Bug 1142279 - DataView should require 'new'. - r=efaust
authorJeff Gilbert <jgilbert@mozilla.com>
Wed, 06 May 2015 15:55:05 -0700
changeset 274057 ded1da5b0d7ab8f4a39b18022f67e7db24316d13
parent 274056 cb1b4b057dad90200759e2c00a8e0f37b95ae8f4
child 274058 27de813b3f799bc519d14ac028fc0106e1bb5a31
push id863
push userraliiev@mozilla.com
push dateMon, 03 Aug 2015 13:22:43 +0000
treeherdermozilla-release@f6321b14228d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersefaust
bugs1142279
milestone40.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1142279 - DataView should require 'new'. - r=efaust
js/src/js.msg
js/src/tests/js1_8_5/extensions/dataview.js
js/src/vm/NativeObject-inl.h
js/src/vm/TypedArrayObject.cpp
js/src/vm/Xdr.h
--- a/js/src/js.msg
+++ b/js/src/js.msg
@@ -70,16 +70,17 @@ MSG_DEF(JSMSG_NESTING_GENERATOR,       0
 MSG_DEF(JSMSG_INCOMPATIBLE_METHOD,     3, JSEXN_TYPEERR, "{0} {1} called on incompatible {2}")
 MSG_DEF(JSMSG_OBJECT_WATCH_DEPRECATED, 0, JSEXN_NONE, "Object.prototype.watch and unwatch are very slow, non-standard, and deprecated; use a getter/setter instead")
 MSG_DEF(JSMSG_TYPE_ERR_BAD_ARGS,       0, JSEXN_TYPEERR, "invalid arguments")
 MSG_DEF(JSMSG_BAD_SURROGATE_CHAR,      1, JSEXN_TYPEERR, "bad surrogate character {0}")
 MSG_DEF(JSMSG_UTF8_CHAR_TOO_LARGE,     1, JSEXN_TYPEERR, "UTF-8 character {0} too large")
 MSG_DEF(JSMSG_MALFORMED_UTF8_CHAR,     1, JSEXN_TYPEERR, "malformed UTF-8 character sequence at offset {0}")
 MSG_DEF(JSMSG_WRONG_CONSTRUCTOR,       1, JSEXN_TYPEERR, "wrong constructor called for {0}")
 MSG_DEF(JSMSG_BUILTIN_CTOR_NO_NEW,     1, JSEXN_NONE, "calling a builtin {0} constructor without new is deprecated and will be forbidden in ES6")
+MSG_DEF(JSMSG_BUILTIN_CTOR_NO_NEW_FATAL, 1, JSEXN_TYPEERR, "calling a builtin {0} constructor without new is forbidden")
 MSG_DEF(JSMSG_PROTO_SETTING_SLOW,      0, JSEXN_NONE, "mutating the [[Prototype]] of an object will cause your code to run very slowly; instead create the object with the correct initial [[Prototype]] value using Object.create")
 MSG_DEF(JSMSG_BAD_GENERATOR_YIELD,     1, JSEXN_TYPEERR, "yield from closing generator {0}")
 MSG_DEF(JSMSG_EMPTY_ARRAY_REDUCE,      0, JSEXN_TYPEERR, "reduce of empty array with no initial value")
 MSG_DEF(JSMSG_UNEXPECTED_TYPE,         2, JSEXN_TYPEERR, "{0} is {1}")
 MSG_DEF(JSMSG_MISSING_FUN_ARG,         2, JSEXN_TYPEERR, "missing argument {0} when calling function {1}")
 MSG_DEF(JSMSG_NOT_NONNULL_OBJECT,      1, JSEXN_TYPEERR, "{0} is not a non-null object")
 MSG_DEF(JSMSG_SET_NON_OBJECT_RECEIVER, 1, JSEXN_TYPEERR, "can't assign to properties of {0}: not an object")
 MSG_DEF(JSMSG_INVALID_DESCRIPTOR,      0, JSEXN_TYPEERR, "property descriptors must not specify a value or be writable when a getter or setter has been specified")
--- a/js/src/tests/js1_8_5/extensions/dataview.js
+++ b/js/src/tests/js1_8_5/extensions/dataview.js
@@ -1642,22 +1642,20 @@ function test() {
     checkThrow(() => new DataView(buffer), TypeError);
 
     // view of proxy for buffer
     av = new DataView(alien_buffer);
     assertEq(av.getUint8(4), 100);
     assertEq(Object.getPrototypeOf(av), DataView.prototype);
 
     // Bug 760904: call another compartment's constructor with an ArrayBuffer
-    // from this compartment, both as a constructor and as a regular call. (The
-    // latter is what was broken in that bug.)
+    // from this compartment.
     var alien_constructor = alien.DataView;
     var local_buffer = (new Int8Array(3)).buffer;
-    var foreign_exchange_student_1 = alien_constructor(local_buffer);
-    var foreign_exchange_student_2 = new alien_constructor(local_buffer);
+    var foreign_exchange_student = new alien_constructor(local_buffer);
 
     // gc bug 787775
     var ab = new ArrayBuffer(4);
     var dv = new DataView(ab);
     dv = 1;
     gc();
 
     reportCompare(0, 0, 'done.');
--- a/js/src/vm/NativeObject-inl.h
+++ b/js/src/vm/NativeObject-inl.h
@@ -607,11 +607,20 @@ inline bool
 WarnIfNotConstructing(JSContext* cx, const CallArgs& args, const char* builtinName)
 {
     if (args.isConstructing())
         return true;
     return JS_ReportErrorFlagsAndNumber(cx, JSREPORT_WARNING, GetErrorMessage, nullptr,
                                         JSMSG_BUILTIN_CTOR_NO_NEW, builtinName);
 }
 
+inline bool
+ThrowIfNotConstructing(JSContext *cx, const CallArgs &args, const char *builtinName)
+{
+    if (args.isConstructing())
+        return true;
+    return JS_ReportErrorFlagsAndNumber(cx, JSREPORT_ERROR, GetErrorMessage, nullptr,
+                                        JSMSG_BUILTIN_CTOR_NO_NEW_FATAL, builtinName);
+}
+
 } // namespace js
 
 #endif /* vm_NativeObject_inl_h */
--- a/js/src/vm/TypedArrayObject.cpp
+++ b/js/src/vm/TypedArrayObject.cpp
@@ -1089,16 +1089,19 @@ DataViewObject::construct(JSContext* cx,
     return true;
 }
 
 bool
 DataViewObject::class_constructor(JSContext* cx, unsigned argc, Value* vp)
 {
     CallArgs args = CallArgsFromVp(argc, vp);
 
+    if (!ThrowIfNotConstructing(cx, args, "DataView"))
+        return false;
+
     RootedObject bufobj(cx);
     if (!GetFirstArgumentAsObject(cx, args, "DataView constructor", &bufobj))
         return false;
 
     if (bufobj->is<WrapperObject>() && IsArrayBuffer(UncheckedUnwrap(bufobj))) {
         Rooted<GlobalObject*> global(cx, cx->compartment()->maybeGlobal());
         Rooted<JSObject*> proto(cx, global->getOrCreateDataViewPrototype(cx));
         if (!proto)
--- a/js/src/vm/Xdr.h
+++ b/js/src/vm/Xdr.h
@@ -24,21 +24,21 @@ namespace js {
  * versions.  If deserialization fails, the data should be invalidated if
  * possible.
  *
  * When you change this, run make_opcode_doc.py and copy the new output into
  * this wiki page:
  *
  *  https://developer.mozilla.org/en-US/docs/SpiderMonkey/Internals/Bytecode
  */
-static const uint32_t XDR_BYTECODE_VERSION_SUBTRAHEND = 282;
+static const uint32_t XDR_BYTECODE_VERSION_SUBTRAHEND = 283;
 static const uint32_t XDR_BYTECODE_VERSION =
     uint32_t(0xb973c0de - XDR_BYTECODE_VERSION_SUBTRAHEND);
 
-static_assert(JSErr_Limit == 393,
+static_assert(JSErr_Limit == 394,
               "GREETINGS, POTENTIAL SUBTRAHEND INCREMENTER! If you added or "
               "removed MSG_DEFs from js.msg, you should increment "
               "XDR_BYTECODE_VERSION_SUBTRAHEND and update this assertion's "
               "expected JSErr_Limit value.");
 
 class XDRBuffer {
   public:
     explicit XDRBuffer(JSContext* cx)