGlobalData*, NativeFunction, ThunkGenerator, DFG::Intrinsic);
 

trunk/Source/JavaScriptCore/jsc.cpp

@@ -191 +191 @@
     {
         Identifier identifier(globalExec(), name);
-        putDirect(globalData, identifier, JSFunction::create(globalExec(), this, functionStructure(), arguments, identifier, function));
+        putDirect(globalData, identifier, JSFunction::create(globalExec(), this, arguments, identifier, function));
     }
 };

trunk/Source/JavaScriptCore/runtime/CommonIdentifiers.h

@@ -34 +34 @@
     macro(apply) \
     macro(arguments) \
+    macro(bind) \
     macro(call) \
     macro(callee) \

trunk/Source/JavaScriptCore/runtime/ConstructData.h

@@ -30 +30 @@
 #define ConstructData_h
 
+#include "CallData.h"
 #include "JSValue.h"
 
@@ -46 +47 @@
     };
 
-    typedef EncodedJSValue (JSC_HOST_CALL *NativeConstructor)(ExecState*);
-
     union ConstructData {
         struct {
-            NativeConstructor function;
+            NativeFunction function;
         } native;
         struct {

trunk/Source/JavaScriptCore/runtime/Executable.h

@@ -202 +202 @@
 
         NativeFunction function() { return m_function; }
+        NativeFunction constructor() { return m_constructor; }
 
         static Structure* createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue proto) { return Structure::create(globalData, globalObject, proto, TypeInfo(LeafType, StructureFlags), &s_info); }
@@ -229 +230 @@
  
     private:
-#if ENABLE(JIT)
         NativeExecutable(JSGlobalData& globalData, NativeFunction function, NativeFunction constructor)
             : ExecutableBase(globalData, globalData.nativeExecutableStructure.get(), NUM_PARAMETERS_IS_HOST)
@@ -236 +236 @@
         {
         }
-#else
-        NativeExecutable(JSGlobalData& globalData, NativeFunction function, NativeFunction constructor)
-            : ExecutableBase(globalData, globalData.nativeExecutableStructure.get(), NUM_PARAMETERS_IS_HOST)
-            , m_function(function)
-            , m_constructor(constructor)
-        {
-        }
-#endif
 
         NativeFunction m_function;
-        // Probably should be a NativeConstructor, but this will currently require rewriting the JIT
-        // trampoline. It may be easier to make NativeFunction be passed 'this' as a part of the ArgList.
         NativeFunction m_constructor;
         
@@ -639 +629 @@
     }
 
+    inline NativeFunction JSFunction::nativeConstructor()
+    {
+        ASSERT(isHostFunction());
+        return static_cast<NativeExecutable*>(m_executable.get())->constructor();
+    }
+
     inline bool isHostFunction(JSValue value, NativeFunction nativeFunction)
     {

trunk/Source/JavaScriptCore/runtime/FunctionPrototype.cpp

@@ -24 +24 @@
 #include "Arguments.h"
 #include "JSArray.h"
+#include "JSBoundFunction.h"
 #include "JSFunction.h"
 #include "JSString.h"
@@ -37 +38 @@
 static EncodedJSValue JSC_HOST_CALL functionProtoFuncApply(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionProtoFuncCall(ExecState*);
+static EncodedJSValue JSC_HOST_CALL functionProtoFuncBind(ExecState*);
 
 FunctionPrototype::FunctionPrototype(JSGlobalObject* globalObject, Structure* structure)
@@ -49 +51 @@
 }
 
-void FunctionPrototype::addFunctionProperties(ExecState* exec, JSGlobalObject* globalObject, Structure* functionStructure, JSFunction** callFunction, JSFunction** applyFunction)
-{
-    JSFunction* toStringFunction = JSFunction::create(exec, globalObject, functionStructure, 0, exec->propertyNames().toString, functionProtoFuncToString);
+void FunctionPrototype::addFunctionProperties(ExecState* exec, JSGlobalObject* globalObject, JSFunction** callFunction, JSFunction** applyFunction)
+{
+    JSFunction* toStringFunction = JSFunction::create(exec, globalObject, 0, exec->propertyNames().toString, functionProtoFuncToString);
     putDirectWithoutTransition(exec->globalData(), exec->propertyNames().toString, toStringFunction, DontEnum);
 
-    *applyFunction = JSFunction::create(exec, globalObject, functionStructure, 2, exec->propertyNames().apply, functionProtoFuncApply);
+    *applyFunction = JSFunction::create(exec, globalObject, 2, exec->propertyNames().apply, functionProtoFuncApply);
     putDirectWithoutTransition(exec->globalData(), exec->propertyNames().apply, *applyFunction, DontEnum);
 
-    *callFunction = JSFunction::create(exec, globalObject, functionStructure, 1, exec->propertyNames().call, functionProtoFuncCall);
+    *callFunction = JSFunction::create(exec, globalObject, 1, exec->propertyNames().call, functionProtoFuncCall);
     putDirectWithoutTransition(exec->globalData(), exec->propertyNames().call, *callFunction, DontEnum);
+
+    JSFunction* bindFunction = JSFunction::create(exec, globalObject, 0, exec->propertyNames().bind, functionProtoFuncBind);
+    putDirectWithoutTransition(exec->globalData(), exec->propertyNames().bind, bindFunction, DontEnum);
 }
 
@@ -154 +159 @@
 }
 
+// 15.3.4.5 Function.prototype.bind (thisArg [, arg1 [, arg2, ...]])
+EncodedJSValue JSC_HOST_CALL functionProtoFuncBind(ExecState* exec)
+{
+    JSGlobalObject* globalObject = exec->callee()->globalObject();
+
+    // Let Target be the this value.
+    JSValue target = exec->hostThisValue();
+
+    // If IsCallable(Target) is false, throw a TypeError exception.
+    CallData callData;
+    CallType callType = getCallData(target, callData);
+    if (callType == CallTypeNone)
+        return throwVMTypeError(exec);
+    // Primitive values are not callable.
+    ASSERT(target.isObject());
+    JSObject* targetObject = asObject(target);
+
+    // Let A be a new (possibly empty) internal list of all of the argument values provided after thisArg (arg1, arg2 etc), in order.
+    size_t numBoundArgs = exec->argumentCount() > 1 ? exec->argumentCount() - 1 : 0;
+    JSArray* boundArgs = JSArray::create(exec->globalData(), globalObject->arrayStructure(), numBoundArgs, CreateCompact);
+    for (size_t i = 0; i < numBoundArgs; ++i)
+        boundArgs->uncheckedSetIndex(exec->globalData(), i, exec->argument(i + 1));
+    boundArgs->setLength(numBoundArgs);
+
+    // If the [[Class]] internal property of Target is "Function", then ...
+    // Else set the length own property of F to 0.
+    unsigned length = 0;
+    if (targetObject->inherits(&JSFunction::s_info)) {
+        ASSERT(target.get(exec, exec->propertyNames().length).isNumber());
+        // a. Let L be the length property of Target minus the length of A.
+        // b. Set the length own property of F to either 0 or L, whichever is larger.
+        unsigned targetLength = (unsigned)target.get(exec, exec->propertyNames().length).uncheckedGetNumber();
+        if (targetLength > numBoundArgs)
+            length = targetLength - numBoundArgs;
+    }
+
+    Identifier name(exec, target.get(exec, exec->propertyNames().name).toString(exec));
+
+    return JSValue::encode(JSBoundFunction::create(exec, globalObject, targetObject, exec->argument(0), boundArgs, length, name));
+}
+
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/FunctionPrototype.h

@@ -37 +37 @@
         }
         
-        void addFunctionProperties(ExecState*, JSGlobalObject*, Structure* functionStructure, JSFunction** callFunction, JSFunction** applyFunction);
+        void addFunctionProperties(ExecState*, JSGlobalObject*, JSFunction** callFunction, JSFunction** applyFunction);
         
         static Structure* createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue proto)

trunk/Source/JavaScriptCore/runtime/JSFunction.cpp

@@ -31 +31 @@
 #include "ExceptionHelpers.h"
 #include "FunctionPrototype.h"
+#include "JSArray.h"
 #include "JSGlobalObject.h"
 #include "JSNotAnObject.h"
@@ -57 +58 @@
 }
 
+JSFunction* JSFunction::create(ExecState* exec, JSGlobalObject* globalObject, int length, const Identifier& name, NativeFunction nativeFunction, NativeFunction nativeConstructor)
+{
+    NativeExecutable* executable = exec->globalData().getHostFunction(nativeFunction, nativeConstructor);
+    JSFunction* function = new (allocateCell<JSFunction>(*exec->heap())) JSFunction(exec, globalObject, globalObject->functionStructure());
+    // Can't do this during initialization because getHostFunction might do a GC allocation.
+    function->finishCreation(exec, executable, length, name);
+    return function;
+}
+
+JSFunction* JSFunction::create(ExecState* exec, JSGlobalObject* globalObject, int length, const Identifier& name, NativeExecutable* nativeExecutable)
+{
+    JSFunction* function = new (allocateCell<JSFunction>(*exec->heap())) JSFunction(exec, globalObject, globalObject->functionStructure());
+    function->finishCreation(exec, nativeExecutable, length, name);
+    return function;
+}
+
 JSFunction::JSFunction(VPtrStealingHackType)
     : Base(VPtrStealingHack)
@@ -76 +93 @@
 }
 
-void JSFunction::finishCreation(ExecState* exec, int length, const Identifier& name, ExecutableBase* executable)
+void JSFunction::finishCreation(ExecState* exec, NativeExecutable* executable, int length, const Identifier& name)
 {
     Base::finishCreation(exec->globalData());
@@ -89 +106 @@
     Base::finishCreation(exec->globalData());
     ASSERT(inherits(&s_info));
+
+    // Switching the structure here is only safe if we currently have the function structure!
+    ASSERT(structure() == scopeChainNode->globalObject->functionStructure());
     setStructure(exec->globalData(), scopeChainNode->globalObject->namedFunctionStructure());
     putDirectOffset(exec->globalData(), scopeChainNode->globalObject->functionNameOffset(), executable->nameValue());
@@ -98 +118 @@
 }
 
-static const char* StrictModeCallerAccessError = "Cannot access caller property of a strict mode function";
-static const char* StrictModeArgumentsAccessError = "Cannot access arguments property of a strict mode function";
-
-static void createDescriptorForThrowingProperty(ExecState* exec, PropertyDescriptor& descriptor, const char* message)
+const char* StrictModeCallerAccessError = "Cannot access caller property of a strict mode function";
+const char* StrictModeArgumentsAccessError = "Cannot access arguments property of a strict mode function";
+
+void createDescriptorForThrowingProperty(ExecState* exec, PropertyDescriptor& descriptor, const char* message)
 {
     JSValue thrower = createTypeErrorFunction(exec, message);
@@ -197 +217 @@
     if (propertyName == exec->propertyNames().arguments) {
         if (jsExecutable()->isStrictMode()) {
-            throwTypeError(exec, "Can't access arguments object of a strict mode function");
+            throwTypeError(exec, StrictModeArgumentsAccessError);
             slot.setValue(jsNull());
             return true;
@@ -312 +332 @@
 ConstructType JSFunction::getConstructData(ConstructData& constructData)
 {
-    if (isHostFunction())
-        return ConstructTypeNone;
+    if (isHostFunction()) {
+        constructData.native.function = nativeConstructor();
+        return ConstructTypeHost;
+    }
     constructData.js.functionExecutable = jsExecutable();
     constructData.js.scopeChain = scope();

trunk/Source/JavaScriptCore/runtime/JSFunction.h

@@ -42 +42 @@
     EncodedJSValue JSC_HOST_CALL callHostFunctionAsConstructor(ExecState*);
 
+    extern const char* StrictModeCallerAccessError;
+    extern const char* StrictModeArgumentsAccessError;
+
+    void createDescriptorForThrowingProperty(ExecState*, PropertyDescriptor&, const char* message);
+
     class JSFunction : public JSNonFinalObject {
         friend class JIT;
@@ -47 +52 @@
         friend class JSGlobalData;
 
-        JSFunction(ExecState*, JSGlobalObject*, Structure*);
-        JSFunction(ExecState*, FunctionExecutable*, ScopeChainNode*);
-        
     public:
         typedef JSNonFinalObject Base;
 
-        static JSFunction* create(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, int length, const Identifier& name, NativeFunction nativeFunction)
-        {
-            ASSERT(structure->globalObject());
-            ASSERT(structure->globalObject() == globalObject);
-            
-            ExecutableBase* executable = (ExecutableBase*)exec->globalData().getHostFunction(nativeFunction);
-            JSFunction* function = new (allocateCell<JSFunction>(*exec->heap())) JSFunction(exec, globalObject, structure);
-            // Can't do this during initialization because getHostFunction might do a GC allocation.
-            function->finishCreation(exec, length, name, executable);
-            return function;
-        }
-
-        static JSFunction* create(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, int length, const Identifier& name, NativeExecutable* nativeExecutable)
-        {
-            ASSERT(structure->globalObject());
-            ASSERT(structure->globalObject() == globalObject);
-
-            JSFunction* function = new (allocateCell<JSFunction>(*exec->heap())) JSFunction(exec, globalObject, structure);
-            function->finishCreation(exec, length, name, (ExecutableBase*)nativeExecutable);
-            return function;
-        }
+        static JSFunction* create(ExecState*, JSGlobalObject*, int length, const Identifier& name, NativeFunction nativeFunction, NativeFunction nativeConstructor = callHostFunctionAsConstructor);
+        static JSFunction* create(ExecState*, JSGlobalObject*, int length, const Identifier& name, NativeExecutable* nativeExecutable);
 
         static JSFunction* create(ExecState* exec, FunctionExecutable* executable, ScopeChainNode* scopeChain)
@@ -124 +107 @@
 
         NativeFunction nativeFunction();
+        NativeFunction nativeConstructor();
 
         virtual ConstructType getConstructData(ConstructData&);
@@ -141 +125 @@
         const static unsigned StructureFlags = OverridesGetOwnPropertySlot | ImplementsHasInstance | OverridesVisitChildren | OverridesGetPropertyNames | JSObject::StructureFlags;
 
-        void finishCreation(ExecState*, int length, const Identifier& name, ExecutableBase*);
+        JSFunction(ExecState*, JSGlobalObject*, Structure*);
+        JSFunction(ExecState*, FunctionExecutable*, ScopeChainNode*);
+        
+        void finishCreation(ExecState*, NativeExecutable*, int length, const Identifier& name);
         void finishCreation(ExecState*, FunctionExecutable*, ScopeChainNode*);
+
+        virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
+        virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
+        virtual void getOwnPropertyNames(ExecState*, PropertyNameArray&, EnumerationMode = ExcludeDontEnumProperties);
+
+        virtual void visitChildren(SlotVisitor&);
 
     private:
@@ -149 +142 @@
         bool isHostFunctionNonInline() const;
 
-        virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
-        virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
-        virtual void getOwnPropertyNames(ExecState*, PropertyNameArray&, EnumerationMode mode = ExcludeDontEnumProperties);
         virtual void put(ExecState*, const Identifier& propertyName, JSValue, PutPropertySlot&);
         virtual bool deleteProperty(ExecState*, const Identifier& propertyName);
-
-        virtual void visitChildren(SlotVisitor&);
 
         static JSValue argumentsGetter(ExecState*, JSValue, const Identifier&);

trunk/Source/JavaScriptCore/runtime/JSGlobalData.cpp

@@ -396 +396 @@
 
 #if ENABLE(JIT)
-NativeExecutable* JSGlobalData::getHostFunction(NativeFunction function)
-{
-    return jitStubs->hostFunctionStub(this, function);
+NativeExecutable* JSGlobalData::getHostFunction(NativeFunction function, NativeFunction constructor)
+{
+    return jitStubs->hostFunctionStub(this, function, constructor);
 }
 NativeExecutable* JSGlobalData::getHostFunction(NativeFunction function, ThunkGenerator generator, DFG::Intrinsic intrinsic)
@@ -405 +405 @@
 }
 #else
-NativeExecutable* JSGlobalData::getHostFunction(NativeFunction function)
-{
-    return NativeExecutable::create(*this, function, callHostFunctionAsConstructor);
+NativeExecutable* JSGlobalData::getHostFunction(NativeFunction function, NativeFunction constructor)
+{
+    return NativeExecutable::create(*this, function, constructor);
 }
 #endif

trunk/Source/JavaScriptCore/runtime/JSGlobalData.h

@@ -220 +220 @@
         NativeExecutable* getHostFunction(NativeFunction, ThunkGenerator, DFG::Intrinsic);
 #endif
-        NativeExecutable* getHostFunction(NativeFunction);
+        NativeExecutable* getHostFunction(NativeFunction, NativeFunction constructor);
 
         TimeoutChecker timeoutChecker;

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

@@ -47 +47 @@
 #include "FunctionConstructor.h"
 #include "FunctionPrototype.h"
+#include "JSBoundFunction.h"
 #include "JSFunction.h"
 #include "JSGlobalObjectFunctions.h"
@@ -188 +189 @@
     m_functionPrototype.set(exec->globalData(), this, FunctionPrototype::create(exec, this, FunctionPrototype::createStructure(exec->globalData(), this, jsNull()))); // The real prototype will be set once ObjectPrototype is created.
     m_functionStructure.set(exec->globalData(), this, JSFunction::createStructure(exec->globalData(), this, m_functionPrototype.get()));
+    m_boundFunctionStructure.set(exec->globalData(), this, JSBoundFunction::createStructure(exec->globalData(), this, m_functionPrototype.get()));
     m_namedFunctionStructure.set(exec->globalData(), this, Structure::addPropertyTransition(exec->globalData(), m_functionStructure.get(), exec->globalData().propertyNames->name, DontDelete | ReadOnly | DontEnum, 0, m_functionNameOffset));
     m_internalFunctionStructure.set(exec->globalData(), this, InternalFunction::createStructure(exec->globalData(), this, m_functionPrototype.get()));
     JSFunction* callFunction = 0;
     JSFunction* applyFunction = 0;
-    m_functionPrototype->addFunctionProperties(exec, this, m_functionStructure.get(), &callFunction, &applyFunction);
+    m_functionPrototype->addFunctionProperties(exec, this, &callFunction, &applyFunction);
     m_callFunction.set(exec->globalData(), this, callFunction);
     m_applyFunction.set(exec->globalData(), this, applyFunction);
@@ -281 +283 @@
     putDirectWithoutTransition(exec->globalData(), Identifier(exec, "URIError"), m_URIErrorConstructor.get(), DontEnum);
 
-    m_evalFunction.set(exec->globalData(), this, JSFunction::create(exec, this, m_functionStructure.get(), 1, exec->propertyNames().eval, globalFuncEval));
+    m_evalFunction.set(exec->globalData(), this, JSFunction::create(exec, this, 1, exec->propertyNames().eval, globalFuncEval));
     putDirectWithoutTransition(exec->globalData(), exec->propertyNames().eval, m_evalFunction.get(), DontEnum);
 
@@ -350 +352 @@
     visitIfNeeded(visitor, &m_errorStructure);
     visitIfNeeded(visitor, &m_functionStructure);
+    visitIfNeeded(visitor, &m_boundFunctionStructure);
     visitIfNeeded(visitor, &m_namedFunctionStructure);
     visitIfNeeded(visitor, &m_numberObjectStructure);

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h

@@ -117 +117 @@
         WriteBarrier<Structure> m_errorStructure;
         WriteBarrier<Structure> m_functionStructure;
+        WriteBarrier<Structure> m_boundFunctionStructure;
         WriteBarrier<Structure> m_namedFunctionStructure;
         size_t m_functionNameOffset;
@@ -229 +230 @@
         Structure* errorStructure() const { return m_errorStructure.get(); }
         Structure* functionStructure() const { return m_functionStructure.get(); }
+        Structure* boundFunctionStructure() const { return m_boundFunctionStructure.get(); }
         Structure* namedFunctionStructure() const { return m_namedFunctionStructure.get(); }
         size_t functionNameOffset() const { return m_functionNameOffset; }

trunk/Source/JavaScriptCore/runtime/Lookup.cpp

@@ -83 +83 @@
 #if ENABLE(JIT)
         if (entry->generator() || entry->intrinsic() != DFG::NoIntrinsic)
-            function = JSFunction::create(exec, globalObject, globalObject->functionStructure(), entry->functionLength(), propertyName, exec->globalData().getHostFunction(entry->function(), entry->generator(), entry->intrinsic()));
+            function = JSFunction::create(exec, globalObject, entry->functionLength(), propertyName, exec->globalData().getHostFunction(entry->function(), entry->generator(), entry->intrinsic()));
         else
 #endif
-            function = JSFunction::create(exec, globalObject, globalObject->functionStructure(), entry->functionLength(), propertyName, entry->function());
+            function = JSFunction::create(exec, globalObject, entry->functionLength(), propertyName, entry->function());
 
         thisObj->putDirect(exec->globalData(), propertyName, function, entry->attributes());