performProxyCall should toThis the value passed to its handler
authorkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 23 Jun 2018 00:03:56 +0000 (00:03 +0000)
committerkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 23 Jun 2018 00:03:56 +0000 (00:03 +0000)
https://bugs.webkit.org/show_bug.cgi?id=186951

Reviewed by Mark Lam.

JSTests:

* stress/proxy-call-apply-handler-to-this.js: Added.
(applyHandler):
(let.f.new.Proxy):
(withScope):
(lexicalScope):
(strictEvalScope):
(BigInt):

Source/JavaScriptCore:

* runtime/ProxyObject.cpp:
(JSC::performProxyCall):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@233110 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JSTests/ChangeLog
JSTests/stress/proxy-call-apply-handler-to-this.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/ProxyObject.cpp

index be4eb3c..2197c3c 100644 (file)
@@ -1,3 +1,18 @@
+2018-06-22  Keith Miller  <keith_miller@apple.com>
+
+        performProxyCall should toThis the value passed to its handler
+        https://bugs.webkit.org/show_bug.cgi?id=186951
+
+        Reviewed by Mark Lam.
+
+        * stress/proxy-call-apply-handler-to-this.js: Added.
+        (applyHandler):
+        (let.f.new.Proxy):
+        (withScope):
+        (lexicalScope):
+        (strictEvalScope):
+        (BigInt):
+
 2018-06-20  Keith Miller  <keith_miller@apple.com>
 
         flattenDictionaryStruture needs to zero inline storage.
 2018-06-20  Keith Miller  <keith_miller@apple.com>
 
         flattenDictionaryStruture needs to zero inline storage.
diff --git a/JSTests/stress/proxy-call-apply-handler-to-this.js b/JSTests/stress/proxy-call-apply-handler-to-this.js
new file mode 100644 (file)
index 0000000..9507bd9
--- /dev/null
@@ -0,0 +1,39 @@
+//@ runDefault("--useBigInt=1")
+
+let expectedThis;
+
+function applyHandler(target, thisValue) {
+    if (thisValue !== expectedThis)
+        throw new Error("got weird this value: " + thisValue);
+}
+
+let handler = {
+    apply: applyHandler
+};
+let f = new Proxy(function() {}, handler);
+
+function withScope(o) {
+    with (o) {
+        f();
+    }
+}
+
+function lexicalScope() {
+    let x;
+    f();
+}
+
+// globalScope
+f();
+
+function strictEvalScope() {
+    "use strict";
+    eval("var x; f();");
+}
+
+let primitives = [undefined, null, true, 1.324, "test", Symbol("test"), BigInt(12), {}, []];
+
+for (let primitive of primitives) {
+    expectedThis = primitive;
+    f.call(primitive);
+}
index 8942d1a..f143143 100644 (file)
@@ -1,3 +1,13 @@
+2018-06-22  Keith Miller  <keith_miller@apple.com>
+
+        performProxyCall should toThis the value passed to its handler
+        https://bugs.webkit.org/show_bug.cgi?id=186951
+
+        Reviewed by Mark Lam.
+
+        * runtime/ProxyObject.cpp:
+        (JSC::performProxyCall):
+
 2018-06-22  Saam Barati  <sbarati@apple.com>
 
         ensureWritableX should only convert away from CoW when it will succeed
 2018-06-22  Saam Barati  <sbarati@apple.com>
 
         ensureWritableX should only convert away from CoW when it will succeed
index 5c3ee5e..be64c69 100644 (file)
@@ -549,7 +549,7 @@ static EncodedJSValue JSC_HOST_CALL performProxyCall(ExecState* exec)
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
     MarkedArgumentBuffer arguments;
     arguments.append(target);
     RETURN_IF_EXCEPTION(scope, encodedJSValue());
     MarkedArgumentBuffer arguments;
     arguments.append(target);
-    arguments.append(exec->thisValue());
+    arguments.append(exec->thisValue().toThis(exec, ECMAMode::StrictMode));
     arguments.append(argArray);
     ASSERT(!arguments.hasOverflowed());
     scope.release();
     arguments.append(argArray);
     ASSERT(!arguments.hasOverflowed());
     scope.release();