Do not allow invocation of ArrayBuffer and array buffer views' constructors as functions.

ES6 bug 695 (https://bugs.ecmascript.org/show_bug.cgi?id=695). This never worked in WebKit, so no compatibility issues. R=rossberg@chromium.org Review URL: https://codereview.chromium.org/17904007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15346 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Do not allow invocation of ArrayBuffer and array buffer views' constructors as functions.
ES6 bug 695 (https://bugs.ecmascript.org/show_bug.cgi?id=695). This never worked in WebKit, so no compatibility issues. R=rossberg@chromium.org Review URL: https://codereview.chromium.org/17904007 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15346 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
ef189ecd · dslomov@chromium.org · 90d0b6cd · ef189ecd · ef189ecd · ef189ecd
Commit ef189ecd authored Jun 27, 2013 by dslomov@chromium.org
7 changed files
--- a/src/arraybuffer.js
+++ b/src/arraybuffer.js
@@ -36,7 +36,7 @@ function ArrayBufferConstructor(length) { // length = 1
    var byteLength = ToPositiveInteger(length, 'invalid_array_buffer_length');
    %ArrayBufferInitialize(this, byteLength);
  } else {
-    return new $ArrayBuffer(length);
+    throw MakeTypeError('constructor_not_function', ["ArrayBuffer"]);
  }
 }

--- a/src/messages.js
+++ b/src/messages.js
@@ -109,6 +109,7 @@ var kMessages = {
  not_typed_array:               ["this is not a typed array."],
  invalid_argument:              ["invalid_argument"],
  data_view_not_array_buffer:    ["First argument to DataView constructor must be an ArrayBuffer"],
+  constructor_not_function:      ["Constructor ", "%0", " requires 'new'"],
  // RangeError
  invalid_array_length:          ["Invalid array length"],
  invalid_array_buffer_length:   ["Invalid array buffer length"],

--- a/src/typedarray.js
+++ b/src/typedarray.js
@@ -97,7 +97,7 @@ function CreateTypedArrayConstructor(name, elementSize, arrayId, constructor) {
        throw MakeTypeError("parameterless_typed_array_constr", [name]);
      }
    } else {
-      return new constructor(arg1, arg2, arg3);
+      throw MakeTypeError("constructor_not_function", [name])
    }
  }
 }
@@ -223,7 +223,7 @@ function DataViewConstructor(buffer, byteOffset, byteLength) { // length = 3
    }
    %DataViewInitialize(this, buffer, offset, length);
  } else {
-    return new $DataView(buffer, byteOffset, byteLength)
+    throw MakeTypeError('constructor_not_function', ["DataView"]);
  }
 }

--- a/test/mjsunit/external-array-no-sse2.js
+++ b/test/mjsunit/external-array-no-sse2.js
@@ -520,30 +520,15 @@ assertSame(a.buffer, aa.buffer);
 assertThrows(function(){ a.subarray.call({}, 0) });
 assertThrows(function(){ a.subarray.call([], 0) });
-// Call constructors directly as functions, and through .call and .apply
+// Try to call constructors directly as functions, and through .call
+// and .apply. Should fail.
-b = ArrayBuffer(100)
-a = Int8Array(b, 5, 77)
-assertInstance(b, ArrayBuffer)
-assertInstance(a, Int8Array)
-assertSame(b, a.buffer)
-assertEquals(5, a.byteOffset)
-assertEquals(77, a.byteLength)
-b = ArrayBuffer.call(null, 10)
-a = Uint16Array.call(null, b, 2, 4)
-assertInstance(b, ArrayBuffer)
-assertInstance(a, Uint16Array)
-assertSame(b, a.buffer)
-assertEquals(2, a.byteOffset)
-assertEquals(8, a.byteLength)
-b = ArrayBuffer.apply(null, [1000])
-a = Float32Array.apply(null, [b, 128, 1])
-assertInstance(b, ArrayBuffer)
-assertInstance(a, Float32Array)
-assertSame(b, a.buffer)
-assertEquals(128, a.byteOffset)
-assertEquals(4, a.byteLength)
+assertThrows(function() { ArrayBuffer(100); }, TypeError);
+assertThrows(function() { Int8Array(b, 5, 77); }, TypeError);
+assertThrows(function() { ArrayBuffer.call(null, 10); }, TypeError);
+assertThrows(function() { Uint16Array.call(null, b, 2, 4); }, TypeError);
+assertThrows(function() { ArrayBuffer.apply(null, [1000]); }, TypeError);
+assertThrows(function() { Float32Array.apply(null, [b, 128, 1]); }, TypeError);
 // Test array.set in different combinations.
@@ -632,15 +617,15 @@ var b0 = a0.buffer
 var b1 = b0.slice(0)
 assertEquals(b0.byteLength, b1.byteLength)
-assertArrayPrefix([1, 2, 3, 4, 5, 6], Int8Array(b1))
+assertArrayPrefix([1, 2, 3, 4, 5, 6], new Int8Array(b1))
 var b2 = b0.slice(3)
 assertEquals(b0.byteLength - 3, b2.byteLength)
-assertArrayPrefix([4, 5, 6], Int8Array(b2))
+assertArrayPrefix([4, 5, 6], new Int8Array(b2))
 var b3 = b0.slice(2, 4)
 assertEquals(2, b3.byteLength)
-assertArrayPrefix([3, 4], Int8Array(b3))
+assertArrayPrefix([3, 4], new Int8Array(b3))
 function goo(a, i) {
  return a[i];

--- a/test/mjsunit/external-array.js
+++ b/test/mjsunit/external-array.js
@@ -519,30 +519,15 @@ assertSame(a.buffer, aa.buffer);
 assertThrows(function(){ a.subarray.call({}, 0) });
 assertThrows(function(){ a.subarray.call([], 0) });
-// Call constructors directly as functions, and through .call and .apply
+// Try to call constructors directly as functions, and through .call
+// and .apply. Should fail.
-b = ArrayBuffer(100)
-a = Int8Array(b, 5, 77)
-assertInstance(b, ArrayBuffer)
-assertInstance(a, Int8Array)
-assertSame(b, a.buffer)
-assertEquals(5, a.byteOffset)
-assertEquals(77, a.byteLength)
-b = ArrayBuffer.call(null, 10)
-a = Uint16Array.call(null, b, 2, 4)
-assertInstance(b, ArrayBuffer)
-assertInstance(a, Uint16Array)
-assertSame(b, a.buffer)
-assertEquals(2, a.byteOffset)
-assertEquals(8, a.byteLength)
-b = ArrayBuffer.apply(null, [1000])
-a = Float32Array.apply(null, [b, 128, 1])
-assertInstance(b, ArrayBuffer)
-assertInstance(a, Float32Array)
-assertSame(b, a.buffer)
-assertEquals(128, a.byteOffset)
-assertEquals(4, a.byteLength)
+assertThrows(function() { ArrayBuffer(100); }, TypeError);
+assertThrows(function() { Int8Array(b, 5, 77); }, TypeError);
+assertThrows(function() { ArrayBuffer.call(null, 10); }, TypeError);
+assertThrows(function() { Uint16Array.call(null, b, 2, 4); }, TypeError);
+assertThrows(function() { ArrayBuffer.apply(null, [1000]); }, TypeError);
+assertThrows(function() { Float32Array.apply(null, [b, 128, 1]); }, TypeError);
 // Test array.set in different combinations.
@@ -631,15 +616,15 @@ var b0 = a0.buffer
 var b1 = b0.slice(0)
 assertEquals(b0.byteLength, b1.byteLength)
-assertArrayPrefix([1, 2, 3, 4, 5, 6], Int8Array(b1))
+assertArrayPrefix([1, 2, 3, 4, 5, 6], new Int8Array(b1))
 var b2 = b0.slice(3)
 assertEquals(b0.byteLength - 3, b2.byteLength)
-assertArrayPrefix([4, 5, 6], Int8Array(b2))
+assertArrayPrefix([4, 5, 6], new Int8Array(b2))
 var b3 = b0.slice(2, 4)
 assertEquals(2, b3.byteLength)
-assertArrayPrefix([3, 4], Int8Array(b3))
+assertArrayPrefix([3, 4], new Int8Array(b3))
 function goo(a, i) {
  return a[i];

--- a/test/mjsunit/harmony/typedarrays.js
+++ b/test/mjsunit/harmony/typedarrays.js
@@ -563,5 +563,5 @@ TestArbitrary(new DataView(new ArrayBuffer(256)));
 // Test direct constructor call
-assertTrue(ArrayBuffer() instanceof ArrayBuffer);
+assertThrows(function() { ArrayBuffer(); }, TypeError);
-assertTrue(DataView(new ArrayBuffer()) instanceof DataView);
+assertThrows(function() { DataView(new ArrayBuffer()); }, TypeError);
--- a/test/mjsunit/regress/regress-1383.js
+++ b/test/mjsunit/regress/regress-1383.js
@@ -33,7 +33,7 @@ x="";
 function foo(){
  "use strict";
  var wxemsx=(4);
-  var wxemsx_0=Float32Array(wxemsx);
+  var wxemsx_0=new Float32Array(wxemsx);
  wxemsx_0[0]={};
 }