WebKit Bugzilla
Attachment 340323 Details for
Bug 185601
: [JSC] Check TypeInfo first before calling getCallData when we would like to check whether given object is a function
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-185601-20180515015946.patch (text/plain), 43.44 KB, created by
Yusuke Suzuki
on 2018-05-14 09:59:47 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Yusuke Suzuki
Created:
2018-05-14 09:59:47 PDT
Size:
43.44 KB
patch
obsolete
>Subversion Revision: 231758 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 5f404d99413b3f971da8bbc3e0aaa7fff03ed4fa..c98e393beef6c212f261cd32017567e38b98cc28 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,80 @@ >+2018-05-14 Yusuke Suzuki <utatane.tea@gmail.com> >+ >+ [JSC] Check TypeOfShouldCallGetCallData before calling getCallData when we would like to check whether a given object is callable >+ https://bugs.webkit.org/show_bug.cgi?id=185601 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Check TypeOfShouldCallGetCallData before calling getCallData when we would like to check >+ whether a given object is callable since getCallData is a virtual call. When we call >+ the object anyway, directly calling getCallData is fine. But if we would like to check >+ whether the object is callable, we can have non callable objects frequently. In that case, >+ we should not call getCallData if we can avoid it. >+ >+ To do this cleanly, we refactor JSValue::{isFunction,isCallable}. We add JSCell::{isFunction,isCallable} >+ and JSValue ones call into these functions. Inside JSCell::{isFunction,isCallable}, we perform >+ TypeOfShouldCallGetCallData checking before calling getCallData. >+ >+ We found that this virtual call exists in JSON.stringify's critial path. Checking >+ TypeOfShouldCallGetCallData improves Kraken/json-stringify-tinderbox by 2-4%. >+ >+ baseline patched >+ >+ json-stringify-tinderbox 39.245+-0.335 ^ 38.117+-0.216 ^ definitely 1.0296x faster >+ >+ * dfg/DFGOperations.cpp: >+ * runtime/ExceptionHelpers.cpp: >+ (JSC::createError): >+ (JSC::createInvalidFunctionApplyParameterError): >+ * runtime/FunctionPrototype.cpp: >+ (JSC::functionProtoFuncToString): >+ * runtime/JSCJSValue.h: >+ * runtime/JSCJSValueInlines.h: >+ (JSC::JSValue::isFunction const): >+ (JSC::JSValue::isCallable const): >+ * runtime/JSCell.h: >+ * runtime/JSCellInlines.h: >+ (JSC::JSCell::isFunction): >+ (JSC::JSCell::isCallable): >+ * runtime/JSONObject.cpp: >+ (JSC::Stringifier::toJSON): >+ (JSC::Stringifier::toJSONImpl): >+ (JSC::Stringifier::appendStringifiedValue): >+ * runtime/JSObjectInlines.h: >+ (JSC::createListFromArrayLike): >+ * runtime/Operations.cpp: >+ (JSC::jsTypeStringForValue): >+ (JSC::jsIsObjectTypeOrNull): >+ * runtime/RuntimeType.cpp: >+ (JSC::runtimeTypeForValue): >+ * runtime/RuntimeType.h: >+ * runtime/TypeProfilerLog.cpp: >+ (JSC::TypeProfilerLog::TypeProfilerLog): >+ (JSC::TypeProfilerLog::processLogEntries): >+ * runtime/TypeProfilerLog.h: >+ * runtime/VM.cpp: >+ (JSC::VM::enableTypeProfiler): >+ * tools/JSDollarVM.cpp: >+ (JSC::functionFindTypeForExpression): >+ (JSC::functionReturnTypeFor): >+ (JSC::functionHasBasicBlockExecuted): >+ (JSC::functionBasicBlockExecutionCount): >+ * wasm/js/JSWebAssemblyHelpers.h: >+ (JSC::getWasmBufferFromValue): >+ * wasm/js/JSWebAssemblyInstance.cpp: >+ (JSC::JSWebAssemblyInstance::create): >+ * wasm/js/WebAssemblyFunction.cpp: >+ (JSC::callWebAssemblyFunction): >+ * wasm/js/WebAssemblyInstanceConstructor.cpp: >+ (JSC::constructJSWebAssemblyInstance): >+ * wasm/js/WebAssemblyModuleRecord.cpp: >+ (JSC::WebAssemblyModuleRecord::link): >+ * wasm/js/WebAssemblyPrototype.cpp: >+ (JSC::webAssemblyInstantiateFunc): >+ (JSC::webAssemblyInstantiateStreamingInternal): >+ * wasm/js/WebAssemblyWrapperFunction.cpp: >+ (JSC::WebAssemblyWrapperFunction::finishCreation): >+ > 2018-05-14 Dominik Infuehr <dinfuehr@igalia.com> > > [MIPS] Use btpz to compare against 0 instead of bpeq >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index decbd80d0199d8d6cbef1dd40c535746a13e05d6..6678c81a21f7f27fb52d52ff45df464ad70a36c1 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,33 @@ >+2018-05-14 Yusuke Suzuki <utatane.tea@gmail.com> >+ >+ [JSC] Check TypeOfShouldCallGetCallData before calling getCallData when we would like to check whether a given object is callable >+ https://bugs.webkit.org/show_bug.cgi?id=185601 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ No behavior change. >+ >+ * Modules/plugins/QuickTimePluginReplacement.mm: >+ (WebCore::QuickTimePluginReplacement::ensureReplacementScriptInjected): >+ * bindings/js/JSCustomElementRegistryCustom.cpp: >+ (WebCore::getCustomElementCallback): >+ * bindings/js/JSDOMConvertCallbacks.h: >+ (WebCore::Converter<IDLCallbackFunction<T>>::convert): >+ * bindings/js/JSDOMPromise.cpp: >+ (WebCore::DOMPromise::whenSettled): >+ * bindings/js/ReadableStream.cpp: >+ (WebCore::ReadableStream::pipeTo): >+ (WebCore::ReadableStream::tee): >+ * bindings/js/ReadableStreamDefaultController.cpp: >+ (WebCore::ReadableStreamDefaultController::invoke): >+ * bindings/scripts/CodeGeneratorJS.pm: >+ (GenerateOverloadDispatcher): >+ * html/HTMLMediaElement.cpp: >+ (WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript): >+ * testing/Internals.cpp: >+ (WebCore::Internals::parserMetaData): >+ (WebCore::Internals::cloneArrayBuffer): >+ > 2018-05-14 Zalan Bujtas <zalan@apple.com> > > [LFC] Implement height computation for non-replaced out of flow elements. >diff --git a/Source/JavaScriptCore/dfg/DFGOperations.cpp b/Source/JavaScriptCore/dfg/DFGOperations.cpp >index 9c2f44b7869a0e92602ec148cb02a5e28b3842c2..5b0947e3d5f5bd8e6250bd9ec549e8b966eb80fc 100644 >--- a/Source/JavaScriptCore/dfg/DFGOperations.cpp >+++ b/Source/JavaScriptCore/dfg/DFGOperations.cpp >@@ -1741,14 +1741,8 @@ size_t JIT_OPERATION operationObjectIsObject(ExecState* exec, JSGlobalObject* gl > > if (object->structure(vm)->masqueradesAsUndefined(globalObject)) > return false; >- if (object->type() == JSFunctionType) >+ if (object->isFunction(vm)) > return false; >- if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) { >- CallData callData; >- if (object->methodTable(vm)->getCallData(object, callData) != CallType::None) >- return false; >- } >- > return true; > } > >@@ -1761,14 +1755,8 @@ size_t JIT_OPERATION operationObjectIsFunction(ExecState* exec, JSGlobalObject* > > if (object->structure(vm)->masqueradesAsUndefined(globalObject)) > return false; >- if (object->type() == JSFunctionType) >+ if (object->isFunction(vm)) > return true; >- if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) { >- CallData callData; >- if (object->methodTable(vm)->getCallData(object, callData) != CallType::None) >- return true; >- } >- > return false; > } > >@@ -1781,14 +1769,8 @@ JSCell* JIT_OPERATION operationTypeOfObject(ExecState* exec, JSGlobalObject* glo > > if (object->structure(vm)->masqueradesAsUndefined(globalObject)) > return vm.smallStrings.undefinedString(); >- if (object->type() == JSFunctionType) >+ if (object->isFunction(vm)) > return vm.smallStrings.functionString(); >- if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) { >- CallData callData; >- if (object->methodTable(vm)->getCallData(object, callData) != CallType::None) >- return vm.smallStrings.functionString(); >- } >- > return vm.smallStrings.objectString(); > } > >@@ -1801,14 +1783,8 @@ int32_t JIT_OPERATION operationTypeOfObjectAsTypeofType(ExecState* exec, JSGloba > > if (object->structure(vm)->masqueradesAsUndefined(globalObject)) > return static_cast<int32_t>(TypeofType::Undefined); >- if (object->type() == JSFunctionType) >+ if (object->isFunction(vm)) > return static_cast<int32_t>(TypeofType::Function); >- if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) { >- CallData callData; >- if (object->methodTable(vm)->getCallData(object, callData) != CallType::None) >- return static_cast<int32_t>(TypeofType::Function); >- } >- > return static_cast<int32_t>(TypeofType::Object); > } > >diff --git a/Source/JavaScriptCore/runtime/ExceptionHelpers.cpp b/Source/JavaScriptCore/runtime/ExceptionHelpers.cpp >index 699144b4a7ed372d9a937b64a49c279f9d3e7faf..63653b3f8b2d7da4b5c74ce34c8c0c7e2342ad8d 100644 >--- a/Source/JavaScriptCore/runtime/ExceptionHelpers.cpp >+++ b/Source/JavaScriptCore/runtime/ExceptionHelpers.cpp >@@ -270,7 +270,7 @@ JSObject* createError(ExecState* exec, JSValue value, const String& message, Err > > String errorMessage = makeString(errorDescriptionForValue(exec, value)->value(exec), ' ', message); > scope.assertNoException(); >- JSObject* exception = createTypeError(exec, errorMessage, appender, runtimeTypeForValue(value)); >+ JSObject* exception = createTypeError(exec, errorMessage, appender, runtimeTypeForValue(vm, value)); > ASSERT(exception->isErrorInstance()); > > return exception; >@@ -278,7 +278,8 @@ JSObject* createError(ExecState* exec, JSValue value, const String& message, Err > > JSObject* createInvalidFunctionApplyParameterError(ExecState* exec, JSValue value) > { >- JSObject* exception = createTypeError(exec, makeString("second argument to Function.prototype.apply must be an Array-like object"), defaultSourceAppender, runtimeTypeForValue(value)); >+ VM& vm = exec->vm(); >+ JSObject* exception = createTypeError(exec, makeString("second argument to Function.prototype.apply must be an Array-like object"), defaultSourceAppender, runtimeTypeForValue(vm, value)); > ASSERT(exception->isErrorInstance()); > return exception; > } >diff --git a/Source/JavaScriptCore/runtime/FunctionPrototype.cpp b/Source/JavaScriptCore/runtime/FunctionPrototype.cpp >index a39539bd0146e397c51164763b574aeb02d4c2fb..162f46b179056cb817203cf0b66972d799e31646 100644 >--- a/Source/JavaScriptCore/runtime/FunctionPrototype.cpp >+++ b/Source/JavaScriptCore/runtime/FunctionPrototype.cpp >@@ -125,13 +125,10 @@ EncodedJSValue JSC_HOST_CALL functionProtoFuncToString(ExecState* exec) > > if (thisValue.isObject()) { > JSObject* object = asObject(thisValue); >- if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) { >- CallData callData; >- if (object->methodTable(vm)->getCallData(object, callData) != CallType::None) { >- if (auto* classInfo = object->classInfo(vm)) { >- scope.release(); >- return JSValue::encode(jsMakeNontrivialString(exec, "function ", classInfo->className, "() {\n [native code]\n}")); >- } >+ if (object->isFunction(vm)) { >+ if (auto* classInfo = object->classInfo(vm)) { >+ scope.release(); >+ return JSValue::encode(jsMakeNontrivialString(exec, "function ", classInfo->className, "() {\n [native code]\n}")); > } > } > } >diff --git a/Source/JavaScriptCore/runtime/JSCJSValue.h b/Source/JavaScriptCore/runtime/JSCJSValue.h >index 91dc1a40f14e37672f4101604c0690e6097e18fc..94d5a515e96c9f21aed82bb0bec9e6da69662af3 100644 >--- a/Source/JavaScriptCore/runtime/JSCJSValue.h >+++ b/Source/JavaScriptCore/runtime/JSCJSValue.h >@@ -218,9 +218,8 @@ class JSValue { > > // Querying the type. > bool isEmpty() const; >- bool isFunction() const; >- bool isFunction(CallType&, CallData&) const; >- bool isCallable(CallType&, CallData&) const; >+ bool isFunction(VM&) const; >+ bool isCallable(VM&, CallType&, CallData&) const; > bool isConstructor() const; > bool isConstructor(ConstructType&, ConstructData&) const; > bool isUndefined() const; >diff --git a/Source/JavaScriptCore/runtime/JSCJSValueInlines.h b/Source/JavaScriptCore/runtime/JSCJSValueInlines.h >index 3aee0c47e6334168cd02309b646a24357814f1f5..55b1218eaf3a7a99df13873a913feac81d17fc8a 100644 >--- a/Source/JavaScriptCore/runtime/JSCJSValueInlines.h >+++ b/Source/JavaScriptCore/runtime/JSCJSValueInlines.h >@@ -759,27 +759,18 @@ inline JSObject* JSValue::toObject(ExecState* exec, JSGlobalObject* globalObject > return isCell() ? asCell()->toObject(exec, globalObject) : toObjectSlowCase(exec, globalObject); > } > >-inline bool JSValue::isFunction() const >+inline bool JSValue::isFunction(VM& vm) const > { > if (!isCell()) > return false; >- JSCell* cell = asCell(); >- CallData ignored; >- return cell->methodTable()->getCallData(cell, ignored) != CallType::None; >+ return asCell()->isFunction(vm); > } > >-inline bool JSValue::isFunction(CallType& callType, CallData& callData) const >-{ >- return isCallable(callType, callData); >-} >- >-inline bool JSValue::isCallable(CallType& callType, CallData& callData) const >+inline bool JSValue::isCallable(VM& vm, CallType& callType, CallData& callData) const > { > if (!isCell()) > return false; >- JSCell* cell = asCell(); >- callType = cell->methodTable()->getCallData(cell, callData); >- return callType != CallType::None; >+ return asCell()->isCallable(vm, callType, callData); > } > > inline bool JSValue::isConstructor() const >diff --git a/Source/JavaScriptCore/runtime/JSCell.h b/Source/JavaScriptCore/runtime/JSCell.h >index f8d5ac955f1b65ea2897ea88471bd106ae016741..188a9f1175614fb67f7a2fc98d55a7a5b1bab48f 100644 >--- a/Source/JavaScriptCore/runtime/JSCell.h >+++ b/Source/JavaScriptCore/runtime/JSCell.h >@@ -115,6 +115,8 @@ class JSCell : public HeapCell { > bool isGetterSetter() const; > bool isCustomGetterSetter() const; > bool isProxy() const; >+ bool isFunction(VM&); >+ bool isCallable(VM&, CallType&, CallData&); > bool inherits(VM&, const ClassInfo*) const; > template<typename Target> bool inherits(VM&) const; > bool isAPIValueWrapper() const; >diff --git a/Source/JavaScriptCore/runtime/JSCellInlines.h b/Source/JavaScriptCore/runtime/JSCellInlines.h >index 8028b89fa0fef8b80db5ba6b5f94ba8bb597a429..c6d78263633b3a7512ce76a0d3e53128f9c7901e 100644 >--- a/Source/JavaScriptCore/runtime/JSCellInlines.h >+++ b/Source/JavaScriptCore/runtime/JSCellInlines.h >@@ -218,6 +218,25 @@ inline bool JSCell::isProxy() const > return m_type == ImpureProxyType || m_type == PureForwardingProxyType; > } > >+inline bool JSCell::isFunction(VM& vm) >+{ >+ if (type() == JSFunctionType) >+ return true; >+ if (inlineTypeFlags() & TypeOfShouldCallGetCallData) { >+ CallData ignoredCallData; >+ return methodTable(vm)->getCallData(this, ignoredCallData) != CallType::None; >+ } >+ return false; >+} >+ >+inline bool JSCell::isCallable(VM& vm, CallType& callType, CallData& callData) >+{ >+ if (type() != JSFunctionType && !(inlineTypeFlags() & TypeOfShouldCallGetCallData)) >+ return false; >+ callType = methodTable(vm)->getCallData(this, callData); >+ return callType != CallType::None; >+} >+ > inline bool JSCell::isAPIValueWrapper() const > { > return m_type == APIValueWrapperType; >diff --git a/Source/JavaScriptCore/runtime/JSONObject.cpp b/Source/JavaScriptCore/runtime/JSONObject.cpp >index b3a7808b64fe36a86a28134fe79ab1ddcdfd3a01..7d8439417eec863bb497975ebf54d2f0b9abf006 100644 >--- a/Source/JavaScriptCore/runtime/JSONObject.cpp >+++ b/Source/JavaScriptCore/runtime/JSONObject.cpp >@@ -111,7 +111,7 @@ class Stringifier { > friend class Holder; > > JSValue toJSON(JSValue, const PropertyNameForFunctionCall&); >- JSValue toJSONImpl(JSValue value, JSValue toJSONFunction, const PropertyNameForFunctionCall&); >+ JSValue toJSONImpl(VM&, JSValue, JSValue toJSONFunction, const PropertyNameForFunctionCall&); > > enum StringifyResult { StringifyFailed, StringifySucceeded, StringifyFailedDueToUndefinedOrSymbolValue }; > StringifyResult appendStringifiedValue(StringBuilder&, JSValue, const Holder&, const PropertyNameForFunctionCall&); >@@ -299,14 +299,14 @@ ALWAYS_INLINE JSValue Stringifier::toJSON(JSValue value, const PropertyNameForFu > JSValue toJSONFunction = slot.getValue(m_exec, vm.propertyNames->toJSON); > RETURN_IF_EXCEPTION(scope, { }); > scope.release(); >- return toJSONImpl(value, toJSONFunction, propertyName); >+ return toJSONImpl(vm, value, toJSONFunction, propertyName); > } > >-JSValue Stringifier::toJSONImpl(JSValue value, JSValue toJSONFunction, const PropertyNameForFunctionCall& propertyName) >+JSValue Stringifier::toJSONImpl(VM& vm, JSValue value, JSValue toJSONFunction, const PropertyNameForFunctionCall& propertyName) > { > CallType callType; > CallData callData; >- if (!toJSONFunction.isCallable(callType, callData)) >+ if (!toJSONFunction.isCallable(vm, callType, callData)) > return value; > > MarkedArgumentBuffer args; >@@ -380,9 +380,7 @@ Stringifier::StringifyResult Stringifier::appendStringifiedValue(StringBuilder& > return StringifyFailed; > > JSObject* object = asObject(value); >- >- CallData callData; >- if (object->methodTable(vm)->getCallData(object, callData) != CallType::None) { >+ if (object->isFunction(vm)) { > if (holder.isArray()) { > builder.appendLiteral("null"); > return StringifySucceeded; >diff --git a/Source/JavaScriptCore/runtime/JSObjectInlines.h b/Source/JavaScriptCore/runtime/JSObjectInlines.h >index 9fc266c3a2f9e87533b086ae99d12a8fd6f6ff5c..7209c3a0ad677c97f2f5600cc73e737c82814b91 100644 >--- a/Source/JavaScriptCore/runtime/JSObjectInlines.h >+++ b/Source/JavaScriptCore/runtime/JSObjectInlines.h >@@ -48,7 +48,7 @@ void createListFromArrayLike(ExecState* exec, JSValue arrayLikeValue, RuntimeTyp > JSValue next = arrayLikeValue.get(exec, index); > RETURN_IF_EXCEPTION(scope, void()); > >- RuntimeType type = runtimeTypeForValue(next); >+ RuntimeType type = runtimeTypeForValue(vm, next); > if (!(type & legalTypesFilter)) { > throwTypeError(exec, scope, errorMessage); > return; >diff --git a/Source/JavaScriptCore/runtime/Operations.cpp b/Source/JavaScriptCore/runtime/Operations.cpp >index 97cfa07a9694022256c9c38a66c76433517cd65e..57aec03367afcf45f51e584fe36855955a8c17ae 100644 >--- a/Source/JavaScriptCore/runtime/Operations.cpp >+++ b/Source/JavaScriptCore/runtime/Operations.cpp >@@ -90,14 +90,8 @@ JSValue jsTypeStringForValue(VM& vm, JSGlobalObject* globalObject, JSValue v) > // as null when doing comparisons. > if (object->structure(vm)->masqueradesAsUndefined(globalObject)) > return vm.smallStrings.undefinedString(); >- if (object->type() == JSFunctionType) >+ if (object->isFunction(vm)) > return vm.smallStrings.functionString(); >- if (object->inlineTypeFlags() & TypeOfShouldCallGetCallData) { >- CallData callData; >- JSObject* object = asObject(v); >- if (object->methodTable(vm)->getCallData(object, callData) != CallType::None) >- return vm.smallStrings.functionString(); >- } > } > return vm.smallStrings.objectString(); > } >@@ -119,9 +113,8 @@ bool jsIsObjectTypeOrNull(CallFrame* callFrame, JSValue v) > if (type >= ObjectType) { > if (asObject(v)->structure(vm)->masqueradesAsUndefined(callFrame->lexicalGlobalObject())) > return false; >- CallData callData; > JSObject* object = asObject(v); >- if (object->methodTable(vm)->getCallData(object, callData) != CallType::None) >+ if (object->isFunction(vm)) > return false; > } > return true; >diff --git a/Source/JavaScriptCore/runtime/RuntimeType.cpp b/Source/JavaScriptCore/runtime/RuntimeType.cpp >index dfd8cc96a7d6a5685ca1f501be23712d93961e2d..2f94f10f529e5613506b8f5b203e4aac753370ff 100644 >--- a/Source/JavaScriptCore/runtime/RuntimeType.cpp >+++ b/Source/JavaScriptCore/runtime/RuntimeType.cpp >@@ -32,7 +32,7 @@ > > namespace JSC { > >-RuntimeType runtimeTypeForValue(JSValue value) >+RuntimeType runtimeTypeForValue(VM& vm, JSValue value) > { > if (UNLIKELY(!value)) > return TypeNothing; >@@ -51,7 +51,7 @@ RuntimeType runtimeTypeForValue(JSValue value) > return TypeBoolean; > if (value.isObject()) > return TypeObject; >- if (value.isFunction()) >+ if (value.isFunction(vm)) > return TypeFunction; > if (value.isSymbol()) > return TypeSymbol; >diff --git a/Source/JavaScriptCore/runtime/RuntimeType.h b/Source/JavaScriptCore/runtime/RuntimeType.h >index 82f395f4b4e0da0448f15009c64b99008d820272..82388eb0a47391c76facf1b5071b3efbb87769a4 100644 >--- a/Source/JavaScriptCore/runtime/RuntimeType.h >+++ b/Source/JavaScriptCore/runtime/RuntimeType.h >@@ -48,7 +48,7 @@ typedef uint16_t RuntimeTypeMask; > static const RuntimeTypeMask RuntimeTypeMaskAllTypes = TypeFunction | TypeUndefined | TypeNull | TypeBoolean | TypeAnyInt | TypeNumber | TypeString | TypeObject | TypeSymbol; > > class JSValue; >-RuntimeType runtimeTypeForValue(JSValue); >+RuntimeType runtimeTypeForValue(VM&, JSValue); > String runtimeTypeAsString(RuntimeType); > > ALWAYS_INLINE bool runtimeTypeIsPrimitive(RuntimeTypeMask type) >diff --git a/Source/JavaScriptCore/runtime/TypeProfilerLog.cpp b/Source/JavaScriptCore/runtime/TypeProfilerLog.cpp >index 2ce3f38759d86c9c72fbdb89786362b94d7db4c1..79c842edd7d6fc0a9cab5cfb796fdceb1fbfcbf2 100644 >--- a/Source/JavaScriptCore/runtime/TypeProfilerLog.cpp >+++ b/Source/JavaScriptCore/runtime/TypeProfilerLog.cpp >@@ -40,8 +40,9 @@ namespace TypeProfilerLogInternal { > static const bool verbose = false; > } > >-TypeProfilerLog::TypeProfilerLog() >- : m_logSize(50000) >+TypeProfilerLog::TypeProfilerLog(VM& vm) >+ : m_vm(vm) >+ , m_logSize(50000) > , m_logStartPtr(new LogEntry[m_logSize]) > , m_currentLogEntryPtr(m_logStartPtr) > , m_logEndPtr(m_logStartPtr + m_logSize) >@@ -95,7 +96,7 @@ void TypeProfilerLog::processLogEntries(const String& reason) > shape = iter->value; > } > >- RuntimeType type = runtimeTypeForValue(value); >+ RuntimeType type = runtimeTypeForValue(m_vm, value); > TypeLocation* location = entry->location; > location->m_lastSeenType = type; > if (location->m_globalTypeSet) >diff --git a/Source/JavaScriptCore/runtime/TypeProfilerLog.h b/Source/JavaScriptCore/runtime/TypeProfilerLog.h >index 394193348c6e94044039ccec678a330bb8843ed5..93870438f3700f2243e8c5a5a10d802e7cd08d08 100644 >--- a/Source/JavaScriptCore/runtime/TypeProfilerLog.h >+++ b/Source/JavaScriptCore/runtime/TypeProfilerLog.h >@@ -53,7 +53,7 @@ class TypeProfilerLog { > }; > > >- TypeProfilerLog(); >+ TypeProfilerLog(VM&); > ~TypeProfilerLog(); > > JS_EXPORT_PRIVATE void processLogEntries(const String&); >@@ -67,6 +67,7 @@ class TypeProfilerLog { > private: > friend class LLIntOffsetsExtractor; > >+ VM& m_vm; > unsigned m_logSize; > LogEntry* m_logStartPtr; > LogEntry* m_currentLogEntryPtr; >diff --git a/Source/JavaScriptCore/runtime/VM.cpp b/Source/JavaScriptCore/runtime/VM.cpp >index fb00478ec54b021af6ad194806a2631796c03f41..8c90631ed40b5f7e633330707b8b4f68962a1cc0 100644 >--- a/Source/JavaScriptCore/runtime/VM.cpp >+++ b/Source/JavaScriptCore/runtime/VM.cpp >@@ -1043,7 +1043,7 @@ bool VM::enableTypeProfiler() > { > auto enableTypeProfiler = [this] () { > this->m_typeProfiler = std::make_unique<TypeProfiler>(); >- this->m_typeProfilerLog = std::make_unique<TypeProfilerLog>(); >+ this->m_typeProfilerLog = std::make_unique<TypeProfilerLog>(*this); > }; > > return enableProfilerWithRespectToCount(m_typeProfilerEnabledCount, enableTypeProfiler); >diff --git a/Source/JavaScriptCore/tools/JSDollarVM.cpp b/Source/JavaScriptCore/tools/JSDollarVM.cpp >index 5ae0b0825374a41119d6103f4a51dbab8b1d7338..de17afb412f0e0ab72b78d772891caf2a35fa23f 100644 >--- a/Source/JavaScriptCore/tools/JSDollarVM.cpp >+++ b/Source/JavaScriptCore/tools/JSDollarVM.cpp >@@ -1614,7 +1614,7 @@ static EncodedJSValue JSC_HOST_CALL functionFindTypeForExpression(ExecState* exe > vm.typeProfilerLog()->processLogEntries(ASCIILiteral("jsc Testing API: functionFindTypeForExpression")); > > JSValue functionValue = exec->argument(0); >- RELEASE_ASSERT(functionValue.isFunction()); >+ RELEASE_ASSERT(functionValue.isFunction(vm)); > FunctionExecutable* executable = (jsDynamicCast<JSFunction*>(vm, functionValue.asCell()->getObject()))->jsExecutable(); > > RELEASE_ASSERT(exec->argument(1).isString()); >@@ -1633,7 +1633,7 @@ static EncodedJSValue JSC_HOST_CALL functionReturnTypeFor(ExecState* exec) > vm.typeProfilerLog()->processLogEntries(ASCIILiteral("jsc Testing API: functionReturnTypeFor")); > > JSValue functionValue = exec->argument(0); >- RELEASE_ASSERT(functionValue.isFunction()); >+ RELEASE_ASSERT(functionValue.isFunction(vm)); > FunctionExecutable* executable = (jsDynamicCast<JSFunction*>(vm, functionValue.asCell()->getObject()))->jsExecutable(); > > unsigned offset = executable->typeProfilingStartOffset(); >@@ -1655,7 +1655,7 @@ static EncodedJSValue JSC_HOST_CALL functionHasBasicBlockExecuted(ExecState* exe > RELEASE_ASSERT(vm.controlFlowProfiler()); > > JSValue functionValue = exec->argument(0); >- RELEASE_ASSERT(functionValue.isFunction()); >+ RELEASE_ASSERT(functionValue.isFunction(vm)); > FunctionExecutable* executable = (jsDynamicCast<JSFunction*>(vm, functionValue.asCell()->getObject()))->jsExecutable(); > > RELEASE_ASSERT(exec->argument(1).isString()); >@@ -1674,7 +1674,7 @@ static EncodedJSValue JSC_HOST_CALL functionBasicBlockExecutionCount(ExecState* > RELEASE_ASSERT(vm.controlFlowProfiler()); > > JSValue functionValue = exec->argument(0); >- RELEASE_ASSERT(functionValue.isFunction()); >+ RELEASE_ASSERT(functionValue.isFunction(vm)); > FunctionExecutable* executable = (jsDynamicCast<JSFunction*>(vm, functionValue.asCell()->getObject()))->jsExecutable(); > > RELEASE_ASSERT(exec->argument(1).isString()); >diff --git a/Source/JavaScriptCore/wasm/js/JSWebAssemblyHelpers.h b/Source/JavaScriptCore/wasm/js/JSWebAssemblyHelpers.h >index c51286b7da960c73eaae1f2877fe62939347e4fe..e6514b007dc665a828932d812e94b1efa563aed9 100644 >--- a/Source/JavaScriptCore/wasm/js/JSWebAssemblyHelpers.h >+++ b/Source/JavaScriptCore/wasm/js/JSWebAssemblyHelpers.h >@@ -65,13 +65,13 @@ ALWAYS_INLINE std::pair<const uint8_t*, size_t> getWasmBufferFromValue(ExecState > JSArrayBufferView* arrayBufferView = value.getObject() ? jsDynamicCast<JSArrayBufferView*>(vm, value.getObject()) : nullptr; > if (!(arrayBuffer || arrayBufferView)) { > throwException(exec, throwScope, createTypeError(exec, >- ASCIILiteral("first argument must be an ArrayBufferView or an ArrayBuffer"), defaultSourceAppender, runtimeTypeForValue(value))); >+ ASCIILiteral("first argument must be an ArrayBufferView or an ArrayBuffer"), defaultSourceAppender, runtimeTypeForValue(vm, value))); > return { nullptr, 0 }; > } > > if (arrayBufferView ? arrayBufferView->isNeutered() : arrayBuffer->impl()->isNeutered()) { > throwException(exec, throwScope, createTypeError(exec, >- ASCIILiteral("underlying TypedArray has been detatched from the ArrayBuffer"), defaultSourceAppender, runtimeTypeForValue(value))); >+ ASCIILiteral("underlying TypedArray has been detatched from the ArrayBuffer"), defaultSourceAppender, runtimeTypeForValue(vm, value))); > return { nullptr, 0 }; > } > >diff --git a/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp b/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp >index 8cf0504a8182af521a369279957163c3d93d0a10..6bd056bf310ee7ab09debe6ea3436b1950a08969 100644 >--- a/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp >+++ b/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp >@@ -218,7 +218,7 @@ JSWebAssemblyInstance* JSWebAssemblyInstance::create(VM& vm, ExecState* exec, co > RETURN_IF_EXCEPTION(throwScope, nullptr); > // 2. If Type(o) is not Object, throw a TypeError. > if (!importModuleValue.isObject()) >- return exception(createTypeError(exec, importFailMessage(import, "import", "must be an object"), defaultSourceAppender, runtimeTypeForValue(importModuleValue))); >+ return exception(createTypeError(exec, importFailMessage(import, "import", "must be an object"), defaultSourceAppender, runtimeTypeForValue(vm, importModuleValue))); > > // 3. Let v be the value of performing Get(o, i.item_name) > JSObject* object = jsCast<JSObject*>(importModuleValue); >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp b/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp >index bb674889e24c6dae09251f00a5b8becdb7f46f41..888bdb91a4482824a05c351cbf29effc2e092c8a 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp >@@ -55,7 +55,7 @@ static EncodedJSValue JSC_HOST_CALL callWebAssemblyFunction(ExecState* exec) > auto scope = DECLARE_THROW_SCOPE(vm); > WebAssemblyFunction* wasmFunction = jsDynamicCast<WebAssemblyFunction*>(vm, exec->jsCallee()); > if (!wasmFunction) >- return JSValue::encode(throwException(exec, scope, createTypeError(exec, "expected a WebAssembly function", defaultSourceAppender, runtimeTypeForValue(exec->jsCallee())))); >+ return JSValue::encode(throwException(exec, scope, createTypeError(exec, "expected a WebAssembly function", defaultSourceAppender, runtimeTypeForValue(vm, exec->jsCallee())))); > Wasm::SignatureIndex signatureIndex = wasmFunction->signatureIndex(); > const Wasm::Signature& signature = Wasm::SignatureInformation::get(signatureIndex); > >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyInstanceConstructor.cpp b/Source/JavaScriptCore/wasm/js/WebAssemblyInstanceConstructor.cpp >index 2089e4f7153b2690fa78a3eba72651479fcd5e86..e206c7e8bf4a23beef0c04b686a5eadb723e8f34 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyInstanceConstructor.cpp >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyInstanceConstructor.cpp >@@ -66,13 +66,13 @@ static EncodedJSValue JSC_HOST_CALL constructJSWebAssemblyInstance(ExecState* ex > // If moduleObject is not a WebAssembly.Module instance, a TypeError is thrown. > JSWebAssemblyModule* module = jsDynamicCast<JSWebAssemblyModule*>(vm, exec->argument(0)); > if (!module) >- return JSValue::encode(throwException(exec, scope, createTypeError(exec, ASCIILiteral("first argument to WebAssembly.Instance must be a WebAssembly.Module"), defaultSourceAppender, runtimeTypeForValue(exec->argument(0))))); >+ return JSValue::encode(throwException(exec, scope, createTypeError(exec, ASCIILiteral("first argument to WebAssembly.Instance must be a WebAssembly.Module"), defaultSourceAppender, runtimeTypeForValue(vm, exec->argument(0))))); > > // If the importObject parameter is not undefined and Type(importObject) is not Object, a TypeError is thrown. > JSValue importArgument = exec->argument(1); > JSObject* importObject = importArgument.getObject(); > if (!importArgument.isUndefined() && !importObject) >- return JSValue::encode(throwException(exec, scope, createTypeError(exec, ASCIILiteral("second argument to WebAssembly.Instance must be undefined or an Object"), defaultSourceAppender, runtimeTypeForValue(importArgument)))); >+ return JSValue::encode(throwException(exec, scope, createTypeError(exec, ASCIILiteral("second argument to WebAssembly.Instance must be undefined or an Object"), defaultSourceAppender, runtimeTypeForValue(vm, importArgument)))); > > Structure* instanceStructure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), exec->lexicalGlobalObject()->WebAssemblyInstanceStructure()); > RETURN_IF_EXCEPTION(scope, { }); >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp b/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp >index be1b42b227b8d53d78cdafca43c09220528c5dc2..4c00a84fdd4c1074e9d8695a19a2a1160624188e 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp >@@ -136,7 +136,7 @@ void WebAssemblyModuleRecord::link(ExecState* exec, JSValue, JSObject* importObj > RETURN_IF_EXCEPTION(scope, void()); > // 2. If Type(o) is not Object, throw a TypeError. > if (!importModuleValue.isObject()) >- return exception(createTypeError(exec, importFailMessage(import, "import", "must be an object"), defaultSourceAppender, runtimeTypeForValue(importModuleValue))); >+ return exception(createTypeError(exec, importFailMessage(import, "import", "must be an object"), defaultSourceAppender, runtimeTypeForValue(vm, importModuleValue))); > > // 3. Let v be the value of performing Get(o, i.item_name) > JSObject* object = jsCast<JSObject*>(importModuleValue); >@@ -189,7 +189,7 @@ void WebAssemblyModuleRecord::link(ExecState* exec, JSValue, JSObject* importObj > case Wasm::ExternalKind::Function: { > // 4. If i is a function import: > // i. If IsCallable(v) is false, throw a WebAssembly.LinkError. >- if (!value.isFunction()) >+ if (!value.isFunction(vm)) > return exception(createJSWebAssemblyLinkError(exec, vm, importFailMessage(import, "import function", "must be callable"))); > > Wasm::Instance* calleeInstance = nullptr; >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.cpp b/Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.cpp >index 6b8be61ea43c7a5e05b56a9822c617b39a40a705..be55f052ed30435598b552813d9795f20491e70a 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.cpp >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.cpp >@@ -271,7 +271,7 @@ static EncodedJSValue JSC_HOST_CALL webAssemblyInstantiateFunc(ExecState* exec) > JSObject* importObject = importArgument.getObject(); > if (UNLIKELY(!importArgument.isUndefined() && !importObject)) { > promise->reject(exec, createTypeError(exec, >- ASCIILiteral("second argument to WebAssembly.instantiate must be undefined or an Object"), defaultSourceAppender, runtimeTypeForValue(importArgument))); >+ ASCIILiteral("second argument to WebAssembly.instantiate must be undefined or an Object"), defaultSourceAppender, runtimeTypeForValue(vm, importArgument))); > CLEAR_AND_RETURN_IF_EXCEPTION(catchScope, JSValue::encode(promise->promise())); > } else { > JSValue firstArgument = exec->argument(0); >@@ -340,7 +340,7 @@ EncodedJSValue JSC_HOST_CALL webAssemblyInstantiateStreamingInternal(ExecState* > JSObject* importObject = importArgument.getObject(); > if (UNLIKELY(!importArgument.isUndefined() && !importObject)) { > promise->reject(exec, createTypeError(exec, >- ASCIILiteral("second argument to WebAssembly.instantiateStreaming must be undefined or an Object"), defaultSourceAppender, runtimeTypeForValue(importArgument))); >+ ASCIILiteral("second argument to WebAssembly.instantiateStreaming must be undefined or an Object"), defaultSourceAppender, runtimeTypeForValue(vm, importArgument))); > CLEAR_AND_RETURN_IF_EXCEPTION(catchScope, JSValue::encode(promise->promise())); > } else { > if (globalObject->globalObjectMethodTable()->instantiateStreaming) { >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.cpp b/Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.cpp >index 918d579dd198d9c72b32b65e6047ca73fbeff398..36f378306be727c029531db492a8d00927291a6e 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.cpp >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.cpp >@@ -72,7 +72,7 @@ WebAssemblyWrapperFunction* WebAssemblyWrapperFunction::create(VM& vm, JSGlobalO > void WebAssemblyWrapperFunction::finishCreation(VM& vm, NativeExecutable* executable, unsigned length, const String& name, JSObject* function, JSWebAssemblyInstance* instance) > { > Base::finishCreation(vm, executable, length, name, instance); >- RELEASE_ASSERT(JSValue(function).isFunction()); >+ RELEASE_ASSERT(JSValue(function).isFunction(vm)); > m_function.set(vm, this, function); > } > >diff --git a/Source/WebCore/Modules/plugins/QuickTimePluginReplacement.mm b/Source/WebCore/Modules/plugins/QuickTimePluginReplacement.mm >index fca6002fb5cfe109d389cc7c7fd6dd2ea2e9a7a7..7206cdcddbdb0da9e9b5466f319513b45fee3ae3 100644 >--- a/Source/WebCore/Modules/plugins/QuickTimePluginReplacement.mm >+++ b/Source/WebCore/Modules/plugins/QuickTimePluginReplacement.mm >@@ -159,7 +159,7 @@ bool QuickTimePluginReplacement::ensureReplacementScriptInjected() > JSC::ExecState* exec = globalObject->globalExec(); > > JSC::JSValue replacementFunction = globalObject->get(exec, JSC::Identifier::fromString(exec, "createPluginReplacement")); >- if (replacementFunction.isFunction()) >+ if (replacementFunction.isFunction(vm)) > return true; > > scriptController.evaluateInWorld(ScriptSourceCode(quickTimePluginReplacementScript()), world); >diff --git a/Source/WebCore/bindings/js/JSCustomElementRegistryCustom.cpp b/Source/WebCore/bindings/js/JSCustomElementRegistryCustom.cpp >index d87c6e50545af12facdfee989d518f0993c0deed..103d4768e9bf6f9a26328e38dd1c6ea877006304 100644 >--- a/Source/WebCore/bindings/js/JSCustomElementRegistryCustom.cpp >+++ b/Source/WebCore/bindings/js/JSCustomElementRegistryCustom.cpp >@@ -49,7 +49,7 @@ static JSObject* getCustomElementCallback(ExecState& state, JSObject& prototype, > RETURN_IF_EXCEPTION(scope, nullptr); > if (callback.isUndefined()) > return nullptr; >- if (!callback.isFunction()) { >+ if (!callback.isFunction(vm)) { > throwTypeError(&state, scope, ASCIILiteral("A custom element callback must be a function")); > return nullptr; > } >diff --git a/Source/WebCore/bindings/js/JSDOMConvertCallbacks.h b/Source/WebCore/bindings/js/JSDOMConvertCallbacks.h >index 570e84ca66f7443a4eedc091fcb16645f33c4724..6cdc79399dbbf693ee43850dd0e69b9ad3ba2053 100644 >--- a/Source/WebCore/bindings/js/JSDOMConvertCallbacks.h >+++ b/Source/WebCore/bindings/js/JSDOMConvertCallbacks.h >@@ -40,7 +40,7 @@ template<typename T> struct Converter<IDLCallbackFunction<T>> : DefaultConverter > JSC::VM& vm = state.vm(); > auto scope = DECLARE_THROW_SCOPE(vm); > >- if (!value.isFunction()) { >+ if (!value.isFunction(vm)) { > exceptionThrower(state, scope); > return nullptr; > } >diff --git a/Source/WebCore/bindings/js/JSDOMPromise.cpp b/Source/WebCore/bindings/js/JSDOMPromise.cpp >index 928b3e1500a85992b29d742a67004bdb73f07f0b..979fa5c720f18687166d86e852c3b48da29e79c7 100644 >--- a/Source/WebCore/bindings/js/JSDOMPromise.cpp >+++ b/Source/WebCore/bindings/js/JSDOMPromise.cpp >@@ -64,7 +64,7 @@ void DOMPromise::whenSettled(std::function<void()>&& callback) > const JSC::Identifier& privateName = vm.propertyNames->builtinNames().thenPrivateName(); > auto* promise = this->promise(); > auto thenFunction = promise->get(&state, privateName); >- ASSERT(thenFunction.isFunction()); >+ ASSERT(thenFunction.isFunction(vm)); > > JSC::MarkedArgumentBuffer arguments; > arguments.append(handler); >diff --git a/Source/WebCore/bindings/js/ReadableStream.cpp b/Source/WebCore/bindings/js/ReadableStream.cpp >index 446aab5496805012503f0ba4c1009c6b2e148670..5d6186b6a9fbc88c51a528a8d57477512c1c9193 100644 >--- a/Source/WebCore/bindings/js/ReadableStream.cpp >+++ b/Source/WebCore/bindings/js/ReadableStream.cpp >@@ -79,7 +79,7 @@ void ReadableStream::pipeTo(ReadableStreamSink& sink) > const Identifier& privateName = clientData->builtinFunctions().readableStreamInternalsBuiltins().readableStreamPipeToPrivateName(); > > auto readableStreamPipeTo = m_globalObject->get(&state, privateName); >- ASSERT(readableStreamPipeTo.isFunction()); >+ ASSERT(readableStreamPipeTo.isFunction(state.vm())); > > MarkedArgumentBuffer arguments; > arguments.append(readableStream()); >@@ -95,7 +95,7 @@ std::pair<Ref<ReadableStream>, Ref<ReadableStream>> ReadableStream::tee() > const Identifier& privateName = clientData->builtinFunctions().readableStreamInternalsBuiltins().readableStreamTeePrivateName(); > > auto readableStreamTee = m_globalObject->get(&state, privateName); >- ASSERT(readableStreamTee.isFunction()); >+ ASSERT(readableStreamTee.isFunction(state.vm())); > > MarkedArgumentBuffer arguments; > arguments.append(readableStream()); >diff --git a/Source/WebCore/bindings/js/ReadableStreamDefaultController.cpp b/Source/WebCore/bindings/js/ReadableStreamDefaultController.cpp >index ca968015d8f8a4ad2308ee04629dec09f1baf55c..572ef567011912148531e508277c64e1922845e9 100644 >--- a/Source/WebCore/bindings/js/ReadableStreamDefaultController.cpp >+++ b/Source/WebCore/bindings/js/ReadableStreamDefaultController.cpp >@@ -57,7 +57,7 @@ JSC::JSValue ReadableStreamDefaultController::invoke(JSC::ExecState& state, JSC: > auto function = object.get(&state, JSC::Identifier::fromString(&state, propertyName)); > RETURN_IF_EXCEPTION(scope, JSC::JSValue()); > >- if (!function.isFunction()) { >+ if (!function.isFunction(vm)) { > if (!function.isUndefined()) > throwTypeError(&state, scope, ASCIILiteral("ReadableStream trying to call a property that is not callable")); > return JSC::jsUndefined(); >diff --git a/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm b/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm >index b69c6dc9cbc8a5eb5cc9b2c7a2e8559ff1e216c5..7e4b87c5207b9fb1dceb9668fed0f1228642f626 100644 >--- a/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm >+++ b/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm >@@ -3419,7 +3419,7 @@ sub GenerateOverloadDispatcher > &$generateOverloadCallIfNecessary($overload, "distinguishingArg.isObject() && asObject(distinguishingArg)->type() == ErrorInstanceType"); > > $overload = GetOverloadThatMatches($S, $d, \&$isObjectOrCallbackFunctionParameter); >- &$generateOverloadCallIfNecessary($overload, "distinguishingArg.isFunction()"); >+ &$generateOverloadCallIfNecessary($overload, "distinguishingArg.isFunction(vm)"); > > # FIXME: Avoid invoking GetMethod(object, Symbol.iterator) again in convert<IDLSequence<T>>(...). > $overload = GetOverloadThatMatches($S, $d, \&$isSequenceOrFrozenArrayParameter); >diff --git a/Source/WebCore/html/HTMLMediaElement.cpp b/Source/WebCore/html/HTMLMediaElement.cpp >index 96cf8b9b14a0e91fb480e2ce303d3682c03efa2b..237cec79930f4ff4675b9870dd2079e8b3770fb3 100644 >--- a/Source/WebCore/html/HTMLMediaElement.cpp >+++ b/Source/WebCore/html/HTMLMediaElement.cpp >@@ -7083,7 +7083,7 @@ bool HTMLMediaElement::ensureMediaControlsInjectedScript() > JSC::ExecState* exec = globalObject->globalExec(); > > JSC::JSValue functionValue = globalObject->get(exec, JSC::Identifier::fromString(exec, "createControls")); >- if (functionValue.isFunction()) >+ if (functionValue.isFunction(vm)) > return true; > > #ifndef NDEBUG >diff --git a/Source/WebCore/testing/Internals.cpp b/Source/WebCore/testing/Internals.cpp >index 81a4009533f9cdf19b263f862513ba82b9335b40..c01f04546297d6a6710b6cf3d5f6560b5c06b94b 100644 >--- a/Source/WebCore/testing/Internals.cpp >+++ b/Source/WebCore/testing/Internals.cpp >@@ -2041,7 +2041,7 @@ String Internals::parserMetaData(JSC::JSValue code) > exec->iterate(iter); > CodeBlock* codeBlock = iter.codeBlock(); > executable = codeBlock->ownerScriptExecutable(); >- } else if (code.isFunction()) { >+ } else if (code.isFunction(vm)) { > JSFunction* funcObj = JSC::jsCast<JSFunction*>(code.toObject(exec)); > executable = funcObj->jsExecutable(); > } else >@@ -4012,7 +4012,7 @@ JSValue Internals::cloneArrayBuffer(JSC::ExecState& state, JSValue buffer, JSVal > PropertySlot propertySlot(value, PropertySlot::InternalMethodType::Get); > globalObject->methodTable(vm)->getOwnPropertySlot(globalObject, &state, privateName, propertySlot); > value = propertySlot.getValue(&state, privateName); >- ASSERT(value.isFunction()); >+ ASSERT(value.isFunction(vm)); > > JSObject* function = value.getObject(); > CallData callData;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=340323">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 185601
:
340290
|
340291
|
340292
|
340294
|
340295
|
340323
|
340329
|
340331
|
340333
|
340393