Bug 153660

Summary: Array.prototype native functions should use Symbol.species to construct the result
Product: WebKit Reporter: Keith Miller <keith_miller>
Component: New BugsAssignee: Keith Miller <keith_miller>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, mark.lam, msaboff, saam
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Benchmark results
none
Patch for landing
none
Patch for landing none

Description Keith Miller 2016-01-29 11:29:46 PST 
Array.prototype native functions should use Symbol.species to construct the result
Comment 1 Keith Miller 2016-01-29 11:49:13 PST 
Created attachment 270235 [details]
Patch
Comment 2 WebKit Commit Bot 2016-01-29 12:06:14 PST 
Attachment 270235 [details] did not pass style-queue:


ERROR: Source/JavaScriptCore/runtime/ArrayPrototype.cpp:197:  More than one command on the same line  [whitespace/newline] [4]
ERROR: Source/JavaScriptCore/runtime/ArrayPrototype.cpp:202:  More than one command on the same line  [whitespace/newline] [4]
ERROR: Source/JavaScriptCore/runtime/ArrayPrototype.cpp:206:  More than one command on the same line  [whitespace/newline] [4]
Total errors found: 3 in 8 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 3 Keith Miller 2016-01-29 12:08:15 PST 
Created attachment 270237 [details]
Benchmark results
Comment 4 Saam Barati 2016-01-29 13:59:19 PST 
Comment on attachment 270235 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=270235&action=review

r=me

> Source/JavaScriptCore/runtime/ArrayPrototype.cpp:181
> +    JSValue constructor = jsUndefined();

Might be worth a spec-link here.

> Source/JavaScriptCore/runtime/ArrayPrototype.cpp:193
> +        // FIXME: this should be IsConstructor

it's worth creating a bug for this or using it if we have it.

> Source/JavaScriptCore/runtime/ArrayPrototype.cpp:201
> +            if (exec->hadException() || constructor.isNull())

These should be split out.

> Source/JavaScriptCore/runtime/ArrayPrototype.cpp:621
> +        // We add the newTarget because the compiler gets confused between 0 being a number and a pointer.

you could probably cast your arguments.

> Source/JavaScriptCore/runtime/ArrayPrototype.cpp:1050
> +

style: too many newlines.
Comment 5 Saam Barati 2016-01-29 14:03:00 PST 
Comment on attachment 270235 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=270235&action=review

> Source/JavaScriptCore/tests/stress/array-species-functions.js:58
> +    let called = false;
> +    function species(...args) {
> +        called = true;
> +        return new C(...args);
> +    }

might be worth having a species that throws as a test case.
Comment 6 Keith Miller 2016-01-29 15:12:19 PST 
Created attachment 270262 [details]
Patch for landing
Comment 7 WebKit Commit Bot 2016-01-29 15:13:56 PST 
Attachment 270262 [details] did not pass style-queue:


ERROR: Source/JavaScriptCore/runtime/ArrayPrototype.cpp:197:  More than one command on the same line  [whitespace/newline] [4]
ERROR: Source/JavaScriptCore/runtime/ArrayPrototype.cpp:204:  More than one command on the same line  [whitespace/newline] [4]
ERROR: Source/JavaScriptCore/runtime/ArrayPrototype.cpp:208:  More than one command on the same line  [whitespace/newline] [4]
Total errors found: 3 in 10 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 8 Keith Miller 2016-01-29 15:14:02 PST 
Whoops meant to pretty-diff not land-safely...
Comment 9 Keith Miller 2016-01-29 15:20:09 PST 
Comment on attachment 270235 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=270235&action=review

>> Source/JavaScriptCore/runtime/ArrayPrototype.cpp:181
>> +    JSValue constructor = jsUndefined();
> 
> Might be worth a spec-link here.

Seems reasonable.

>> Source/JavaScriptCore/runtime/ArrayPrototype.cpp:193
>> +        // FIXME: this should be IsConstructor
> 
> it's worth creating a bug for this or using it if we have it.

I don't see a function that does this I'm going to add a basic one with a bug to make it better. The code for it is:

inline bool JSValue::isConstructor() const
{
    if (isFunction()) {
        ConstructData data;
        return getConstructData(*this, data) != ConstructTypeNone;
    }
    return false;
}

>> Source/JavaScriptCore/runtime/ArrayPrototype.cpp:201
>> +            if (exec->hadException() || constructor.isNull())
> 
> These should be split out.

Fixed.

>> Source/JavaScriptCore/runtime/ArrayPrototype.cpp:621
>> +        // We add the newTarget because the compiler gets confused between 0 being a number and a pointer.
> 
> you could probably cast your arguments.

Actually the last to arguments are optional and remove this issue. So, it's now constructEmptyArray(exec, nullptr)

>> Source/JavaScriptCore/runtime/ArrayPrototype.cpp:1050
>> +
> 
> style: too many newlines.

Fixed.

>> Source/JavaScriptCore/tests/stress/array-species-functions.js:58
>> +    }
> 
> might be worth having a species that throws as a test case.

Fixed.
Comment 10 Keith Miller 2016-01-29 15:46:10 PST 
Created attachment 270265 [details]
Patch for landing
Comment 11 WebKit Commit Bot 2016-01-29 18:45:32 PST 
Comment on attachment 270265 [details]
Patch for landing

Clearing flags on attachment: 270265

Committed r195878: <http://trac.webkit.org/changeset/195878>
Comment 12 WebKit Commit Bot 2016-01-29 18:45:36 PST 
All reviewed patches have been landed.  Closing bug.