Poisoning of strict caller,arguments inappropriately poisoning "in"
https://bugs.webkit.org/show_bug.cgi?id=63398
Reviewed by Oliver Hunt.
Source/JavaScriptCore:
This fixes the problem by correctly implementing the spec -
the error should actually be being thrown from a standard JS getter/setter.
This implements spec correct behaviour for strict mode JS functions & bound
functions, I'll follow up with a patch to do the same for arguments.
- runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::finishCreation):
- Add the poisoned caller/arguments properties.
- runtime/JSBoundFunction.h:
- runtime/JSFunction.cpp:
(JSC::JSFunction::finishCreation):
(JSC::JSFunction::getOwnPropertySlot):
(JSC::JSFunction::getOwnPropertyDescriptor):
(JSC::JSFunction::put):
- If the caller/arguments are accessed on a strict mode function, lazily add the ThrowTypeError getter.
- runtime/JSFunction.h:
- runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::createThrowTypeError):
(JSC::JSGlobalObject::visitChildren):
- runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::throwTypeErrorGetterSetter):
- Add a ThrowTypeError type, per ES5 13.2.3.
- runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncThrowTypeError):
- runtime/JSGlobalObjectFunctions.h:
- Implementation of ThrowTypeError.
- runtime/JSObject.cpp:
(JSC::JSObject::initializeGetterSetterProperty):
- runtime/JSObject.h:
- This function adds a new property (must not exist already) that is an initialized getter/setter.
LayoutTests:
- fast/js/basic-strict-mode-expected.txt:
- fast/js/script-tests/basic-strict-mode.js:
