Move special __proto__ property to Object.prototype
authorbarraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 12 Feb 2012 02:47:50 +0000 (02:47 +0000)
committerbarraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 12 Feb 2012 02:47:50 +0000 (02:47 +0000)
commite86b9359c90248d1130aaa1cf3d97c32bec578a9
treefece06f4605b2938cd46ee039a41e689cfbbe9af
parent11e9b3c3ef3a63eea384762e51e31725f5d078c4
Move special __proto__ property to Object.prototype
https://bugs.webkit.org/show_bug.cgi?id=78409

Reviewed by Oliver Hunt.

Re-implement this as a regular accessor property.  This has three key benefits:
1) It makes it possible for objects to be given properties named __proto__.
2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed.
3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property.

Source/JavaScriptCore:

* parser/Parser.cpp:
(JSC::::parseFunctionInfo):
    - No need to prohibit functions named __proto__.
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
    - Add __proto__ accessor to Object.prototype.
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncProtoGetter):
(JSC::globalFuncProtoSetter):
    - Definition of the __proto__ accessor functions.
* runtime/JSGlobalObjectFunctions.h:
    - Declaration of the __proto__ accessor functions.
* runtime/JSObject.cpp:
(JSC::JSObject::put):
    - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__.
(JSC::JSObject::putDirectAccessor):
    - Track on the structure whether an object contains accessors other than one for __proto__.
(JSC::JSObject::defineOwnProperty):
    - No need to prohibit definition of own properties named __proto__.
* runtime/JSObject.h:
(JSC::JSObject::inlineGetOwnPropertySlot):
    - Remove the special handling for __proto__.
(JSC::JSValue::get):
    - Remove the special handling for __proto__.
* runtime/JSString.cpp:
(JSC::JSString::getOwnPropertySlot):
    - Remove the special handling for __proto__.
* runtime/JSValue.h:
(JSValue):
    - Made synthesizePrototype public (this may be needed by the __proto__ getter).
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorGetPrototypeOf):
    - Perform the security check & call prototype() directly.
* runtime/Structure.cpp:
(JSC::Structure::Structure):
    - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
* runtime/Structure.h:
(JSC::Structure::hasGetterSetterPropertiesExcludingProto):
(JSC::Structure::setHasGetterSetterProperties):
(Structure):
    - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.

Source/WebCore:

* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::allowsAccessFrom):
(WebCore):
    - expose allowsAccessFrom check to JSC.
* bindings/js/JSDOMWindowBase.h:
(JSDOMWindowBase):
    - expose allowsAccessFrom check to JSC.

LayoutTests:

* fast/js/Object-getOwnPropertyNames-expected.txt:
* fast/js/cyclic-prototypes-expected.txt:
* fast/js/parser-syntax-check-expected.txt:
* fast/js/preventExtensions-expected.txt:
* fast/js/prototypes-expected.txt:
    - Update results
* fast/js/script-tests/Object-getOwnPropertyNames.js:
    - __proto__ is now a property of Object Prototype.
* fast/js/script-tests/cyclic-prototypes.js:
    - setting an object's prototype to null removes __proto__ setter, future usage won't set prototype.
* fast/js/script-tests/parser-syntax-check.js:
    - Allow functions named __proto__
* fast/js/script-tests/preventExtensions.js:
    - Setting __proto__ should not throw.
* fast/js/script-tests/prototypes.js:
    - Objects may contained own properties named __proto__, add new test cases.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@107498 268f45cc-cd09-0410-ab3c-d52691b4dbfc
29 files changed:
LayoutTests/ChangeLog
LayoutTests/fast/js/Object-getOwnPropertyNames-expected.txt
LayoutTests/fast/js/cyclic-prototypes-expected.txt
LayoutTests/fast/js/parser-syntax-check-expected.txt
LayoutTests/fast/js/preventExtensions-expected.txt
LayoutTests/fast/js/prototypes-expected.txt
LayoutTests/fast/js/script-tests/Object-getOwnPropertyNames.js
LayoutTests/fast/js/script-tests/cyclic-prototypes.js
LayoutTests/fast/js/script-tests/parser-syntax-check.js
LayoutTests/fast/js/script-tests/preventExtensions.js
LayoutTests/fast/js/script-tests/prototypes.js
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/parser/Parser.cpp
Source/JavaScriptCore/runtime/ClassInfo.h
Source/JavaScriptCore/runtime/JSCell.cpp
Source/JavaScriptCore/runtime/JSCell.h
Source/JavaScriptCore/runtime/JSGlobalObject.cpp
Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.h
Source/JavaScriptCore/runtime/JSObject.cpp
Source/JavaScriptCore/runtime/JSObject.h
Source/JavaScriptCore/runtime/JSString.cpp
Source/JavaScriptCore/runtime/JSValue.h
Source/JavaScriptCore/runtime/ObjectConstructor.cpp
Source/JavaScriptCore/runtime/Structure.cpp
Source/JavaScriptCore/runtime/Structure.h
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/JSDOMWindowBase.cpp
Source/WebCore/bindings/js/JSDOMWindowBase.h