Move special __proto__ property to Object.prototype
https://bugs.webkit.org/show_bug.cgi?id=78409
Reviewed by Oliver Hunt.
Re-implement this as a regular accessor property. This has three key benefits:
1) It makes it possible for objects to be given properties named __proto__.
2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed.
3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property.
Source/JavaScriptCore:
* parser/Parser.cpp:
(JSC::::parseFunctionInfo):
- No need to prohibit functions named __proto__.
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
- Add __proto__ accessor to Object.prototype.
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncProtoGetter):
(JSC::globalFuncProtoSetter):
- Definition of the __proto__ accessor functions.
* runtime/JSGlobalObjectFunctions.h:
- Declaration of the __proto__ accessor functions.
* runtime/JSObject.cpp:
(JSC::JSObject::put):
- Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__.
(JSC::JSObject::putDirectAccessor):
- Track on the structure whether an object contains accessors other than one for __proto__.
(JSC::JSObject::defineOwnProperty):
- No need to prohibit definition of own properties named __proto__.
* runtime/JSObject.h:
(JSC::JSObject::inlineGetOwnPropertySlot):
- Remove the special handling for __proto__.
(JSC::JSValue::get):
- Remove the special handling for __proto__.
* runtime/JSString.cpp:
(JSC::JSString::getOwnPropertySlot):
- Remove the special handling for __proto__.
* runtime/JSValue.h:
(JSValue):
- Made synthesizePrototype public (this may be needed by the __proto__ getter).
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorGetPrototypeOf):
- Perform the security check & call prototype() directly.
* runtime/Structure.cpp:
(JSC::Structure::Structure):
- Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
* runtime/Structure.h:
(JSC::Structure::hasGetterSetterPropertiesExcludingProto):
(JSC::Structure::setHasGetterSetterProperties):
(Structure):
- Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
Source/WebCore:
* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::allowsAccessFrom):
(WebCore):
- expose allowsAccessFrom check to JSC.
* bindings/js/JSDOMWindowBase.h:
(JSDOMWindowBase):
- expose allowsAccessFrom check to JSC.
LayoutTests:
* fast/js/Object-getOwnPropertyNames-expected.txt:
* fast/js/cyclic-prototypes-expected.txt:
* fast/js/parser-syntax-check-expected.txt:
* fast/js/preventExtensions-expected.txt:
* fast/js/prototypes-expected.txt:
- Update results
* fast/js/script-tests/Object-getOwnPropertyNames.js:
- __proto__ is now a property of Object Prototype.
* fast/js/script-tests/cyclic-prototypes.js:
- setting an object's prototype to null removes __proto__ setter, future usage won't set prototype.
* fast/js/script-tests/parser-syntax-check.js:
- Allow functions named __proto__
* fast/js/script-tests/preventExtensions.js:
- Setting __proto__ should not throw.
* fast/js/script-tests/prototypes.js:
- Objects may contained own properties named __proto__, add new test cases.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108259 268f45cc-cd09-0410-ab3c-d52691b4dbfc
33 files changed
