webkitgtk-2.16.5HEADwebkitgtk-2.16.5master

1 files changed, 63 insertions, 16 deletions

diff --git a/Source/JavaScriptCore/runtime/Operations.cpp b/Source/JavaScriptCore/runtime/Operations.cpp
index f0ffd5668..c41dc302b 100644
--- a/Source/JavaScriptCore/runtime/Operations.cpp
+++ b/Source/JavaScriptCore/runtime/Operations.cpp
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
- * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008, 2016 Apple Inc. All Rights Reserved.
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Library General Public
@@ -23,6 +23,7 @@
 #include "Operations.h"
 
 #include "Error.h"
+#include "JSCInlines.h"
 #include "JSObject.h"
 #include "JSString.h"
 #include <wtf/MathExtras.h>
@@ -42,16 +43,31 @@ bool JSValue::strictEqualSlowCase(ExecState* exec, JSValue v1, JSValue v2)
 NEVER_INLINE JSValue jsAddSlowCase(CallFrame* callFrame, JSValue v1, JSValue v2)
 {
     // exception for the Date exception in defaultValue()
+    VM& vm = callFrame->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
     JSValue p1 = v1.toPrimitive(callFrame);
+    RETURN_IF_EXCEPTION(scope, { });
     JSValue p2 = v2.toPrimitive(callFrame);
+    RETURN_IF_EXCEPTION(scope, { });
 
-    if (p1.isString())
-        return jsString(callFrame, asString(p1), p2.toString(callFrame));
+    if (p1.isString()) {
+        JSString* p2String = p2.toString(callFrame);
+        RETURN_IF_EXCEPTION(scope, { });
+        scope.release();
+        return jsString(callFrame, asString(p1), p2String);
+    }
 
-    if (p2.isString())
-        return jsString(callFrame, p1.toString(callFrame), asString(p2));
+    if (p2.isString()) {
+        JSString* p1String = p1.toString(callFrame);
+        RETURN_IF_EXCEPTION(scope, { });
+        scope.release();
+        return jsString(callFrame, p1String, asString(p2));
+    }
 
-    return jsNumber(p1.toNumber(callFrame) + p2.toNumber(callFrame));
+    double p1Number = p1.toNumber(callFrame);
+    RETURN_IF_EXCEPTION(scope, { });
+    scope.release();
+    return jsNumber(p1Number + p2.toNumber(callFrame));
 }
 
 JSValue jsTypeStringForValue(VM& vm, JSGlobalObject* globalObject, JSValue v)
@@ -64,15 +80,22 @@ JSValue jsTypeStringForValue(VM& vm, JSGlobalObject* globalObject, JSValue v)
         return vm.smallStrings.numberString();
     if (v.isString())
         return vm.smallStrings.stringString();
+    if (v.isSymbol())
+        return vm.smallStrings.symbolString();
     if (v.isObject()) {
+        JSObject* object = asObject(v);
         // Return "undefined" for objects that should be treated
         // as null when doing comparisons.
-        if (asObject(v)->structure()->masqueradesAsUndefined(globalObject))
+        if (object->structure(vm)->masqueradesAsUndefined(globalObject))
             return vm.smallStrings.undefinedString();
-        CallData callData;
-        JSObject* object = asObject(v);
-        if (object->methodTable()->getCallData(object, callData) != CallTypeNone)
+        if (object->type() == JSFunctionType)
             return vm.smallStrings.functionString();
+        if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) {
+            CallData callData;
+            JSObject* object = asObject(v);
+            if (object->methodTable(vm)->getCallData(object, callData) != CallType::None)
+                return vm.smallStrings.functionString();
+        }
     }
     return vm.smallStrings.objectString();
 }
@@ -82,20 +105,21 @@ JSValue jsTypeStringForValue(CallFrame* callFrame, JSValue v)
     return jsTypeStringForValue(callFrame->vm(), callFrame->lexicalGlobalObject(), v);
 }
 
-bool jsIsObjectType(CallFrame* callFrame, JSValue v)
+bool jsIsObjectTypeOrNull(CallFrame* callFrame, JSValue v)
 {
+    VM& vm = callFrame->vm();
     if (!v.isCell())
         return v.isNull();
 
-    JSType type = v.asCell()->structure()->typeInfo().type();
-    if (type == StringType)
+    JSType type = v.asCell()->type();
+    if (type == StringType || type == SymbolType)
         return false;
     if (type >= ObjectType) {
-        if (asObject(v)->structure()->masqueradesAsUndefined(callFrame->lexicalGlobalObject()))
+        if (asObject(v)->structure(vm)->masqueradesAsUndefined(callFrame->lexicalGlobalObject()))
             return false;
         CallData callData;
         JSObject* object = asObject(v);
-        if (object->methodTable()->getCallData(object, callData) != CallTypeNone)
+        if (object->methodTable(vm)->getCallData(object, callData) != CallType::None)
             return false;
     }
     return true;
@@ -106,10 +130,33 @@ bool jsIsFunctionType(JSValue v)
     if (v.isObject()) {
         CallData callData;
         JSObject* object = asObject(v);
-        if (object->methodTable()->getCallData(object, callData) != CallTypeNone)
+        if (object->methodTable()->getCallData(object, callData) != CallType::None)
             return true;
     }
     return false;
 }
 
+size_t normalizePrototypeChain(CallFrame* callFrame, Structure* structure)
+{
+    VM& vm = callFrame->vm();
+    size_t count = 0;
+    while (1) {
+        if (structure->isProxy())
+            return InvalidPrototypeChain;
+        JSValue v = structure->prototypeForLookup(callFrame);
+        if (v.isNull())
+            return count;
+
+        JSCell* base = v.asCell();
+        structure = base->structure(vm);
+        if (structure->isDictionary()) {
+            if (structure->hasBeenFlattenedBefore())
+                return InvalidPrototypeChain;
+            structure->flattenDictionaryStructure(vm, asObject(base));
+        }
+
+        ++count;
+    }
+}
+
 } // namespace JSC