RESOLVED FIXED 232723
Array.prototype.toLocaleString does not respect deletion of Object.prototype.toLocaleString 
https://bugs.webkit.org/show_bug.cgi?id=232723
Summary Array.prototype.toLocaleString does not respect deletion of Object.prototype....
Richard Gibson
Reported 2021-11-04 13:24:46 PDT
The algorithm at https://tc39.es/ecma402/#sup-array.prototype.tolocalestring requires looking up a "toLocaleString" property on each non-undefined non-null element of the receiver array, invoking it as a method, and (absent an exception) passing the result through ToString. However, JSC appears to have a hidden but always-present default method. The following statement list should throw an exception, but does not: delete Object.prototype.toLocaleString; [{}].toLocaleString(); Also reported to test262 for coverage: https://github.com/tc39/test262/issues/3298
Attachments
Patch (11.17 KB, patch)
2022-01-03 07:34 PST, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (11.32 KB, patch)
2022-01-03 07:36 PST, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (10.98 KB, patch)
2022-01-03 07:39 PST, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (11.74 KB, patch)
2022-01-03 08:39 PST, Yusuke Suzuki 		ashvayka: review+
ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2021-11-05 11:39:57 PDT
Instead of this, we will implement Intl.ListFormat based new implementation.
Radar WebKit Bug Importer
Comment 2 2021-11-11 12:25:46 PST
<rdar://problem/85310560>
Yusuke Suzuki
Comment 3 2022-01-03 07:19:01 PST
*** Bug 232724 has been marked as a duplicate of this bug. ***
Yusuke Suzuki
Comment 4 2022-01-03 07:30:54 PST
Intl.ListFormat-based implementation is deferred. For now, let's implement the current Array.prototype.toLocaleString in ECMA 402.
Yusuke Suzuki
Comment 5 2022-01-03 07:34:16 PST
Created attachment 448233 [details] Patch
Yusuke Suzuki
Comment 6 2022-01-03 07:36:05 PST
Created attachment 448234 [details] Patch
Yusuke Suzuki
Comment 7 2022-01-03 07:39:19 PST
Created attachment 448236 [details] Patch
Yusuke Suzuki
Comment 8 2022-01-03 08:39:43 PST
Created attachment 448243 [details] Patch
Alexey Shvayka
Comment 9 2022-01-03 13:18:32 PST
Comment on attachment 448243 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=448243&action=review Sweet, r=me with nits. > Source/JavaScriptCore/runtime/ArrayPrototype.cpp:696 > + if (UNLIKELY(arguments.hasOverflowed())) { Given the default inline capacity of 8, can this be simplified to `ASSERT(!arguments.hasOverflowed())`? > Source/JavaScriptCore/runtime/ArrayPrototype.cpp:760 > + JSValue element = thisObject->get(globalObject, k); I appreciate following the spec 1:1, but since we are already a bit off with handling of 0th element, maybe we could do `thisObject->getIndex(globalObject, k)` here? Also, getIndex() is currently used in trunk. > Source/JavaScriptCore/runtime/ArrayPrototype.cpp:809 > + JSValue element = thisObject->get(globalObject, k); Since we are changing this line, maybe we could do `thisObject->getIndex(globalObject, k)`?
Yusuke Suzuki
Comment 10 2022-01-03 20:45:38 PST
Comment on attachment 448243 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=448243&action=review >> Source/JavaScriptCore/runtime/ArrayPrototype.cpp:696 >> + if (UNLIKELY(arguments.hasOverflowed())) { > > Given the default inline capacity of 8, can this be simplified to `ASSERT(!arguments.hasOverflowed())`? Sounds good! >> Source/JavaScriptCore/runtime/ArrayPrototype.cpp:760 >> + JSValue element = thisObject->get(globalObject, k); > > I appreciate following the spec 1:1, but since we are already a bit off with handling of 0th element, maybe we could do `thisObject->getIndex(globalObject, k)` here? > Also, getIndex() is currently used in trunk. Nice, fixed. >> Source/JavaScriptCore/runtime/ArrayPrototype.cpp:809 >> + JSValue element = thisObject->get(globalObject, k); > > Since we are changing this line, maybe we could do `thisObject->getIndex(globalObject, k)`? Nice, fixed.
Yusuke Suzuki
Comment 11 2022-01-03 21:12:25 PST
Committed r287560 (245695@trunk): <https://commits.webkit.org/245695@trunk>
Yusuke Suzuki
Comment 12 2022-01-03 21:58:38 PST
Committed r287561 (245696@trunk): <https://commits.webkit.org/245696@trunk>
Note You need to log in before you can comment on or make changes to this bug.