WebKit Bugzilla
Attachment 340084 Details for
Bug 185509
: [JSC] Make return types of construction functions tight
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-185509-20180510211006.patch (text/plain), 5.21 KB, created by
Yusuke Suzuki
on 2018-05-10 05:10:07 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Yusuke Suzuki
Created:
2018-05-10 05:10:07 PDT
Size:
5.21 KB
patch
obsolete
>Subversion Revision: 231637 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 377da6914089e0bf7c0a2bdeb283ebdcab6d3180..d890a9ce7845861927d9a9c6a924e2abf5e47455 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,18 @@ >+2018-05-10 Yusuke Suzuki <utatane.tea@gmail.com> >+ >+ [JSC] Make return types of construction functions tight >+ https://bugs.webkit.org/show_bug.cgi?id=185509 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Array and Object construction functions should return strict types instead of returning JSObject*/JSValue. >+ >+ * runtime/ArrayConstructor.cpp: >+ (JSC::constructArrayWithSizeQuirk): >+ * runtime/ArrayConstructor.h: >+ * runtime/ObjectConstructor.h: >+ (JSC::constructEmptyObject): >+ > 2018-05-09 Caio Lima <ticaiolima@gmail.com> > > [ESNext][BigInt] Implement support for "==" operation >diff --git a/Source/JavaScriptCore/runtime/ArrayConstructor.cpp b/Source/JavaScriptCore/runtime/ArrayConstructor.cpp >index ab4131d75d71771c88d0c611659b7a671a966977..ac6f3e979e10b84399fdb24af6dfa3f68a48563a 100644 >--- a/Source/JavaScriptCore/runtime/ArrayConstructor.cpp >+++ b/Source/JavaScriptCore/runtime/ArrayConstructor.cpp >@@ -69,7 +69,7 @@ void ArrayConstructor::finishCreation(VM& vm, JSGlobalObject* globalObject, Arra > > // ------------------------------ Functions --------------------------- > >-JSValue constructArrayWithSizeQuirk(ExecState* exec, ArrayAllocationProfile* profile, JSGlobalObject* globalObject, JSValue length, JSValue newTarget) >+JSArray* constructArrayWithSizeQuirk(ExecState* exec, ArrayAllocationProfile* profile, JSGlobalObject* globalObject, JSValue length, JSValue newTarget) > { > VM& vm = exec->vm(); > auto scope = DECLARE_THROW_SCOPE(vm); >@@ -79,13 +79,15 @@ JSValue constructArrayWithSizeQuirk(ExecState* exec, ArrayAllocationProfile* pro > } > > uint32_t n = length.toUInt32(exec); >- if (n != length.toNumber(exec)) >- return throwException(exec, scope, createRangeError(exec, ASCIILiteral("Array size is not a small enough positive integer."))); >+ if (n != length.toNumber(exec)) { >+ throwException(exec, scope, createRangeError(exec, ASCIILiteral("Array size is not a small enough positive integer."))); >+ return nullptr; >+ } > scope.release(); > return constructEmptyArray(exec, profile, globalObject, n, newTarget); > } > >-static inline JSValue constructArrayWithSizeQuirk(ExecState* exec, const ArgList& args, JSValue newTarget) >+static inline JSArray* constructArrayWithSizeQuirk(ExecState* exec, const ArgList& args, JSValue newTarget) > { > JSGlobalObject* globalObject = jsCast<InternalFunction*>(exec->jsCallee())->globalObject(); > >diff --git a/Source/JavaScriptCore/runtime/ArrayConstructor.h b/Source/JavaScriptCore/runtime/ArrayConstructor.h >index aaaf8a28a366ffc5f93fe799b0b358e68923300f..83a7f2c3004259aa0c60d82a6def819a35537244 100644 >--- a/Source/JavaScriptCore/runtime/ArrayConstructor.h >+++ b/Source/JavaScriptCore/runtime/ArrayConstructor.h >@@ -56,7 +56,7 @@ class ArrayConstructor final : public InternalFunction { > ArrayConstructor(VM&, Structure*); > }; > >-JSValue constructArrayWithSizeQuirk(ExecState*, ArrayAllocationProfile*, JSGlobalObject*, JSValue length, JSValue prototype = JSValue()); >+JSArray* constructArrayWithSizeQuirk(ExecState*, ArrayAllocationProfile*, JSGlobalObject*, JSValue length, JSValue prototype = JSValue()); > > EncodedJSValue JSC_HOST_CALL arrayConstructorPrivateFuncIsArrayConstructor(ExecState*); > EncodedJSValue JSC_HOST_CALL arrayConstructorPrivateFuncIsArraySlow(ExecState*); >diff --git a/Source/JavaScriptCore/runtime/ObjectConstructor.h b/Source/JavaScriptCore/runtime/ObjectConstructor.h >index 40be351f19803912817711e6d991affcaf02e4ca..0cd7e93710b8b6bcfbad02904bd2dfeb06a99f50 100644 >--- a/Source/JavaScriptCore/runtime/ObjectConstructor.h >+++ b/Source/JavaScriptCore/runtime/ObjectConstructor.h >@@ -60,12 +60,12 @@ class ObjectConstructor final : public InternalFunction { > ObjectConstructor(VM&, Structure*); > }; > >-inline JSObject* constructEmptyObject(ExecState* exec, Structure* structure) >+inline JSFinalObject* constructEmptyObject(ExecState* exec, Structure* structure) > { > return JSFinalObject::create(exec, structure); > } > >-inline JSObject* constructEmptyObject(ExecState* exec, JSObject* prototype, unsigned inlineCapacity) >+inline JSFinalObject* constructEmptyObject(ExecState* exec, JSObject* prototype, unsigned inlineCapacity) > { > JSGlobalObject* globalObject = exec->lexicalGlobalObject(); > StructureCache& structureCache = globalObject->vm().structureCache; >@@ -73,12 +73,12 @@ inline JSObject* constructEmptyObject(ExecState* exec, JSObject* prototype, unsi > return constructEmptyObject(exec, structure); > } > >-inline JSObject* constructEmptyObject(ExecState* exec, JSObject* prototype) >+inline JSFinalObject* constructEmptyObject(ExecState* exec, JSObject* prototype) > { > return constructEmptyObject(exec, prototype, JSFinalObject::defaultInlineCapacity()); > } > >-inline JSObject* constructEmptyObject(ExecState* exec) >+inline JSFinalObject* constructEmptyObject(ExecState* exec) > { > return constructEmptyObject(exec, exec->lexicalGlobalObject()->objectStructureForObjectConstructor()); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=340084">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
saam
:
review+
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 185509
: 340084