Bug 232723

Summary: Array.prototype.toLocaleString does not respect deletion of Object.prototype.toLocaleString
Product: WebKit Reporter: Richard Gibson <richard.gibson>
Component: JavaScriptCoreAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: ashvayka, ews-watchlist, fpizlo, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch ashvayka: review+, ews-feeder: commit-queue-

Description Richard Gibson 2021-11-04 13:24:46 PDT 
The algorithm at https://tc39.es/ecma402/#sup-array.prototype.tolocalestring requires looking up a "toLocaleString" property on each non-undefined non-null element of the receiver array, invoking it as a method, and (absent an exception) passing the result through ToString. However, JSC appears to have a hidden but always-present default method.

The following statement list should throw an exception, but does not:
  delete Object.prototype.toLocaleString;
  [{}].toLocaleString();

Also reported to test262 for coverage: https://github.com/tc39/test262/issues/3298
Comment 1 Yusuke Suzuki 2021-11-05 11:39:57 PDT 
Instead of this, we will implement Intl.ListFormat based new implementation.
Comment 2 Radar WebKit Bug Importer 2021-11-11 12:25:46 PST 
<rdar://problem/85310560>
Comment 3 Yusuke Suzuki 2022-01-03 07:19:01 PST 
*** Bug 232724 has been marked as a duplicate of this bug. ***
Comment 4 Yusuke Suzuki 2022-01-03 07:30:54 PST 
Intl.ListFormat-based implementation is deferred. For now, let's implement the current Array.prototype.toLocaleString in ECMA 402.
Comment 5 Yusuke Suzuki 2022-01-03 07:34:16 PST 
Created attachment 448233 [details]
Patch
Comment 6 Yusuke Suzuki 2022-01-03 07:36:05 PST 
Created attachment 448234 [details]
Patch
Comment 7 Yusuke Suzuki 2022-01-03 07:39:19 PST 
Created attachment 448236 [details]
Patch
Comment 8 Yusuke Suzuki 2022-01-03 08:39:43 PST 
Created attachment 448243 [details]
Patch
Comment 9 Alexey Shvayka 2022-01-03 13:18:32 PST 
Comment on attachment 448243 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=448243&action=review

Sweet, r=me with nits.

> Source/JavaScriptCore/runtime/ArrayPrototype.cpp:696
> +    if (UNLIKELY(arguments.hasOverflowed())) {

Given the default inline capacity of 8, can this be simplified to `ASSERT(!arguments.hasOverflowed())`?

> Source/JavaScriptCore/runtime/ArrayPrototype.cpp:760
> +        JSValue element = thisObject->get(globalObject, k);

I appreciate following the spec 1:1, but since we are already a bit off with handling of 0th element, maybe we could do `thisObject->getIndex(globalObject, k)` here?
Also, getIndex() is currently used in trunk.

> Source/JavaScriptCore/runtime/ArrayPrototype.cpp:809
> +        JSValue element = thisObject->get(globalObject, k);

Since we are changing this line, maybe we could do `thisObject->getIndex(globalObject, k)`?
Comment 10 Yusuke Suzuki 2022-01-03 20:45:38 PST 
Comment on attachment 448243 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=448243&action=review

>> Source/JavaScriptCore/runtime/ArrayPrototype.cpp:696
>> +    if (UNLIKELY(arguments.hasOverflowed())) {
> 
> Given the default inline capacity of 8, can this be simplified to `ASSERT(!arguments.hasOverflowed())`?

Sounds good!

>> Source/JavaScriptCore/runtime/ArrayPrototype.cpp:760
>> +        JSValue element = thisObject->get(globalObject, k);
> 
> I appreciate following the spec 1:1, but since we are already a bit off with handling of 0th element, maybe we could do `thisObject->getIndex(globalObject, k)` here?
> Also, getIndex() is currently used in trunk.

Nice, fixed.

>> Source/JavaScriptCore/runtime/ArrayPrototype.cpp:809
>> +        JSValue element = thisObject->get(globalObject, k);
> 
> Since we are changing this line, maybe we could do `thisObject->getIndex(globalObject, k)`?

Nice, fixed.
Comment 11 Yusuke Suzuki 2022-01-03 21:12:25 PST 
Committed r287560 (245695@trunk): <https://commits.webkit.org/245695@trunk>
Comment 12 Yusuke Suzuki 2022-01-03 21:58:38 PST 
Committed r287561 (245696@trunk): <https://commits.webkit.org/245696@trunk>