https://bugs.webkit.org/show_bug.cgi?id=227662
Reviewed by Sam Weinig.
Source/JavaScriptCore:
Extracts createDataProperty() method to keep WebIDL code generator as simple as possible,
and also to emphasize a subtle difference between
{ [[Value]]: X } and
{ [[Value]]: X, [[Writable]]: true, [[Enumerable]]: true, [[Configurable]]: true }.
* runtime/JSONObject.cpp:
(JSC::Walker::walk):
* runtime/JSObject.cpp:
(JSC::definePropertyOnReceiverSlow):
* runtime/JSObject.h:
* runtime/JSObjectInlines.h:
(JSC::JSObject::createDataProperty):
* runtime/Lookup.h:
(JSC::replaceStaticPropertySlot): Deleted.
Source/WebCore:
The previous implementation relied on an invariant that structure property is absent
when [Replaceable] setter is called, which is no longer guaranteed after the introduction
of Object.defineProperty.
This patch replaces putDirect() with defineOwnProperty(), fixing the compliance with
invariants of internal methods [1]: an accessor property once observed as non-configurable
can't be reconfigured to have [[Value]]. Both Chrome and Firefox properly validate descriptors.
Although [[DefineOwnProperty]] failure is silently ignored by Chrome and the spec [2], WebKit now
throws a TypeError, which is a desired behavior for built-ins and was proven to be web-compatible
by Firefox. With WebKit being the second implementation that throws, the spec can be tightened.
After r264574, attributeChangeTransition() is called during defineOwnProperty(), ensuring inline
caching is correct. Also, this change adjusts `window.opener` setter [3].
[1] https://tc39.es/ecma262/#sec-invariants-of-the-essential-internal-methods
[2] https://heycam.github.io/webidl/#dfn-attribute-setter (step 4.5.5)
[3] https://html.spec.whatwg.org/multipage/browsers.html#dom-opener
Tests: fast/dom/replaceable-setter-throws-if-defineownproperty-fails.html
fast/dom/window-opener-setter-throws-if-defineownproperty-fails-1.html
fast/dom/window-opener-setter-throws-if-defineownproperty-fails-2.html
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::setOpener):
(WebCore::JSDOMWindow::setOpenDatabase):
* bindings/scripts/CodeGeneratorJS.pm:
(AttributeSetterNeedsPropertyName):
(GenerateAttributeSetterBodyDefinition):
(GenerateAttributeSetterTrampolineDefinition):
* bindings/scripts/test/JS/JSTestObj.cpp:
LayoutTests:
* fast/dom/replaceable-setter-throws-if-defineownproperty-fails-expected.txt: Added.
* fast/dom/replaceable-setter-throws-if-defineownproperty-fails.html: Added.
* fast/dom/window-opener-setter-throws-if-defineownproperty-fails-1-expected.txt: Added.
* fast/dom/window-opener-setter-throws-if-defineownproperty-fails-1.html: Added.
* fast/dom/window-opener-setter-throws-if-defineownproperty-fails-2-expected.txt: Added.
* fast/dom/window-opener-setter-throws-if-defineownproperty-fails-2.html: Added.
Canonical link: https://commits.webkit.org/239938@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@280280 268f45cc-cd09-0410-ab3c-d52691b4dbfc
