fix issues with proxy in TypedArray.from and String.replace

Author: MikeHolman

lib/Runtime/Library/JavascriptRegularExpression.cpp

@@ -777,9 +777,9 @@ using namespace Js;
 
         Var replaceValue = (args.Info.Count > 2) ? args[2] : scriptContext->GetLibrary()->GetUndefined();
 
-        if (VarIs<JavascriptFunction>(replaceValue))
+        if (JavascriptConversion::IsCallable(replaceValue))
         {
-            JavascriptFunction* replaceFunction = VarTo<JavascriptFunction>(replaceValue);
+            RecyclableObject* replaceFunction = VarTo<RecyclableObject>(replaceValue);
             return RegexHelper::RegexReplaceFunction(scriptContext, thisObj, string, replaceFunction);
         }
         else

lib/Runtime/Library/JavascriptString.cpp

@@ -1614,7 +1614,7 @@ namespace Js
         JavascriptString * pMatch = nullptr;
 
         JavascriptString * pReplace = nullptr;
-        JavascriptFunction* replacefn = nullptr;
+        RecyclableObject* replacefn = nullptr;
 
         SearchValueHelper(scriptContext, ((args.Info.Count > 1)?args[1]:scriptContext->GetLibrary()->GetNull()), &pRegEx, &pMatch);
         ReplaceValueHelper(scriptContext, ((args.Info.Count > 2) ? args[2] : scriptContext->GetLibrary()->GetUndefined()), &replacefn, &pReplace);
@@ -1667,14 +1667,14 @@ namespace Js
         }
     }
 
-    void JavascriptString::ReplaceValueHelper(ScriptContext* scriptContext, Var aValue, JavascriptFunction ** ppReplaceFn, JavascriptString ** ppReplaceString)
+    void JavascriptString::ReplaceValueHelper(ScriptContext* scriptContext, Var aValue, RecyclableObject ** ppReplaceFn, JavascriptString ** ppReplaceString)
     {
         *ppReplaceFn = nullptr;
         *ppReplaceString = nullptr;
 
-        if (VarIs<JavascriptFunction>(aValue))
+        if (JavascriptConversion::IsCallable(aValue))
         {
-            *ppReplaceFn = VarTo<JavascriptFunction>(aValue);
+            *ppReplaceFn = VarTo<RecyclableObject>(aValue);
         }
         else if (VarIs<JavascriptString>(aValue))
         {

lib/Runtime/Library/JavascriptString.h

@@ -334,7 +334,7 @@ namespace Js
         static Var StringBracketHelper(Arguments args, ScriptContext *scriptContext, const char16 (&tag)[N1], const char16 (&prop)[N2]);
 
         static void SearchValueHelper(ScriptContext* scriptContext, Var aValue, JavascriptRegExp ** ppSearchRegEx, JavascriptString ** ppSearchString);
-        static void ReplaceValueHelper(ScriptContext* scriptContext, Var aValue, JavascriptFunction ** ppReplaceFn, JavascriptString ** ppReplaceString);
+        static void ReplaceValueHelper(ScriptContext* scriptContext, Var aValue, RecyclableObject** ppReplaceFn, JavascriptString ** ppReplaceString);
 
         template<bool toUpper>
         static JavascriptString* ToLocaleCaseHelper(JavascriptString* thisObj);

lib/Runtime/Library/RegexHelper.cpp

@@ -954,7 +954,7 @@ namespace Js
         return RegexEs6ReplaceImpl(scriptContext, thisObj, input, appendReplacement, noResult);
     }
 
-    Var RegexHelper::RegexEs6ReplaceImpl(ScriptContext* scriptContext, RecyclableObject* thisObj, JavascriptString* input, JavascriptFunction* replaceFn)
+    Var RegexHelper::RegexEs6ReplaceImpl(ScriptContext* scriptContext, RecyclableObject* thisObj, JavascriptString* input, RecyclableObject* replaceFn)
     {
         auto appendReplacement = [&](
             CompoundString::Builder<64 * sizeof(void *) / sizeof(char16)>& resultBuilder,
@@ -978,6 +978,9 @@ namespace Js
             ushort argCount = (ushort) numberOfCaptures + 4;
 
             PROBE_STACK_NO_DISPOSE(scriptContext, argCount * sizeof(Var));
+
+            ThreadContext* threadContext = scriptContext->GetThreadContext();
+
             Var* args = (Var*) _alloca(argCount * sizeof(Var));
 
             args[0] = scriptContext->GetLibrary()->GetUndefined();
@@ -989,10 +992,9 @@ namespace Js
             }
             args[numberOfCaptures + 2] = JavascriptNumber::ToVar(position, scriptContext);
             args[numberOfCaptures + 3] = input;
-
-            Js::Var replaceFnResult = scriptContext->GetThreadContext()->ExecuteImplicitCall(replaceFn, Js::ImplicitCall_Accessor, [=]()->Js::Var
+            Js::Var replaceFnResult = threadContext->ExecuteImplicitCall(replaceFn, Js::ImplicitCall_Accessor, [=]()->Js::Var
             {
-                return replaceFn->CallFunction(Arguments(CallInfo(argCount), args));
+                return JavascriptFunction::CallFunction<true>(replaceFn, replaceFn->GetEntryPoint(), Arguments(CallInfo(argCount), args));
             });
             JavascriptString* replace = JavascriptConversion::ToString(replaceFnResult, scriptContext);
 
@@ -1246,7 +1248,7 @@ namespace Js
         return newString;
     }
 
-    Var RegexHelper::RegexReplaceImpl(ScriptContext* scriptContext, RecyclableObject* thisObj, JavascriptString* input, JavascriptFunction* replacefn)
+    Var RegexHelper::RegexReplaceImpl(ScriptContext* scriptContext, RecyclableObject* thisObj, JavascriptString* input, RecyclableObject* replacefn)
     {
         ScriptConfiguration const * scriptConfig = scriptContext->GetConfig();
 
@@ -1265,7 +1267,7 @@ namespace Js
     }
 
     // String.prototype.replace, replace value is a function (ES5 15.5.4.11)
-    Var RegexHelper::RegexEs5ReplaceImpl(ScriptContext* scriptContext, JavascriptRegExp* regularExpression, JavascriptString* input, JavascriptFunction* replacefn)
+    Var RegexHelper::RegexEs5ReplaceImpl(ScriptContext* scriptContext, JavascriptRegExp* regularExpression, JavascriptString* input, RecyclableObject* replacefn)
     {
         UnifiedRegex::RegexPattern* pattern = regularExpression->GetPattern();
         JavascriptString* newString = nullptr;
@@ -1348,7 +1350,7 @@ namespace Js
             ThreadContext* threadContext = scriptContext->GetThreadContext();
             Var replaceVar = threadContext->ExecuteImplicitCall(replacefn, ImplicitCall_Accessor, [=]()->Js::Var
             {
-                return replacefn->CallFunction(Arguments(CallInfo(UInt16Math::Add(numGroups, 3)), replaceArgs));
+                    return JavascriptFunction::CallFunction<true>(replacefn, replacefn->GetEntryPoint(), Arguments(CallInfo(UInt16Math::Add(numGroups, 3)), replaceArgs));
             });
             JavascriptString* replace = JavascriptConversion::ToString(replaceVar, scriptContext);
             concatenated.Append(input, offset, lastActualMatch.offset - offset);
@@ -1481,7 +1483,7 @@ namespace Js
         return concatenated.ToString();
     }
 
-    Var RegexHelper::StringReplace(ScriptContext* scriptContext, JavascriptString* match, JavascriptString* input, JavascriptFunction* replacefn)
+    Var RegexHelper::StringReplace(ScriptContext* scriptContext, JavascriptString* match, JavascriptString* input, RecyclableObject* replacefn)
     {
         CharCount indexMatched = JavascriptString::strstr(input, match, true);
         Assert(match->GetScriptContext() == scriptContext);
@@ -2318,7 +2320,7 @@ namespace Js
         return RegexHelper::CheckCrossContextAndMarshalResult(result, entryFunctionContext);
     }
 
-    Var RegexHelper::RegexReplaceFunction(ScriptContext* entryFunctionContext, RecyclableObject* thisObj, JavascriptString* input, JavascriptFunction* replacefn)
+    Var RegexHelper::RegexReplaceFunction(ScriptContext* entryFunctionContext, RecyclableObject* thisObj, JavascriptString* input, RecyclableObject* replacefn)
     {
         Var result = RegexHelper::RegexReplaceImpl(entryFunctionContext, thisObj, input, replacefn);
         return RegexHelper::CheckCrossContextAndMarshalResult(result, entryFunctionContext);

lib/Runtime/Library/RegexHelper.h

@@ -105,9 +105,9 @@ namespace Js
         static Var RegexReplaceResultUsed(ScriptContext* entryFunctionContext, JavascriptRegExp* regularExpression, JavascriptString* input, JavascriptString* replace);
         static Var RegexReplaceResultNotUsed(ScriptContext* entryFunctionContext, JavascriptRegExp* regularExpression, JavascriptString* input, JavascriptString* replace);
         static Var RegexReplace(ScriptContext* scriptContext, RecyclableObject* thisObj, JavascriptString* input, JavascriptString* replace, bool noResult);
-        static Var RegexReplaceFunction(ScriptContext* scriptContext, RecyclableObject* thisObj, JavascriptString* input, JavascriptFunction* replacefn);
+        static Var RegexReplaceFunction(ScriptContext* scriptContext, RecyclableObject* thisObj, JavascriptString* input, RecyclableObject* replacefn);
         static Var StringReplace(JavascriptString* regularExpression, JavascriptString* input, JavascriptString* replace);
-        static Var StringReplace(ScriptContext* scriptContext, JavascriptString* regularExpression, JavascriptString* input, JavascriptFunction* replacefn);
+        static Var StringReplace(ScriptContext* scriptContext, JavascriptString* regularExpression, JavascriptString* input, RecyclableObject* replacefn);
         static Var RegexSplitResultUsed(ScriptContext* scriptContext, JavascriptRegExp* regularExpression, JavascriptString* input, CharCount limit);
         static Var RegexSplitResultUsedAndMayBeTemp(void *const stackAllocationPointer, ScriptContext* scriptContext, JavascriptRegExp* regularExpression, JavascriptString* input, CharCount limit);
         static Var RegexSplitResultNotUsed(ScriptContext* scriptContext, JavascriptRegExp* regularExpression, JavascriptString* input, CharCount limit);
@@ -129,12 +129,12 @@ namespace Js
         static Var RegexReplaceImpl(ScriptContext* scriptContext, RecyclableObject* thisObj, JavascriptString* input, JavascriptString* replace, bool noResult);
         static bool IsRegexSymbolReplaceObservable(RecyclableObject* instance, ScriptContext* scriptContext);
         static Var RegexEs6ReplaceImpl(ScriptContext* scriptContext, RecyclableObject* thisObj, JavascriptString* input, JavascriptString* replace, bool noResult);
-        static Var RegexEs6ReplaceImpl(ScriptContext* scriptContext, RecyclableObject* thisObj, JavascriptString* input, JavascriptFunction* replaceFn);
+        static Var RegexEs6ReplaceImpl(ScriptContext* scriptContext, RecyclableObject* thisObj, JavascriptString* input, RecyclableObject* replaceFn);
         template<typename ReplacementFn>
         static Var RegexEs6ReplaceImpl(ScriptContext* scriptContext, RecyclableObject* thisObj, JavascriptString* input, ReplacementFn appendReplacement, bool noResult);
         static Var RegexEs5ReplaceImpl(ScriptContext* scriptContext, JavascriptRegExp* regularExpression, JavascriptString* input, JavascriptString* replace, bool noResult);
-        static Var RegexReplaceImpl(ScriptContext* scriptContext, RecyclableObject* thisObj, JavascriptString* input, JavascriptFunction* replacefn);
-        static Var RegexEs5ReplaceImpl(ScriptContext* scriptContext, JavascriptRegExp* regularExpression, JavascriptString* input, JavascriptFunction* replacefn);
+        static Var RegexReplaceImpl(ScriptContext* scriptContext, RecyclableObject* thisObj, JavascriptString* input, RecyclableObject* replacefn);
+        static Var RegexEs5ReplaceImpl(ScriptContext* scriptContext, JavascriptRegExp* regularExpression, JavascriptString* input, RecyclableObject* replacefn);
         static Var RegexSearchImpl(ScriptContext* scriptContext, JavascriptRegExp* regularExpression, JavascriptString* input);
         inline static UnifiedRegex::RegexPattern *GetSplitPattern(ScriptContext* scriptContext, JavascriptRegExp *regularExpression);
         static bool IsRegexSymbolSplitObservable(RecyclableObject* instance, ScriptContext* scriptContext);

lib/Runtime/Library/TypedArray.cpp

@@ -1423,17 +1423,17 @@ namespace Js
         }
 
         bool mapping = false;
-        JavascriptFunction* mapFn = nullptr;
+        RecyclableObject* mapFn = nullptr;
         Var mapFnThisArg = nullptr;
 
         if (args.Info.Count >= 3)
         {
-            if (!VarIs<JavascriptFunction>(args[2]))
+            if (!JavascriptConversion::IsCallable(args[2]))
             {
                 JavascriptError::ThrowTypeError(scriptContext, JSERR_FunctionArgument_NeedFunction, _u("[TypedArray].from"));
             }
 
-            mapFn = VarTo<JavascriptFunction>(args[2]);
+            mapFn = VarTo<RecyclableObject>(args[2]);
 
             if (args.Info.Count >= 4)
             {

test/Regex/regex_replacefn.baseline

@@ -18,3 +18,6 @@ abcxyz
 0
 0
 _abc_abc
+0
+0
+_abc_abc

test/Regex/regex_replacefn.js

@@ -44,3 +44,9 @@ var str = "abcabc";
 re.lastIndex = 3;
 WScript.Echo(str.replace(re, replacefn));
 
+let proxy = new Proxy(replacefn, {});
+var re = /abc/g;
+var str = "abcabc";
+re.lastIndex = 3;
+WScript.Echo(str.replace(re, proxy));
+

test/es6/regex-symbols.js

@@ -516,6 +516,42 @@ var tests = [
             verify("global", "a*b*c", 2, "g");
         }
     },
+    {
+        name: "RegExp.prototype[@@replace] should call proxy 'replaceValue' to get the substitution when 'replaceValue' is callable",
+        body: function () {
+            var pattern = "(-)(=)";
+            var string = "a-=b-=c";
+            var replace = "*$&$1";
+
+            function verify(assertMessagePrefix, expectedResult, expectedCallCount, flags) {
+                withObservableRegExp(function () {
+                    var passedCorrectArguments = false;
+                    var callCount = 0;
+                    var re = new RegExp(pattern, flags);
+                    var replace = function (matched, capture1, capture2, position, stringArg) {
+                        callCount += 1;
+                        passedCorrectArguments =
+                            matched === "-=" &&
+                            capture1 === "-" &&
+                            capture2 === "=" &&
+                            (position === 1 || position === 4) &&
+                            stringArg === string;
+                        return "*";
+                    }
+                    var replaceProxy = new Proxy(replace, {});
+
+                    var result = re[Symbol.replace](string, replaceProxy);
+
+                    assert.areEqual(expectedCallCount, callCount, assertMessagePrefix + ": callCount");
+                    assert.isTrue(passedCorrectArguments, assertMessagePrefix + ": replace function arguments");
+                    assert.areEqual(expectedResult, result, assertMessagePrefix + ": result");
+                })
+            }
+
+            verify("non-global", "a*b-=c", 1, "");
+            verify("global", "a*b*c", 2, "g");
+        }
+    },
     {
         name: "RegExp.prototype[@@replace] should 'Get' 'global' when it is overridden",
         body: function () {