ArrayPrototype methods should use JSValue::toLength for non-Arrays.

author keith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>

Sat, 17 Jun 2017 10:52:34 +0000 (10:52 +0000)

committer keith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>

Sat, 17 Jun 2017 10:52:34 +0000 (10:52 +0000)
author keith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 17 Jun 2017 10:52:34 +0000 (10:52 +0000)
committer keith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 17 Jun 2017 10:52:34 +0000 (10:52 +0000)
diff --git a/JSTests/ChakraCore/test/Function/apply3.baseline-jsc b/JSTests/ChakraCore/test/Function/apply3.baseline-jsc

index 282c12e..1203a54 100644 (file)
--- a/JSTests/ChakraCore/test/Function/apply3.baseline-jsc
+++ b/JSTests/ChakraCore/test/Function/apply3.baseline-jsc
@@ -20,7 +20,7 @@ Called with this: object[[object Object]], args: []
  Called with this: object[[object Object]], args: []
  Called with this: object[[object Object]], args: []
  Called with this: object[[object Object]], args: []
-Exception: RangeError : Maximum call stack size exceeded.
+Called with this: object[[object Object]], args: []
  
  --- f.apply(x, arr), arr.length is huge ---
  Exception: RangeError : Maximum call stack size exceeded.
diff --git a/JSTests/ChangeLog b/JSTests/ChangeLog

index 484007c..3c0b153 100644 (file)
--- a/JSTests/ChangeLog
+++ b/JSTests/ChangeLog
@@ -1,3 +1,15 @@
+2017-06-17  Keith Miller  <keith_miller@apple.com>
+
+        ArrayPrototype methods should use JSValue::toLength for non-Arrays.
+        https://bugs.webkit.org/show_bug.cgi?id=173506
+
+        Reviewed by Ryosuke Niwa.
+
+        Re-baseline tests.
+
+        * ChakraCore/test/Function/apply3.baseline-jsc:
+        * test262.yaml:
+
  2017-06-16  Yusuke Suzuki  <utatane.tea@gmail.com>
  
          [JSC] Add fast path for Object.assign
diff --git a/JSTests/test262.yaml b/JSTests/test262.yaml

index 87858dc..68aea73 100644 (file)
--- a/JSTests/test262.yaml
+++ b/JSTests/test262.yaml
@@ -6526,17 +6526,17 @@
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-11.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-12.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-12.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-13.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-13.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-14.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-14.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-15.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-15.js
@@ -6582,9 +6582,9 @@
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-24.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-25.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-25.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-28.js
    cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-28.js
@@ -6610,13 +6610,13 @@
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-6.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-7.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-7.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-8.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-8.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-9.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/indexOf/15.4.4.14-3-9.js
@@ -7416,9 +7416,9 @@
  - path: test262/test/built-ins/Array/prototype/lastIndexOf/15.4.4.15-3-11.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/lastIndexOf/15.4.4.15-3-12.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/lastIndexOf/15.4.4.15-3-12.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/lastIndexOf/15.4.4.15-3-13.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/lastIndexOf/15.4.4.15-3-13.js
@@ -7472,9 +7472,9 @@
  - path: test262/test/built-ins/Array/prototype/lastIndexOf/15.4.4.15-3-24.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/lastIndexOf/15.4.4.15-3-25.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/lastIndexOf/15.4.4.15-3-25.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/lastIndexOf/15.4.4.15-3-28.js
    cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/lastIndexOf/15.4.4.15-3-28.js
@@ -7496,9 +7496,9 @@
  - path: test262/test/built-ins/Array/prototype/lastIndexOf/15.4.4.15-3-6.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/lastIndexOf/15.4.4.15-3-7.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/lastIndexOf/15.4.4.15-3-7.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/lastIndexOf/15.4.4.15-3-9.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/lastIndexOf/15.4.4.15-3-9.js
@@ -8884,9 +8884,9 @@
  - path: test262/test/built-ins/Array/prototype/pop/S15.4.4.6_A3_T2.js
    cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/pop/S15.4.4.6_A3_T3.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/pop/S15.4.4.6_A3_T3.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/pop/S15.4.4.6_A4_T1.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/pop/S15.4.4.6_A4_T1.js
@@ -8960,9 +8960,9 @@
  - path: test262/test/built-ins/Array/prototype/push/S15.4.4.7_A4_T2.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/push/S15.4.4.7_A4_T3.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/push/S15.4.4.7_A4_T3.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/push/S15.4.4.7_A5_T1.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/push/S15.4.4.7_A5_T1.js
@@ -11060,9 +11060,9 @@
  - path: test262/test/built-ins/Array/prototype/reverse/S15.4.4.8_A2_T3.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/reverse/S15.4.4.8_A3_T3.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/reverse/S15.4.4.8_A3_T3.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/reverse/S15.4.4.8_A4_T1.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/reverse/S15.4.4.8_A4_T1.js
@@ -11136,9 +11136,9 @@
  - path: test262/test/built-ins/Array/prototype/shift/S15.4.4.9_A2_T5.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/shift/S15.4.4.9_A3_T3.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/shift/S15.4.4.9_A3_T3.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/shift/S15.4.4.9_A4_T1.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/shift/S15.4.4.9_A4_T1.js
@@ -11340,9 +11340,9 @@
  - path: test262/test/built-ins/Array/prototype/slice/S15.4.4.10_A3_T2.js
    cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/slice/S15.4.4.10_A3_T3.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/slice/S15.4.4.10_A3_T3.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/slice/S15.4.4.10_A4_T1.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/slice/S15.4.4.10_A4_T1.js
@@ -12566,9 +12566,9 @@
  - path: test262/test/built-ins/Array/prototype/splice/S15.4.4.12_A3_T1.js
    cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/splice/S15.4.4.12_A3_T3.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/splice/S15.4.4.12_A3_T3.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/splice/S15.4.4.12_A4_T1.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/splice/S15.4.4.12_A4_T1.js
@@ -12794,9 +12794,9 @@
  - path: test262/test/built-ins/Array/prototype/unshift/S15.4.4.13_A2_T3.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/unshift/S15.4.4.13_A3_T2.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/unshift/S15.4.4.13_A3_T2.js
-  cmd: runTest262 :fail, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
+  cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], [:strict]
  - path: test262/test/built-ins/Array/prototype/unshift/S15.4.4.13_A4_T1.js
    cmd: runTest262 :normal, "NoException", ["../../../../../harness/assert.js", "../../../../../harness/sta.js"], []
  - path: test262/test/built-ins/Array/prototype/unshift/S15.4.4.13_A4_T1.js
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog

index 8d70f98..4af55c8 100644 (file)
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,12 @@
+2017-06-17  Keith Miller  <keith_miller@apple.com>
+
+        ArrayPrototype methods should use JSValue::toLength for non-Arrays.
+        https://bugs.webkit.org/show_bug.cgi?id=173506
+
+        Unreviewed test gardening.
+
+        * TestExpectations:
+
  2017-06-17  Per Arne Vollan  <pvollan@apple.com>
  
          Unreviewed test gardening. Remove duplicate entries for tests.
diff --git a/LayoutTests/TestExpectations b/LayoutTests/TestExpectations

index 1fefd1b..d2255e5 100644 (file)
--- a/LayoutTests/TestExpectations
+++ b/LayoutTests/TestExpectations
@@ -725,6 +725,30 @@ webkit.org/b/142937 ietestcenter/Javascript/15.2.3.14-1-1.html [ Failure ]
  webkit.org/b/142937 ietestcenter/Javascript/15.2.3.14-1-2.html [ Failure ]
  webkit.org/b/142937 ietestcenter/Javascript/15.2.3.14-1-3.html [ Failure ]
  
+# In ES6, Array.prototype methods use toLength rather than toUint32 when computing the length.
+ietestcenter/Javascript/15.4.4.14-3-12.html [ Failure ]
+webkit.org/b/173506  ietestcenter/Javascript/15.4.4.14-3-14.html [ Failure ]
+webkit.org/b/173506  ietestcenter/Javascript/15.4.4.14-3-25.html [ Failure ]
+webkit.org/b/173506  ietestcenter/Javascript/15.4.4.14-3-7.html [ Failure ]
+webkit.org/b/173506  ietestcenter/Javascript/15.4.4.14-3-8.html [ Failure ]
+webkit.org/b/173506  ietestcenter/Javascript/15.4.4.15-3-12.html [ Failure ]
+webkit.org/b/173506  ietestcenter/Javascript/15.4.4.15-3-25.html [ Failure ]
+webkit.org/b/173506  ietestcenter/Javascript/15.4.4.15-3-7.html [ Failure ]
+webkit.org/b/173506  sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.10_Array_prototype_slice/S15.4.4.10_A3_T3.html [ Failure ]
+webkit.org/b/173506  sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.12_Array_prototype_splice/S15.4.4.12_A3_T3.html [ Failure ]
+webkit.org/b/173506  sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.13_Array_prototype_unshift/S15.4.4.13_A2_T2.html [ Failure ]
+webkit.org/b/173506  sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.13_Array_prototype_unshift/S15.4.4.13_A3_T2.html [ Failure ]
+webkit.org/b/173506  sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.6_Array_prototype_pop/S15.4.4.6_A2_T2.html [ Failure ]
+webkit.org/b/173506  sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.6_Array_prototype_pop/S15.4.4.6_A3_T3.html [ Failure ]
+webkit.org/b/173506  sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.7_Array_prototype_push/S15.4.4.7_A2_T2.html [ Failure ]
+webkit.org/b/173506  sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.7_Array_prototype_push/S15.4.4.7_A4_T3.html [ Failure ]
+webkit.org/b/173506  sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.8_Array_prototype_reverse/S15.4.4.8_A3_T3.html [ Failure ]
+webkit.org/b/173506  sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.9_Array_prototype_shift/S15.4.4.9_A3_T3.html [ Failure ]
+
+webkit.org/b/173506  ietestcenter/Javascript/15.4.4.15-3-14.html [ Skip ]
+webkit.org/b/173506  ietestcenter/Javascript/15.4.4.15-3-8.html [ Skip ]
+webkit.org/b/173506  sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.9_Array_prototype_shift/S15.4.4.9_A2_T2.html [ Skip ]
+
  [ Debug ] js/regress-141098.html [ Slow ]
  
  # IDBVersionChangeEvent tests need to be rewritten to use event constructors instead of createEvent,
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog

index be8abd1..6da80fc 100644 (file)
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog
@@ -1,3 +1,37 @@
+2017-06-17  Keith Miller  <keith_miller@apple.com>
+
+        ArrayPrototype methods should use JSValue::toLength for non-Arrays.
+        https://bugs.webkit.org/show_bug.cgi?id=173506
+
+        Reviewed by Ryosuke Niwa.
+
+        This patch changes the result of unshift if old length +
+        unshift.arguments.length > (2 ** 53) - 1 to be a type error. Also,
+        the getLength function, which was always incorrect to use, has
+        been removed. Additionally, some cases where we were using a
+        constant for (2 ** 53) - 1 have been replaced with
+        maxSafeInteger()
+
+        * interpreter/Interpreter.cpp:
+        (JSC::sizeOfVarargs):
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncToLocaleString):
+        (JSC::arrayProtoFuncPop):
+        (JSC::arrayProtoFuncPush):
+        (JSC::arrayProtoFuncReverse):
+        (JSC::arrayProtoFuncShift):
+        (JSC::arrayProtoFuncSlice):
+        (JSC::arrayProtoFuncSplice):
+        (JSC::arrayProtoFuncUnShift):
+        (JSC::arrayProtoFuncIndexOf):
+        (JSC::arrayProtoFuncLastIndexOf):
+        * runtime/JSArrayInlines.h:
+        (JSC::getLength): Deleted.
+        * runtime/JSCJSValue.cpp:
+        (JSC::JSValue::toLength):
+        * runtime/NumberConstructor.cpp:
+        (JSC::numberConstructorFuncIsSafeInteger):
+
  2017-06-16  Matt Baker  <mattbaker@apple.com>
  
          Web Inspector: Instrument 2D/WebGL canvas contexts in the backend
diff --git a/Source/JavaScriptCore/interpreter/Interpreter.cpp b/Source/JavaScriptCore/interpreter/Interpreter.cpp

index 1a12a1d..e5cd832 100644 (file)
--- a/Source/JavaScriptCore/interpreter/Interpreter.cpp
+++ b/Source/JavaScriptCore/interpreter/Interpreter.cpp
@@ -204,7 +204,7 @@ unsigned sizeOfVarargs(CallFrame* callFrame, JSValue arguments, uint32_t firstVa
          
      default:
          RELEASE_ASSERT(arguments.isObject());
-        length = getLength(callFrame, jsCast<JSObject*>(cell));
+        length = toLength(callFrame, jsCast<JSObject*>(cell));
          break;
      }
      RETURN_IF_EXCEPTION(scope, 0);
diff --git a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp

index 8f16943..de02b7d 100644 (file)
--- a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp
+++ b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp
@@ -448,8 +448,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncToLocaleString(ExecState* exec)
  
      JSObject* thisObject = thisValue.toObject(exec);
      RETURN_IF_EXCEPTION(scope, encodedJSValue());
-
-    unsigned length = getLength(exec, thisObject);
+    unsigned length = toLength(exec, thisObject);
      RETURN_IF_EXCEPTION(scope, encodedJSValue());
  
      StringRecursionChecker checker(exec, thisObject);
@@ -736,7 +735,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncPop(ExecState* exec)
      ASSERT(!!scope.exception() == !thisObj);
      if (UNLIKELY(!thisObj))
          return encodedJSValue();
-    unsigned length = getLength(exec, thisObj);
+    unsigned length = toLength(exec, thisObj);
      RETURN_IF_EXCEPTION(scope, encodedJSValue());
  
      if (length == 0) {
@@ -775,7 +774,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncPush(ExecState* exec)
      ASSERT(!!scope.exception() == !thisObj);
      if (UNLIKELY(!thisObj))
          return encodedJSValue();
-    unsigned length = getLength(exec, thisObj);
+    unsigned length = toLength(exec, thisObj);
      RETURN_IF_EXCEPTION(scope, encodedJSValue());
  
      for (unsigned n = 0; n < exec->argumentCount(); n++) {
@@ -806,7 +805,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncReverse(ExecState* exec)
      if (UNLIKELY(!thisObject))
          return encodedJSValue();
  
-    unsigned length = getLength(exec, thisObject);
+    unsigned length = toLength(exec, thisObject);
      RETURN_IF_EXCEPTION(scope, encodedJSValue());
  
      switch (thisObject->indexingType()) {
@@ -897,7 +896,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncShift(ExecState* exec)
      ASSERT(!!scope.exception() == !thisObj);
      if (UNLIKELY(!thisObj))
          return encodedJSValue();
-    unsigned length = getLength(exec, thisObj);
+    unsigned length = toLength(exec, thisObj);
      RETURN_IF_EXCEPTION(scope, encodedJSValue());
  
      if (length == 0) {
@@ -924,7 +923,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncSlice(ExecState* exec)
      ASSERT(!!scope.exception() == !thisObj);
      if (UNLIKELY(!thisObj))
          return { };
-    unsigned length = getLength(exec, thisObj);
+    unsigned length = toLength(exec, thisObj);
      RETURN_IF_EXCEPTION(scope, { });
  
      unsigned begin = argumentClampedIndexFromStartOrEnd(exec, 0, length);
@@ -940,7 +939,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncSlice(ExecState* exec)
      if (UNLIKELY(speciesResult.first == SpeciesConstructResult::Exception))
          return { };
  
-    bool okToDoFastPath = speciesResult.first == SpeciesConstructResult::FastPath && isJSArray(thisObj) && length == getLength(exec, thisObj);
+    bool okToDoFastPath = speciesResult.first == SpeciesConstructResult::FastPath && isJSArray(thisObj) && length == toLength(exec, thisObj);
      RETURN_IF_EXCEPTION(scope, { });
      if (LIKELY(okToDoFastPath)) {
          if (JSArray* result = asArray(thisObj)->fastSlice(*exec, begin, end - begin))
@@ -980,7 +979,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncSplice(ExecState* exec)
      ASSERT(!!scope.exception() == !thisObj);
      if (UNLIKELY(!thisObj))
          return encodedJSValue();
-    unsigned length = getLength(exec, thisObj);
+    unsigned length = toLength(exec, thisObj);
      RETURN_IF_EXCEPTION(scope, encodedJSValue());
  
      if (!exec->argumentCount()) {
@@ -1025,7 +1024,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncSplice(ExecState* exec)
          return JSValue::encode(jsUndefined());
  
      JSObject* result = nullptr;
-    bool okToDoFastPath = speciesResult.first == SpeciesConstructResult::FastPath && isJSArray(thisObj) && length == getLength(exec, thisObj);
+    bool okToDoFastPath = speciesResult.first == SpeciesConstructResult::FastPath && isJSArray(thisObj) && length == toLength(exec, thisObj);
      RETURN_IF_EXCEPTION(scope, encodedJSValue());
      if (LIKELY(okToDoFastPath))
          result = asArray(thisObj)->fastSlice(*exec, actualStart, actualDeleteCount);
@@ -1078,11 +1077,14 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncUnShift(ExecState* exec)
      ASSERT(!!scope.exception() == !thisObj);
      if (UNLIKELY(!thisObj))
          return encodedJSValue();
-    unsigned length = getLength(exec, thisObj);
+    double doubleLength = toLength(exec, thisObj);
+    unsigned length = doubleLength;
      RETURN_IF_EXCEPTION(scope, encodedJSValue());
  
      unsigned nrArgs = exec->argumentCount();
      if (nrArgs) {
+        if (UNLIKELY(doubleLength + static_cast<double>(nrArgs) > maxSafeInteger()))
+            return throwVMTypeError(exec, scope, ASCIILiteral("Cannot shift to offset greater than (2 ** 53) - 1"));
          unshift<JSArray::ShiftCountForShift>(exec, thisObj, 0, 0, nrArgs, length);
          RETURN_IF_EXCEPTION(scope, encodedJSValue());
      }
@@ -1106,7 +1108,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncIndexOf(ExecState* exec)
      ASSERT(!!scope.exception() == !thisObj);
      if (UNLIKELY(!thisObj))
          return encodedJSValue();
-    unsigned length = getLength(exec, thisObj);
+    unsigned length = toLength(exec, thisObj);
      RETURN_IF_EXCEPTION(scope, encodedJSValue());
  
      unsigned index = argumentClampedIndexFromStartOrEnd(exec, 1, length);
@@ -1134,7 +1136,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncLastIndexOf(ExecState* exec)
      ASSERT(!!scope.exception() == !thisObj);
      if (UNLIKELY(!thisObj))
          return encodedJSValue();
-    unsigned length = getLength(exec, thisObj);
+    unsigned length = toLength(exec, thisObj);
      if (UNLIKELY(scope.exception()) || !length)
          return JSValue::encode(jsNumber(-1));
  
diff --git a/Source/JavaScriptCore/runtime/JSArrayInlines.h b/Source/JavaScriptCore/runtime/JSArrayInlines.h

index 8465177..c673bbc 100644 (file)
--- a/Source/JavaScriptCore/runtime/JSArrayInlines.h
+++ b/Source/JavaScriptCore/runtime/JSArrayInlines.h
@@ -67,19 +67,6 @@ inline bool JSArray::canFastCopy(VM& vm, JSArray* otherArray)
      return true;
  }
  
-ALWAYS_INLINE unsigned getLength(ExecState* exec, JSObject* obj)
-{
-    VM& vm = exec->vm();
-    auto scope = DECLARE_THROW_SCOPE(vm);
-    if (isJSArray(obj))
-        return jsCast<JSArray*>(obj)->length();
-
-    JSValue lengthValue = obj->get(exec, vm.propertyNames->length);
-    RETURN_IF_EXCEPTION(scope, UINT_MAX);
-    scope.release();
-    return lengthValue.toUInt32(exec);
-}
-
  ALWAYS_INLINE double toLength(ExecState* exec, JSObject* obj)
  {
      VM& vm = exec->vm();
diff --git a/Source/JavaScriptCore/runtime/JSCJSValue.cpp b/Source/JavaScriptCore/runtime/JSCJSValue.cpp

index 3663528..acab267 100644 (file)
--- a/Source/JavaScriptCore/runtime/JSCJSValue.cpp
+++ b/Source/JavaScriptCore/runtime/JSCJSValue.cpp
@@ -62,8 +62,8 @@ double JSValue::toLength(ExecState* exec) const
      if (d <= 0)
          return 0.0;
      if (std::isinf(d))
-        return 9007199254740991.0; // 2 ** 53 - 1
-    return std::min(d, 9007199254740991.0);
+        return maxSafeInteger();
+    return std::min(d, maxSafeInteger());
  }
  
  double JSValue::toNumberSlowCase(ExecState* exec) const
diff --git a/Source/JavaScriptCore/runtime/NumberConstructor.cpp b/Source/JavaScriptCore/runtime/NumberConstructor.cpp

index 1acf44d..1337370 100644 (file)
--- a/Source/JavaScriptCore/runtime/NumberConstructor.cpp
+++ b/Source/JavaScriptCore/runtime/NumberConstructor.cpp
@@ -139,7 +139,7 @@ static EncodedJSValue JSC_HOST_CALL numberConstructorFuncIsSafeInteger(ExecState
          isInteger = false;
      else {
          double number = argument.asDouble();
-        isInteger = trunc(number) == number && std::abs(number) <= 9007199254740991.0;
+        isInteger = trunc(number) == number && std::abs(number) <= maxSafeInteger();
      }
      return JSValue::encode(jsBoolean(isInteger));
  }
author	keith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
	Sat, 17 Jun 2017 10:52:34 +0000 (10:52 +0000)
committer	keith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
	Sat, 17 Jun 2017 10:52:34 +0000 (10:52 +0000)
JSTests/ChakraCore/test/Function/apply3.baseline-jsc		patch \| blob \| history
JSTests/ChangeLog		patch \| blob \| history
JSTests/test262.yaml		patch \| blob \| history
LayoutTests/ChangeLog		patch \| blob \| history
LayoutTests/TestExpectations		patch \| blob \| history
Source/JavaScriptCore/ChangeLog		patch \| blob \| history
Source/JavaScriptCore/interpreter/Interpreter.cpp		patch \| blob \| history
Source/JavaScriptCore/runtime/ArrayPrototype.cpp		patch \| blob \| history
Source/JavaScriptCore/runtime/JSArrayInlines.h		patch \| blob \| history
Source/JavaScriptCore/runtime/JSCJSValue.cpp		patch \| blob \| history
Source/JavaScriptCore/runtime/NumberConstructor.cpp		patch \| blob \| history